The Impact of a Director of Governance, Risk and Compliance at Coupa:
We are seeking a seasoned and strategic Director of Governance, Risk, and Compliance (GRC) to establish, lead, and mature our GRC program across the organization. This pivotal role involves defining the enterprise risk management strategy, ensuring regulatory compliance, and overseeing the development and implementation of governance frameworks, policies, and controls. The Director will act as a primary interface with internal and external audit teams, manage organizational risk, and drive a culture of ethical and compliant business practices. This role requires a leader with a deep understanding of corporate governance, a proven track record in developing and managing comprehensive compliance programs, and the ability to clearly articulate risk and compliance posture to executive leadership.
What You’ll Do
- Strategic GRC Leadership & Vision: Develop and execute the comprehensive GRC strategy, roadmap, and framework, aligning them with the company’s business objectives, risk appetite, and regulatory obligations.
- Enterprise Security Risk Management:
- Oversee the formal Cyber Risk Management program, including risk identification, assessment, mitigation, and monitoring across all business functions.
- Develop and manage the risk register, tracking key risks and control effectiveness, and reporting on the overall risk landscape.
- Leading the design, implementation, and continuous maturation of the ThirdParty Risk Management (TPRM) program, reducing supply chain risk and ensuring vendor compliance with frameworks like SOC 2 and ISO 27001.
- Compliance Program Management:
- Design, implement, and continuously enhance the corporate compliance program, ensuring adherence to applicable laws, regulations (e.g., GDPR, CCPA, SOC 1, SOC 2, ISO 27001, SOX, export controls, etc.), and internal policies.
- Manage external audits, regulatory examinations, and internal compliance reviews.
- Develop and deliver company-wide training and awareness programs on compliance topics, policies, and the Code of Conduct.
- Governance and Policy Framework:
- Establish and maintain a robust framework of corporate governance, policies, and standards.
- Collaborate with legal and business stakeholders to draft, review, and disseminate GRC-related policies and procedures.
- Metrics and Reporting:
- Oversee the end-to-end metrics and reporting for the GRC program.
- Develop executive-level reporting that is clear, concise, and business-based, ensuring risk and compliance status are clearly identified and communicated to senior management.
- Cross-Functional Collaboration:
- Partner with Legal, Internal Audit, Finance, and IT Security teams to ensure consistent application of GRC principles.
- Provide expert guidance on compliance and risk considerations for new products, technologies, and market expansions.
What You Will Bring to Coupa
- Bachelor's degree in Business, Finance, Law, Information Security, or a related field.
- 10+ years of progressive experience in Governance, Risk, and Compliance, with at least 5 years in a leadership role managing enterprise-level GRC programs.
- Strong knowledge of industry compliance frameworks (e.g., SOX, ISO 27001, NIST, SOC 2, HIPAA, PCI DSS, GDPR).
- Relevant industry certifications (e.g., CGRC, CCEP, CRISC, CISA, CISSP).
- Exceptional leadership qualities, with the ability to manage teams and work cross-functionally to set priorities and address overall organizational risk.
- Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex GRC issues to both technical and non-technical audiences, including executive leadership.
Coupa Compensation & Benefits Highlights
-
Healthcare Strength — Health, dental, vision, and mental‑wellness resources for employees and dependents begin on the first day of employment. Recent updates to health‑insurance programs this year indicate active management of core coverage.
-
Leave & Time Off Breadth — Flexible Time Off, floating holidays, paid parental leave, and dedicated volunteer time off are emphasized as part of standard offerings. A global minimum vacation allowance outside the U.S. is also advertised.
-
Retirement Support — Competitive compensation is paired with retirement savings programs, including a U.S. 401(k) with company match. An Employee Stock Purchase Plan is also referenced as part of long‑term financial support.
Coupa Insights
What We Do
Coupa is a global technology company that helps businesses run smarter by connecting all the ways they spend money — from procurement and expenses to payments and supply chain decisions — in one intelligent platform. In simple terms, Coupa gives organizations the visibility and control they need to make better financial choices, reduce waste, and drive real impact. It’s where technology meets purpose: helping companies manage their resources more responsibly while creating a positive ripple across their people, partners, and the planet.
Why Work With Us
At Coupa, we prioritize an inclusive and empathetic workplace where every voice is valued. Our teams are proactive and accountable, ensuring we collaborate effectively to achieve our goals. The foundation of our culture rests on our people; we believe in fostering an environment that encourages innovation and curiosity.
Gallery
Coupa Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
Our virtual-first approach is intentional. It gives you the freedom to do your best work in a space that supports focus, balance, and creativity, while staying connected to a global team of changemakers who are redefining the future of business spend


















