United States onlyCoupa makes margins multiply through its community-generated AI and industry-leading total spend management platform for businesses large and small. Coupa AI is informed by trillions of dollars of direct and indirect spend data across a global network of 10M+ buyers and suppliers. We empower you with the ability to predict, prescribe, and automate smarter, more profitable business decisions to improve operating margins.
Why join Coupa?
🔹 Pioneering Technology: At Coupa, we're at the forefront of innovation, leveraging the latest technology to empower our customers with greater efficiency and visibility in their spend.
🔹 Collaborative Culture: We value collaboration and teamwork, and our culture is driven by transparency, openness, and a shared commitment to excellence.
🔹 Global Impact: Join a company where your work has a global, measurable impact on our clients, the business, and each other.
Learn more on Life at Coupa blog and hear from our employees about their experiences working at Coupa.
The Impact of a Payment Security & Compliance Program Manager at Coupa:
We are seeking a highly technical and detail-oriented Payment Security & Compliance Program Manager to lead compliance and governance across our payment-related frameworks, including PCI DSS, SWIFT CSCF, and other payment assurance obligations. This role owns the scoping, readiness, documentation, control implementation tracking, and continuous compliance posture of all environments handling payment data and SWIFT-connected systems.
As the primary owner of Coupa’s payment security compliance programs, you will partner closely with Engineering, Cloud Operations, IAM, Product Security, and GRC teams to ensure technical controls are implemented properly, evidence is audit-ready, and all payment environments maintain a continuously mature and secure posture.
This is a hands-on and highly technical role requiring a deep understanding of cloud infrastructure, logging and monitoring, IAM, segmentation, encryption, CI/CD, and secure operations.
What You'll Do:
- Own and manage end-to-end PCI DSS and SWIFT CSCF programs, including scope maintenance, control applicability, compensating controls, authoritative documentation, and annual assessment readiness.
- Operate continuous compliance and evidence management, maintaining a validated, audit-ready evidence library in our GRC Platform with structured refresh cadences for all PCI/SWIFT controls.
- Provide scoping, segmentation, and architecture governance by partnering with Engineering and Cloud Ops to review CDE boundaries, trust zones, architectural changes, and enforce required technical controls.
- Monitor and validate technical security controls across IAM, encryption, segmentation, logging/monitoring, vulnerability management, and incident response; maintain control monitoring logs and drive hardening improvements.
- Lead internal-facing audit support and remediation governance, partnering with QSA/CSCF assessors, preparing audit populations, managing walkthroughs, and driving remediation tracking, prioritization, and validated closure.
- Maintain system-of-record documentation and emerging standards readiness, ensuring PCI/SWIFT artifacts meet regulatory expectations while monitoring framework updates, leading impact analyses, and planning for new requirements.
What You Will Bring to Coupa:
- 5–8+ years of experience in security compliance, cloud security, technical audit, or payment security programs.
- Deep expertise in PCI DSS (ideally PCI DSS v4.0) with hands-on experience supporting or preparing for QSA-led assessments; SWIFT CSCF or other high-security financial frameworks strongly preferred.
- Strong technical understanding of cloud platforms (AWS/Azure), IAM, encryption, logging/monitoring, network segmentation, and CI/CD pipelines.
- Proven success collaborating with engineering, cloud operations, SRE, and security engineering teams on control implementation and validation.
- Excellent documentation, governance, and process discipline, with the ability to drive multi-team remediation and maintain ongoing compliance rigor.
- Experience with GRC platforms such as TrustCloud, Archer, ServiceNow, or comparable tooling.
The estimated pay range for this role is $83,000 - 108,000
The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location within the state.
Coupa complies with relevant laws and regulations regarding equal opportunity and offers a welcoming and inclusive work environment. Decisions related to hiring, compensation, training, or evaluating performance are made fairly, and we provide equal employment opportunities to all qualified candidates and employees.
Please be advised that inquiries or resumes from recruiters will not be accepted.
By submitting your application, you acknowledge that you have read Coupa’s Privacy Policy and understand that Coupa receives/collects your application, including your personal data, for the purposes of managing Coupa's ongoing recruitment and placement activities, including for employment purposes in the event of a successful application and for notification of future job opportunities if you did not succeed the first time. You will find more details about how your application is processed, the purposes of processing, and how long we retain your application in our Privacy Policy.
Poland only
Colombia only
Croatia only
United Kingdom only
