Coupa Software, Inc.
Director of Governance, Risk and Compliance - 11454
TLDR
Lead and mature the Governance, Risk, and Compliance program, defining enterprise risk strategies and ensuring compliance with regulatory frameworks while influencing company-wide practices.
Coupa makes margins multiply through its community-generated AI and industry-leading total spend management platform for businesses large and small. Coupa AI is informed by trillions of dollars of direct and indirect spend data across a global network of 10M+ buyers and suppliers. We empower you with the ability to predict, prescribe, and automate smarter, more profitable business decisions to improve operating margins.
Why join Coupa?
🔹 Pioneering Technology: At Coupa, we're at the forefront of innovation, leveraging the latest technology to empower our customers with greater efficiency and visibility in their spend.
🔹 Collaborative Culture: We value collaboration and teamwork, and our culture is driven by transparency, openness, and a shared commitment to excellence.
🔹 Global Impact: Join a company where your work has a global, measurable impact on our clients, the business, and each other.
Learn more on Life at Coupa blog and hear from our employees about their experiences working at Coupa.
The Impact of a Director of Governance, Risk and Compliance at Coupa:
We are seeking a seasoned and strategic Director of Governance, Risk, and Compliance (GRC) to establish, lead, and mature our GRC program across the organization. This pivotal role involves defining the enterprise risk management strategy, ensuring regulatory compliance, and overseeing the development and implementation of governance frameworks, policies, and controls. The Director will act as a primary interface with internal and external audit teams, manage organizational risk, and drive a culture of ethical and compliant business practices. This role requires a leader with a deep understanding of corporate governance, a proven track record in developing and managing comprehensive compliance programs, and the ability to clearly articulate risk and compliance posture to executive leadership.
What You’ll Do
Strategic GRC Leadership & Vision: Develop and execute the comprehensive GRC strategy, roadmap, and framework, aligning them with the company’s business objectives, risk appetite, and regulatory obligations.
Enterprise Security Risk Management:
Oversee the formal Cyber Risk Management program, including risk identification, assessment, mitigation, and monitoring across all business functions.
Develop and manage the risk register, tracking key risks and control effectiveness, and reporting on the overall risk landscape.
Leading the design, implementation, and continuous maturation of the ThirdParty Risk Management (TPRM) program, reducing supply chain risk and ensuring vendor compliance with frameworks like SOC 2 and ISO 27001.
Compliance Program Management:
Design, implement, and continuously enhance the corporate compliance program, ensuring adherence to applicable laws, regulations (e.g., GDPR, CCPA, SOC 1, SOC 2, ISO 27001, SOX, export controls, etc.), and internal policies.
Manage external audits, regulatory examinations, and internal compliance reviews.
Develop and deliver company-wide training and awareness programs on compliance topics, policies, and the Code of Conduct.
Governance and Policy Framework:
Establish and maintain a robust framework of corporate governance, policies, and standards.
Collaborate with legal and business stakeholders to draft, review, and disseminate GRC-related policies and procedures.
Metrics and Reporting:
Oversee the end-to-end metrics and reporting for the GRC program.
Develop executive-level reporting that is clear, concise, and business-based, ensuring risk and compliance status are clearly identified and communicated to senior management.
Cross-Functional Collaboration:
Partner with Legal, Internal Audit, Finance, and IT Security teams to ensure consistent application of GRC principles.
Provide expert guidance on compliance and risk considerations for new products, technologies, and market expansions.
What You Will Bring to Coupa
Bachelor's degree in Business, Finance, Law, Information Security, or a related field.
10+ years of progressive experience in Governance, Risk, and Compliance, with at least 5 years in a leadership role managing enterprise-level GRC programs.
Strong knowledge of industry compliance frameworks (e.g., SOX, ISO 27001, NIST, SOC 2, HIPAA, PCI DSS, GDPR).
Relevant industry certifications (e.g., CGRC, CCEP, CRISC, CISA, CISSP).
Exceptional leadership qualities, with the ability to manage teams and work cross-functionally to set priorities and address overall organizational risk.
Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex GRC issues to both technical and non-technical audiences, including executive leadership.
Coupa complies with relevant laws and regulations regarding equal opportunity and offers a welcoming and inclusive work environment. Decisions related to hiring, compensation, training, or evaluating performance are made fairly, and we provide equal employment opportunities to all qualified candidates and employees.
Please be advised that inquiries or resumes from recruiters will not be accepted.
By submitting your application, you acknowledge that you have read Coupa’s Privacy Policy and understand that Coupa receives/collects your application, including your personal data, for the purposes of managing Coupa's ongoing recruitment and placement activities, including for employment purposes in the event of a successful application and for notification of future job opportunities if you did not succeed the first time. You will find more details about how your application is processed, the purposes of processing, and how long we retain your application in our Privacy Policy.
Coupa builds a powerful total spend management platform that leverages community-generated AI to help businesses optimize their margins. Designed for organizations of all sizes, Coupa's technology is driven by trillions of dollars in spend data, connecting over 10 million buyers and suppliers across a global network.
- Founded
- Founded 2006
- Employees
- 500+ employees
- Industry
- Internet Software & Services
- Total raised
- $170M raised