Coupa drives margin growth through its community-powered AI and leading total spend management platform for organizations of all sizes. Coupa AI is fueled by trillions of dollars in global spend data from a network of over 10 million buyers and suppliers. We equip you with the tools to forecast, guide, and automate smarter and more profitable decisions that strengthen operating margins.

Why join Coupa?

🔹 Cutting-Edge Technology: We are innovators, using advanced technologies to help customers gain greater efficiency and visibility into their spend.
🔹 Collaborative Culture: Our team-first environment is built on transparency, openness, and a shared pursuit of excellence.
🔹 Global Reach: Your work will have a measurable impact on our customers, our business, and your colleagues worldwide.

Explore more on the Life at Coupa blog to hear directly from employees about their experiences.

Impact of a Payment Security & Compliance Program Manager at Coupa:

We are looking for a highly technical and detail-focused Payment Security & Compliance Program Manager to oversee compliance and governance for payment-related frameworks, including PCI DSS, SWIFT CSCF, and other payment assurance requirements. This role is responsible for defining scope, ensuring readiness, maintaining documentation, tracking control implementation, and sustaining continuous compliance across all environments that process payment data or connect to SWIFT systems.

As the main owner of Coupa’s payment security compliance programs, you will collaborate closely with Engineering, Cloud Operations, IAM, Product Security, and GRC teams to ensure controls are implemented correctly, evidence is audit-ready, and all payment environments remain secure and mature.

This is a hands-on, highly technical position requiring strong knowledge of cloud infrastructure, logging and monitoring, IAM, segmentation, encryption, CI/CD pipelines, and secure operations.

What You’ll Do:

• Lead and manage PCI DSS and SWIFT CSCF programs end-to-end, including scope management, control applicability, compensating controls, documentation, and yearly assessment readiness.
• Operate continuous compliance processes and evidence management, maintaining an audit-ready evidence library in the GRC platform with structured refresh cycles.
• Provide governance on scoping, segmentation, and architecture by partnering with Engineering and Cloud Ops to review CDE boundaries, trust zones, and architectural changes, ensuring required controls are applied.
• Monitor and verify technical security controls spanning IAM, encryption, segmentation, logging/monitoring, vulnerability management, and incident response; maintain monitoring logs and drive hardening efforts.
• Lead internal audit support and remediation oversight, work with QSA/CSCF assessors, prepare audit samples, manage walkthroughs, and ensure timely, validated remediation.
• Maintain system-of-record documentation and readiness for evolving standards, ensuring PCI/SWIFT artifacts meet regulatory needs and analyzing impacts of framework updates.

What You Will Bring:

• 5–8+ years of experience in security compliance, cloud security, technical auditing, or payment security programs.
• Strong expertise in PCI DSS (ideally v4.0) with hands-on experience in QSA-led assessments; experience with SWIFT CSCF or similar financial security frameworks is highly preferred.
• Solid technical knowledge of cloud platforms (AWS/Azure), IAM, encryption, logging/monitoring, network segmentation, and CI/CD pipelines.
• Proven ability to work effectively with engineering, cloud operations, SRE, and security engineering teams on implementing and validating controls.
• Excellent documentation skills, governance discipline, and the ability to drive cross-team remediation while maintaining ongoing compliance.
• Experience with GRC tools such as TrustCloud, Archer, ServiceNow, or similar platforms.

The estimated salary range for this role is $83,000 to $108,000.

The selected candidate’s starting pay will depend on lawful factors such as experience, skills, and location.

Coupa complies with applicable equal opportunity laws and fosters an inclusive, welcoming workplace. All decisions regarding hiring, compensation, development, and performance evaluation are made fairly, and we provide equal opportunities to all qualified individuals.

Recruiter inquiries or submissions will not be considered.

By applying, you confirm that you have reviewed Coupa’s Privacy Policy and understand that your application, including personal data, will be collected and processed for recruitment purposes, potential employment, and future job notifications if not selected. The Privacy Policy provides full details on processing, purposes, and retention.