The Payment Security & Compliance Program Manager leads compliance and governance for payment frameworks, ensuring continuous compliance and technical control validation while collaborating with engineering and security teams.
Coupa makes margins multiply through its community-generated AI and industry-leading total spend management platform for businesses large and small. Coupa AI is informed by trillions of dollars of direct and indirect spend data across a global network of 10M+ buyers and suppliers. We empower you with the ability to predict, prescribe, and automate smarter, more profitable business decisions to improve operating margins.
Why join Coupa?
🔹 Pioneering Technology: At Coupa, we're at the forefront of innovation, leveraging the latest technology to empower our customers with greater efficiency and visibility in their spend.
🔹 Collaborative Culture: We value collaboration and teamwork, and our culture is driven by transparency, openness, and a shared commitment to excellence.
🔹 Global Impact: Join a company where your work has a global, measurable impact on our clients, the business, and each other.
Learn more on Life at Coupa blog and hear from our employees about their experiences working at Coupa.
The Impact of a Payment Security & Compliance Program Manager at Coupa:
We are seeking a highly technical and detail-oriented Payment Security & Compliance Program Manager to lead compliance and governance across our payment-related frameworks, including PCI DSS, SWIFT CSCF, and other payment assurance obligations. This role owns the scoping, readiness, documentation, control implementation tracking, and continuous compliance posture of all environments handling payment data and SWIFT-connected systems.
As the primary owner of Coupa’s payment security compliance programs, you will partner closely with Engineering, Cloud Operations, IAM, Product Security, and GRC teams to ensure technical controls are implemented properly, evidence is audit-ready, and all payment environments maintain a continuously mature and secure posture.
This is a hands-on and highly technical role requiring a deep understanding of cloud infrastructure, logging and monitoring, IAM, segmentation, encryption, CI/CD, and secure operations.
What You'll Do:
- Own and manage end-to-end PCI DSS and SWIFT CSCF programs, including scope maintenance, control applicability, compensating controls, authoritative documentation, and annual assessment readiness.
- Operate continuous compliance and evidence management, maintaining a validated, audit-ready evidence library in our GRC Platform with structured refresh cadences for all PCI/SWIFT controls.
- Provide scoping, segmentation, and architecture governance by partnering with Engineering and Cloud Ops to review CDE boundaries, trust zones, architectural changes, and enforce required technical controls.
- Monitor and validate technical security controls across IAM, encryption, segmentation, logging/monitoring, vulnerability management, and incident response; maintain control monitoring logs and drive hardening improvements.
- Lead internal-facing audit support and remediation governance, partnering with QSA/CSCF assessors, preparing audit populations, managing walkthroughs, and driving remediation tracking, prioritization, and validated closure.
- Maintain system-of-record documentation and emerging standards readiness, ensuring PCI/SWIFT artifacts meet regulatory expectations while monitoring framework updates, leading impact analyses, and planning for new requirements.
What You Will Bring to Coupa:
- 5–8+ years of experience in security compliance, cloud security, technical audit, or payment security programs.
- Deep expertise in PCI DSS (ideally PCI DSS v4.0) with hands-on experience supporting or preparing for QSA-led assessments; SWIFT CSCF or other high-security financial frameworks strongly preferred.
- Strong technical understanding of cloud platforms (AWS/Azure), IAM, encryption, logging/monitoring, network segmentation, and CI/CD pipelines.
- Proven success collaborating with engineering, cloud operations, SRE, and security engineering teams on control implementation and validation.
- Excellent documentation, governance, and process discipline, with the ability to drive multi-team remediation and maintain ongoing compliance rigor.
- Experience with GRC platforms such as TrustCloud, Archer, ServiceNow, or comparable tooling.
The estimated pay range for this role is $83,000 - 108,000
The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location within the state.
Coupa complies with relevant laws and regulations regarding equal opportunity and offers a welcoming and inclusive work environment. Decisions related to hiring, compensation, training, or evaluating performance are made fairly, and we provide equal employment opportunities to all qualified candidates and employees.
Please be advised that inquiries or resumes from recruiters will not be accepted.
By submitting your application, you acknowledge that you have read Coupa’s Privacy Policy and understand that Coupa receives/collects your application, including your personal data, for the purposes of managing Coupa's ongoing recruitment and placement activities, including for employment purposes in the event of a successful application and for notification of future job opportunities if you did not succeed the first time. You will find more details about how your application is processed, the purposes of processing, and how long we retain your application in our Privacy Policy.
Top Skills
Archer
AWS
Azure
Grc Platforms
Pci Dss
Servicenow
Swift Cscf
Trustcloud
Similar Jobs at Coupa
Artificial Intelligence • Fintech • Information Technology • Logistics • Payments • Business Intelligence • Generative AI
The Global Vice President of Strategic Engagements leads a customer-facing team to drive transformation initiatives, defines value methodologies, engages with C-suite executives, and builds a high-performing global team.
Top Skills:
Business Spend Management (Bsm)
Artificial Intelligence • Fintech • Information Technology • Logistics • Payments • Business Intelligence • Generative AI
The Customer Solution Partner Director will drive sales through collaboration, managing service engagements, and developing tailored solutions for clients, focusing on delivering value and improving customer satisfaction.
Top Skills:
ExcelOpenairSalesforceWord
Artificial Intelligence • Fintech • Information Technology • Logistics • Payments • Business Intelligence • Generative AI
As a Senior Technical Architect (Pre-Sales), you will engage with enterprise-level accounts to articulate Coupa's platform, address technical objections, and act as a technical expert in customer interactions, enhancing understanding and trust in the platform's capabilities.
Top Skills:
AICloud TechnologiesD365NetSuiteOracleSAP
What you need to know about the Colorado Tech Scene
With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
