Governance, Risk and Compliance Analyst

Summary

Join Coupa's growing team as a Senior Technical Audit & Controls Analyst and contribute to managing over 30 product audits, including SOC 2, PCI, and ISO 27001. This key role focuses on technical control testing in cloud-native environments (AWS, Azure), IAM, and Cloud Operations. Collaborate with engineering, security, DevOps, and audit teams to evaluate control effectiveness, support remediation, and drive audit readiness. Lead the design and testing of technical and operational controls across multiple compliance frameworks. Develop and maintain control testing scripts and walkthroughs. Conduct gap assessments, document findings, and recommend mitigation strategies. Automate audit evidence collection and maintain a standardized control library. Coupa offers a collaborative culture, pioneering technology, and the opportunity to make a global impact.

Requirements

• 5+ years of experience in technical audit, cloud security, IT risk management, or compliance
• Hands-on expertise with cloud service providers (AWS, Azure), particularly in IAM and Cloud Operations
• Strong understanding of PCI DSS, with direct experience supporting technical aspects of PCI audits
• Familiarity with DevSecOps practices, CI/CD workflows, and the secure software development lifecycle (SSDLC)
• Deep knowledge of key control domains: access control & IAM, logging & monitoring, system hardening, and vulnerability management
• Skilled at translating complex technical controls into clear audit documentation and actionable evidence, with strong cross-functional communication abilities

Responsibilities

• Lead the design and effectiveness testing of technical and operational controls across multiple compliance frameworks (e.g., SOC 2, PCI DSS, ISO 27001/27701/42001, SWIFT, TISAX, C5 or UK Cyber Essentials)
• Develop, execute, and maintain control testing scripts and walkthroughs to validate configurations, access controls, and cloud-native security mechanisms
• Conduct gap assessments against regulatory and industry standards, document findings, and recommend mitigation strategies
• Evaluate technical controls across IAM, cloud operations, CI/CD, IaC, container security, and vulnerability management to ensure compliance alignment
• Collaborate with control owners across Engineering, IAM, IT, Cloud Operations, and Security to map, validate, and optimize control implementations
• Automate audit evidence collection using scripts, APIs, and tools; maintain a standardized control library and audit-ready documentation for assurance activities