Payment Security & Compliance Program Manager

Job not on LinkedIn

November 24

Apply Now

Receive Emails with Similar Jobs

Coupa Software

WebsiteLinkedInAll Job Openings

SaaS • Finance • eCommerce

Coupa Software is a leading provider of business spend management solutions. Their platform focuses on optimizing and transforming direct and indirect spend across procurement, finance, supply chain, and IT. Coupa leverages AI and extensive data insights to drive cost efficiencies, manage supplier relationships, and mitigate risks. With products covering areas such as invoicing, payments, expense management, and supply chain collaboration, Coupa serves a wide range of industries including automotive, healthcare, retail, and more. Their comprehensive community and partner ecosystem enable organizations to unlock hidden savings and improve compliance, promoting growth and resilience in a changing economic climate.

1001 - 5000 employees

Founded 2006

☁️ SaaS

💸 Finance

🛍️ eCommerce

📋 Description

• Own and manage end-to-end PCI DSS and SWIFT CSCF programs, including scope maintenance, control applicability, compensating controls, authoritative documentation, and annual assessment readiness. • Operate continuous compliance and evidence management, maintaining a validated, audit-ready evidence library in our GRC Platform with structured refresh cadences for all PCI/SWIFT controls. • Provide scoping, segmentation, and architecture governance by partnering with Engineering and Cloud Ops to review CDE boundaries, trust zones, architectural changes, and enforce required technical controls. • Monitor and validate technical security controls across IAM, encryption, segmentation, logging/monitoring, vulnerability management, and incident response; maintain control monitoring logs and drive hardening improvements. • Lead internal-facing audit support and remediation governance, partnering with QSA/CSCF assessors, preparing audit populations, managing walkthroughs, and driving remediation tracking, prioritization, and validated closure. • Maintain system-of-record documentation and emerging standards readiness, ensuring PCI/SWIFT artifacts meet regulatory expectations while monitoring framework updates, leading impact analyses, and planning for new requirements.

🎯 Requirements

• 5–8+ years of experience in security compliance, cloud security, technical audit, or payment security programs. • Deep expertise in PCI DSS (ideally PCI DSS v4.0) with hands-on experience supporting or preparing for QSA-led assessments; SWIFT CSCF or other high-security financial frameworks strongly preferred. • Strong technical understanding of cloud platforms (AWS/Azure), IAM, encryption, logging/monitoring, network segmentation, and CI/CD pipelines. • Proven success collaborating with engineering, cloud operations, SRE, and security engineering teams on control implementation and validation. • Excellent documentation, governance, and process discipline, with the ability to drive multi-team remediation and maintain ongoing compliance rigor. • Experience with GRC platforms such as TrustCloud, Archer, ServiceNow, or comparable tooling.

🏖️ Benefits

• Health insurance •401(k) matching • Flexible work hours • Paid time off • Professional development opportunities