Senior Security & Compliance Analyst
Remote, United States /
G&A – Legal /
Coupa Software (NASDAQ: COUP), a leader in business spend management (BSM), has been certified as a “Great Place to Work” by the Great Place to Work organization. We deliver “Value as a Service” by helping our customers maximize their spend under management, achieve significant cost savings and drive profitability. Coupa provides a unified, cloud-based spend management platform that connects hundreds of organizations representing the Americas, EMEA, and APAC with millions of suppliers globally. The Coupa platform provides greater visibility into and control over how companies spend money. Customers – small, medium and large – have used the Coupa platform to bring billions of dollars in cumulative spend under management. Learn more at www.coupa.com. Read more on the Coupa Blog or follow @Coupa on Twitter.
Do you want to work for Coupa Software, the world's leading provider of cloud-based spend management solutions? We’re a company that had a successful IPO in October 2016 (NASDAQ: COUP) to fuel our innovation and growth. At Coupa, we’re building a great company that is laser focused on three core values:
1. Ensure Customer Success – Obsessive and unwavering commitment to making customers successful.
2. Focus On Results – Relentless focus on delivering results through innovation and a bias for action.
3. Strive For Excellence – Commitment to a collaborative environment infused with professionalism, integrity, passion, and accountability.
The security & compliance analyst assists in the management of security control, system and organization compliance. Responsibilities include: assisting with managing the controls, working directly with auditors and internal teams, and providing guidance to ensure compliance with regulatory requirements. This position involves controls documentation, implementation and audit. The position also provides business analysis and recommendations to implement operational controls that ensure quality and secure business-driven solutions through the efficient use of processes, resources and technology.
What You’ll Do:
- Assists team with enterprise audits and implementation of various controls to meet our compliance program requirements. Compliance programs include: FedRAMP, ISO 27001, SOX, PCI, HIPAA, CCPA, SOC 2 Type 2, EU GDPR, ITAR, etc.
- Performs control reviews, and gap assessments for new products and mergers & acquisitions for inclusion into the GRC Program and audit scope.
- Conducts periodic control reviews and works with control and process owners to determine control effectiveness, document control implementation, and identify evidence requirements. All control reviews will be combined into a management report containing issues, proposed recommendations and remediation timelines. Risks and control weaknesses will be documented and tracked to resolution.
- Work cross-functionally with internal Security, Operations, Product and Legal on planning and implementing company specific security controls, processes, and programs to meet compliance requirements.
- Subject matter expert (SME) for assigned control families and assists GRC team and auditors during audits & assessments. Assigned GRC SMEs become the lead for their control families and evaluate controls across all programs and products, ensuring compliance across all frameworks.
- SMEs will also communicate requirements changes to control owners and facilitate control evaluations and changes.
- Manage evidence and artifact requirements, collection, and communication with stakeholders.
- Support control mapping to common controls and audit artifact requirements.
- Stays abreast of regulatory environments and ensures corporate compliance initiatives are evolving to meet the needs of the customer base.
- Drives continuous improvement around security, compliance and risk governance.
- Responsible for reporting key operational metrics and management reports.
- Coordinate and participate in various special projects.
- Minimum 5 years’ experience in a regulatory environment, IT security/compliance field or similar environment.
- Experience with the ISO 27001, PCI, NIST and/or SOX.
- Prior experience with compliance auditing, internal audits, and/or documentation in support of audits.
- Experience working with GRC programs preferred.
- Previous cloud compliance and audit experience preferred.
- Bachelor’s degree in related field or equivalent experience preferred.
- Excellent communication skills (research, writing and verbal).
- Technical writing experience must include policies, procedures and guidelines.
- Project management experience is preferred.
- Experience analyzing business processes and putting together process flow, and recommending process changes and efficiencies.
- Ability to interact with management and staff in a fast paced team environment.
- Self-starter and motivator; ability to work with minimum supervision.
- This job description is not an exhaustive list of all duties, responsibilities or qualifications associated with this job.
At Coupa, we have a strong and innovative team dedicated to improving the spend management processes of today’s dynamic businesses. It’s our people who make it happen, and we strive to attract and retain the best in every discipline.
We take care of our employees every way we can, with competitive compensation packages, as well as restricted stock units, an Employee Stock Purchase Program (ESPP), comprehensive health benefits for employees and their families, a 401(k) match, a flexible work environment, no limit vacations for exempt employees, non-exempt employees are on an accrual basis for PTO, catered lunches…And much more!
As part of our dedication to the diversity of our workforce, Coupa is committed to Equal Employment Opportunity without regard for race, ethnicity, gender, protected veteran status, disability, sexual orientation, gender identity or religion.
Please be advised, inquiries or resumes from recruiters will not be accepted.