IT Security, Risk, and Compliance Auditor

Coupa makes margins multiply through its community-generated AI and industry-leading total spend management platform for businesses large and small. Coupa AI is informed by trillions of dollars of direct and indirect spend data across a global network of 10M+ buyers and suppliers. We empower you with the ability to predict, prescribe, and automate smarter, more profitable business decisions to improve operating margins.

Why join Coupa?

🔹 Pioneering Technology: At Coupa, we're at the forefront of innovation, leveraging the latest technology to empower our customers with greater efficiency and visibility in their spend.

🔹 Collaborative Culture: We value collaboration and teamwork, and our culture is driven by transparency, openness, and a shared commitment to excellence.

🔹 Global Impact: Join a company where your work has a global, measurable impact on our clients, the business, and each other. 

The Impact of a IT Security, Risk, and Compliance Auditor to Coupa: 

The IT Security, Risk, and Compliance Auditor is responsible for assessing the organization’s technical controls, risk posture, and compliance with regulatory standards and frameworks. This role focuses on performing audits, identifying control gaps, and recommending improvements to enhance security, mitigate risks, and ensure regulatory compliance. The auditor will work cross-functionally with IT, security, and business teams to evaluate processes, systems, and controls and drive continuous improvements.

The ideal candidate will have a strong technical background, audit experience, and expertise in security and compliance frameworks such as ISO 27001, SOC 2, PCI DSS, HIPAA, SWIFT, TISAX, C5, PIMS, NIST CSF, and other applicable standards.

What You’ll Do:

• Technical Security Auditing
• Perform audits of technical security controls, processes, and systems to assess their effectiveness and alignment with organizational policies and regulatory requirements.
• Evaluate the design and implementation of technical controls such as encryption, access management, vulnerability management, secure configurations, and logging/monitoring systems.
• Test compliance with security policies and technical standards across systems, cloud environments, and applications.
• Risk and Compliance Assessments
• Conduct risk-based audits to identify control weaknesses, security risks, and areas of non-compliance.
• Perform control testing to validate the effectiveness of implemented risk mitigation measures.
• Assess the organization’s compliance with regulatory frameworks (e.g., ISO 27001, SOC 2, PCI DSS, GDPR, HIPAA, FedRAMP).
• Audit and Evidence Support
• Prepare, gather, and validate audit evidence to support internal and external compliance reviews.
• Document audit findings, observations, and recommendations in audit reports for stakeholders.
• Track and validate the remediation of identified audit findings, ensuring timely closure of issues.
• Collaboration and Advisory
• Partner with IT, security, and business teams to communicate audit results and provide recommendations for improving technical controls and compliance posture.
• Serve as an advisor to teams on technical compliance requirements, risks, and security control design.
• Collaborate with GRC and risk management teams to align audits with enterprise risk priorities and goals.
• Documentation and Reporting
• Develop detailed audit reports with actionable recommendations for control enhancements and risk mitigation.
• Maintain comprehensive audit documentation, including control testing evidence, risk findings, and remediation plans.
• Create dashboards and metrics to report on audit progress, control performance, and compliance status.
• Day-to-Day Responsibilities
• Audit Planning and Execution
• Plan and scope technical security, risk, and compliance audits.
• Conduct control testing and technical assessments of IT systems, infrastructure, and processes.
• Identify control gaps, risks, and areas of non-compliance through testing and analysis.
• Reporting and Follow-Up
• Document audit findings, prepare reports, and provide recommendations for remediation.
• Track remediation efforts and validate the effectiveness of corrective actions.
• Evidence Collection and Documentation
• Assist in preparing and gathering evidence for audits (internal, external, or customer-driven).
• Maintain audit documentation in an organized, accessible format for future reviews.
• Risk and Compliance Assessments
• Conduct risk assessments and control reviews in line with organizational priorities and regulatory requirements.
• Support initiatives to enhance compliance with ISO 27001, SOC 2, HIPAA, and other frameworks.
• Collaboration and Advisory
• Work with IT and security teams to identify improvements in control design and implementation.
• Serve as a subject matter expert on technical compliance requirements and industry best practices.




Key Performance Metrics

• Timeliness and completeness of audit reports and evidence submissions.
• Reduction in unresolved or repeat audit findings.
• Accuracy and effectiveness of control testing and recommendations.
• Compliance with regulatory requirements and internal security standards.
• Timely validation and closure of audit remediation efforts.

What you will bring to Coupa:

• Required Qualifications
• Education: Bachelor’s degree in Information Technology, Cybersecurity, or a related field. Equivalent experience may be considered.
• Experience:
• 3+ years of experience in technical security, IT auditing, or compliance roles.
• Hands-on experience performing audits or assessments for technical controls, systems, and applications.
• Familiarity with frameworks such as ISO 27001, SOC 2, PCI DSS, NIST CSF, HIPAA, or FedRAMP.
• Certifications: Preferred certifications include CISA, CISSP, CRISC, CISM, ISO 27001 Lead Auditor, or equivalent.

Skills and Competencies

• Technical Expertise: Strong understanding of IT systems, cloud environments, security controls, and technical compliance requirements.
• Audit and Compliance: Ability to perform control testing, technical risk assessments, and compliance audits.
• Risk Analysis: Strong ability to identify, assess, and communicate security risks and control weaknesses.
• Communication: Excellent written and verbal communication skills for audit reporting and stakeholder engagement.
• Problem-Solving: Analytical mindset with the ability to provide practical and actionable recommendations.
• Tools Proficiency: Experience with audit tools, GRC platforms, and IT security technologies (e.g., vulnerability scanners, SIEM).
• Organization: Exceptional attention to detail with the ability to manage multiple audits and priorities.

At Coupa, we celebrate diversity and recognize its value to our customers and employees. Coupa is proud to be an equal-opportunity workplace and affirmative-action employer. All qualified applicants will receive consideration for employment regardless of age, race, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or any other applicable status protected by state or local law. 

Please be advised that inquiries or resumes from recruiters will not be accepted.

By submitting your application, you acknowledge that you have read Coupa’s Privacy Policy and understand that Coupa receives/collects your application, including your personal data, for the purposes of managing Coupa's ongoing recruitment and placement activities, including for employment purposes in the event of a successful application and for notification of future job opportunities if you did not succeed the first time. You will find more details about how your application is processed, the purposes of processing, and how long we retain your application in our Privacy Policy.