Product Security & Risk Partner – Project Manager

Coupa makes margins multiply through its community-generated AI and industry-leading total spend management platform for businesses large and small. Coupa AI is informed by trillions of dollars of direct and indirect spend data across a global network of 10M+ buyers and suppliers. We empower you with the ability to predict, prescribe, and automate smarter, more profitable business decisions to improve operating margins.

Why join Coupa?

🔹 Pioneering Technology: At Coupa, we're at the forefront of innovation, leveraging the latest technology to empower our customers with greater efficiency and visibility in their spend.

🔹 Collaborative Culture: We value collaboration and teamwork, and our culture is driven by transparency, openness, and a shared commitment to excellence.

🔹 Global Impact: Join a company where your work has a global, measurable impact on our clients, the business, and each other. 

The Impact of a Product Security & Risk Partner – Project Manager to Coupa: 

The Product Security Associate Partner is responsible for managing risk and security projects across the product lifecycle, including the remediation of security issues and risks identified due to incidents. This role works closely with product teams, engineers, and other stakeholders to ensure security and compliance requirements are met at every stage of development and deployment. By driving project planning, execution, and monitoring, the Product Security Project Manager ensures risks are identified, assessed, and addressed in alignment with organizational standards and goals.

What You’ll Do:

• Key Responsibilities

Project Management 

• Manage end-to-end security and risk projects for products throughout the product development lifecycle (PDLC). 
• Develop detailed project plans, timelines, and milestones to track the progress of security initiatives. 
• Coordinate cross-functional teams, including developers, engineers, product managers, and security teams, to ensure project success. 
• Proactively identify and mitigate project risks, ensuring timely resolution of issues and blockers. 

Risk and Security Assessments 

• Facilitate security risk assessments during design, development, and post-deployment phases of the PDLC. 
• Track and document identified risks, their impact, and mitigation strategies. 
• Collaborate with product teams to prioritize and address security risks and compliance gaps. 

Incident Response and Remediation 

• Lead efforts to remediate security issues and risks identified as a result of security incidents, ensuring rapid and effective resolution. 
• Work with product and security teams to implement corrective actions and long-term mitigation strategies to prevent recurrence. 
• Track the progress of remediation efforts, ensuring accountability and timely resolution of issues. 
• Provide reports and updates to stakeholders on the status of incident-related remediation efforts. 

Stakeholder Collaboration 

• Act as the primary liaison between product teams and the Product Security Manager, ensuring clear communication of project goals, risks, and status updates. 
• Partner with GRC, operations, and security engineering teams to align product security initiatives with enterprise security goals. 
• Maintain strong relationships with stakeholders, providing regular updates on project performance, compliance progress, and remediation efforts. 

Monitoring and Reporting 

• Track key project metrics and deliverables, ensuring security and compliance objectives are achieved. 
• Develop and deliver regular reports to leadership on project status, risks, mitigation progress, and remediation outcomes. 
• Monitor evolving security requirements and industry best practices, ensuring they are incorporated into ongoing projects. 

Continuous Improvement 

• Identify opportunities to streamline processes and improve the efficiency of risk, security, and remediation projects. 
• Provide feedback and recommendations to enhance the organization’s approach to managing product security and compliance. 

Key Metrics for Success 

• On-time delivery of security and risk projects within scope and budget. 
• Reduction in security risks and vulnerabilities identified during product development and incidents. 
• Timely remediation of security issues identified during incidents and audits. 
• Compliance with relevant security and regulatory standards (e.g., ISO 27001, SOC 2, NIST). 
• Positive feedback from product teams regarding project management support. 
• Implementation of process improvements that enhance project and remediation efficiency. 

What you will bring to Coupa:

• Required Qualifications 
• Education: Bachelor’s degree in Project Management, Cybersecurity, Information Technology, or a related field. 
• Experience: 3+ years of experience managing security or risk projects, preferably in a product-focused environment, with hands-on experience in incident remediation. 
• Strong understanding of cloud (AWS preferred) security principles, frameworks, and best practices. 
• Proficient and hands on experience with Jira and Confluence. 

Preferred Certifications:

• PMP, CISM, or similar certifications are preferred. 

Skills and Competencies 

• Strong project management skills, including planning, execution, and monitoring. Familiarity with security and compliance frameworks such as ISO 27001, NIST, SOC 2, or PCI DSS. 
• Proven ability to assess and manage risks, ensuring appropriate mitigation and remediation strategies are implemented.
•  Experience managing the remediation of security risks and issues identified during incidents or audits. 
• Excellent communication and collaboration skills to manage cross-functional teams.
•  Proficiency with project management tools and methodologies (e.g., Agile, Waterfall, Jira, etc.). 
• Strong problem-solving skills and the ability to adapt to changing priorities and requirements.

At Coupa, we celebrate diversity and recognize its value to our customers and employees. Coupa is proud to be an equal-opportunity workplace and affirmative-action employer. All qualified applicants will receive consideration for employment regardless of age, race, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or any other applicable status protected by state or local law. 

Please be advised that inquiries or resumes from recruiters will not be accepted.

By submitting your application, you acknowledge that you have read Coupa’s Privacy Policy and understand that Coupa receives/collects your application, including your personal data, for the purposes of managing Coupa's ongoing recruitment and placement activities, including for employment purposes in the event of a successful application and for notification of future job opportunities if you did not succeed the first time. You will find more details about how your application is processed, the purposes of processing, and how long we retain your application in our Privacy Policy.