Sr. Assurance & Compliance Analyst - 10978

Coupa makes margins multiply through its community-generated AI and industry-leading total spend management platform for businesses large and small. Coupa AI is informed by trillions of dollars of direct and indirect spend data across a global network of 10M+ buyers and suppliers. We empower you with the ability to predict, prescribe, and automate smarter, more profitable business decisions to improve operating margins. Why join Coupa? 🔹 Pioneering Technology: At Coupa, we're at the forefront of innovation, leveraging the latest technology to empower our customers with greater efficiency and visibility in their spend. 🔹 Collaborative Culture: We value collaboration and teamwork, and our culture is driven by transparency, openness, and a shared commitment to excellence. 🔹 Global Impact: Join a company where your work has a global, measurable impact on our clients, the business, and each other.  Learn more on Life at Coupa blog and hear from our employees about their experiences working at Coupa.  The Impact of a Sr. Assurance & Compliance Analyst at Coupa: We are seeking a highly skilled Customer Assurance & Compliance Program Manager to lead the internal execution, governance, and continuous readiness of our external assurance frameworks, including SOC 1, SOC 2, HIPAA, TISAX, and C5. This role owns the certification lifecycle, evidence management cadence, remediation governance, and the process maturity of our GRC systems used to support assurance programs. This is a strategic, non-customer-facing role that ensures our controls, documentation, and assurance evidence remain current, accurate, and audit-ready throughout the year. The ideal candidate combines expertise in security, risk, and compliance frameworks with strong program management, operational rigor, and the ability to coordinate across engineering, IT, security, and GRC functions. What You'll Do:

Manage all external assurance programs (SOC 1/2, HIPAA, TISAX, C5) end-to-end, including scoping, framework mappings, control applicability, and continuous certification readiness.

Lead annual and quarterly readiness cycles and maintain a Continuous Compliance Calendar to ensure evidence, documentation, and control artifacts remain current and audit-ready.

Oversee evidence governance quality, completeness, validation, and version control across our GRC platform and internal repositories; partner with control owners to remediate gaps.

Serve as custodian of all control requirements, mappings, ownership, and updates within GRC platform while maintaining authoritative control inventories and maturity scoring.

Own remediation governance for assurance findings, including prioritization, tracking, root-cause-aligned closure evidence, and maintenance of the Corrective Action & Remediation Tracker.

Monitor regulatory and framework changes, lead gap assessments for new certifications, and ensure accuracy and currency of all external-facing assurance artifacts on the trust/assurance portal.

What You Will Bring to Coupa:

5–8+ years of experience in security compliance, audit, GRC, or assurance program management.

Direct experience supporting or owning major compliance frameworks (SOC 2, HIPAA, ISO 27001, TISAX, or similar).

Strong knowledge of security controls across cloud infrastructure, IAM, logging/monitoring, and data protection.

Proven ability to drive remediation, risk mitigation, control implementation, and audit readiness.

Familiarity with GRC platforms such as TrustCloud, Archer, ServiceNow, ZenGRC, or equivalents.

Excellent documentation, organization, and cross-functional collaboration skills, including experience coordinating external audits or internal testing cycles.