The Director of Governance, Risk and Compliance will lead the GRC program, manage enterprise risks, ensure regulatory compliance, and design governance frameworks and policies.
Coupa makes margins multiply through its community-generated AI and industry-leading total spend management platform for businesses large and small. Coupa AI is informed by trillions of dollars of direct and indirect spend data across a global network of 10M+ buyers and suppliers. We empower you with the ability to predict, prescribe, and automate smarter, more profitable business decisions to improve operating margins.
Why join Coupa?
🔹 Pioneering Technology: At Coupa, we're at the forefront of innovation, leveraging the latest technology to empower our customers with greater efficiency and visibility in their spend.
🔹 Collaborative Culture: We value collaboration and teamwork, and our culture is driven by transparency, openness, and a shared commitment to excellence.
🔹 Global Impact: Join a company where your work has a global, measurable impact on our clients, the business, and each other.
Learn more on Life at Coupa blog and hear from our employees about their experiences working at Coupa.
The Impact of a Director of Governance, Risk and Compliance at Coupa:
We are seeking a seasoned and strategic Director of Governance, Risk, and Compliance (GRC) to establish, lead, and mature our GRC program across the organization. This pivotal role involves defining the enterprise risk management strategy, ensuring regulatory compliance, and overseeing the development and implementation of governance frameworks, policies, and controls. The Director will act as a primary interface with internal and external audit teams, manage organizational risk, and drive a culture of ethical and compliant business practices. This role requires a leader with a deep understanding of corporate governance, a proven track record in developing and managing comprehensive compliance programs, and the ability to clearly articulate risk and compliance posture to executive leadership.
What You’ll Do
- Strategic GRC Leadership & Vision: Develop and execute the comprehensive GRC strategy, roadmap, and framework, aligning them with the company’s business objectives, risk appetite, and regulatory obligations.
- Enterprise Security Risk Management:
- Oversee the formal Cyber Risk Management program, including risk identification, assessment, mitigation, and monitoring across all business functions.
- Develop and manage the risk register, tracking key risks and control effectiveness, and reporting on the overall risk landscape.
- Leading the design, implementation, and continuous maturation of the ThirdParty Risk Management (TPRM) program, reducing supply chain risk and ensuring vendor compliance with frameworks like SOC 2 and ISO 27001.
- Compliance Program Management:
- Design, implement, and continuously enhance the corporate compliance program, ensuring adherence to applicable laws, regulations (e.g., GDPR, CCPA, SOC 1, SOC 2, ISO 27001, SOX, export controls, etc.), and internal policies.
- Manage external audits, regulatory examinations, and internal compliance reviews.
- Develop and deliver company-wide training and awareness programs on compliance topics, policies, and the Code of Conduct.
- Governance and Policy Framework:
- Establish and maintain a robust framework of corporate governance, policies, and standards.
- Collaborate with legal and business stakeholders to draft, review, and disseminate GRC-related policies and procedures.
- Metrics and Reporting:
- Oversee the end-to-end metrics and reporting for the GRC program.
- Develop executive-level reporting that is clear, concise, and business-based, ensuring risk and compliance status are clearly identified and communicated to senior management.
- Cross-Functional Collaboration:
- Partner with Legal, Internal Audit, Finance, and IT Security teams to ensure consistent application of GRC principles.
- Provide expert guidance on compliance and risk considerations for new products, technologies, and market expansions.
What You Will Bring to Coupa
- Bachelor's degree in Business, Finance, Law, Information Security, or a related field.
- 10+ years of progressive experience in Governance, Risk, and Compliance, with at least 5 years in a leadership role managing enterprise-level GRC programs.
- Strong knowledge of industry compliance frameworks (e.g., SOX, ISO 27001, NIST, SOC 2, HIPAA, PCI DSS, GDPR).
- Relevant industry certifications (e.g., CGRC, CCEP, CRISC, CISA, CISSP).
- Exceptional leadership qualities, with the ability to manage teams and work cross-functionally to set priorities and address overall organizational risk.
- Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex GRC issues to both technical and non-technical audiences, including executive leadership.
Coupa complies with relevant laws and regulations regarding equal opportunity and offers a welcoming and inclusive work environment. Decisions related to hiring, compensation, training, or evaluating performance are made fairly, and we provide equal employment opportunities to all qualified candidates and employees.
Please be advised that inquiries or resumes from recruiters will not be accepted.
By submitting your application, you acknowledge that you have read Coupa’s Privacy Policy and understand that Coupa receives/collects your application, including your personal data, for the purposes of managing Coupa's ongoing recruitment and placement activities, including for employment purposes in the event of a successful application and for notification of future job opportunities if you did not succeed the first time. You will find more details about how your application is processed, the purposes of processing, and how long we retain your application in our Privacy Policy.
Top Skills
Ccpa
Gdpr
Iso 27001
Soc 2
Sox
Similar Jobs at Coupa
Artificial Intelligence • Fintech • Information Technology • Logistics • Payments • Business Intelligence • Generative AI
The Senior Product Strategist at Coupa defines and drives product strategy, ensuring alignment between market opportunities, customer needs, and product roadmap priorities. This role requires collaboration with various teams to translate strategy into execution, focusing on long-term priorities and the integration of product strategy with pricing and packaging models.
Top Skills:
ProcurementProduct ManagementSaaSSourcingSpend Management
Artificial Intelligence • Fintech • Information Technology • Logistics • Payments • Business Intelligence • Generative AI
The Proposal Leader manages the lifecycle of RFX bids, coordinates proposal teams, and ensures compliance and quality in submissions while leveraging technology to improve processes.
Top Skills:
Google Gemini AiLoopio
Artificial Intelligence • Fintech • Information Technology • Logistics • Payments • Business Intelligence • Generative AI
This role involves designing scalable data ingestion systems and building a centralized data lake on Apache Iceberg. Responsibilities include improving performance and reliability, collaborating with data engineers, and providing technical leadership.
Top Skills:
Apache IcebergAWSAzureBigQueryDatabricksGCPPrestoPythonSnowflakeSQLTrino
What you need to know about the Colorado Tech Scene
With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
