Coupa SoftwareRemote
Director of Governance, Risk and Compliance
Tennessee, United States of America
Full Time
2 hours ago
Visa Sponsor
Key skills
LeadershipRisk ManagementCommunicationCollaborationPresentation Skills
About this role
Role Overview
- Develop and execute the comprehensive GRC strategy, roadmap, and framework, aligning them with the company’s business objectives, risk appetite, and regulatory obligations.
- Oversee the formal Cyber Risk Management program, including risk identification, assessment, mitigation, and monitoring across all business functions.
- Develop and manage the risk register, tracking key risks and control effectiveness, and reporting on the overall risk landscape.
- Leading the design, implementation, and continuous maturation of the ThirdParty Risk Management (TPRM) program, reducing supply chain risk and ensuring vendor compliance with frameworks like SOC 2 and ISO 27001.
- Design, implement, and continuously enhance the corporate compliance program, ensuring adherence to applicable laws, regulations (e.g., GDPR, CCPA, SOC 1, SOC 2, ISO 27001, SOX, export controls, etc.), and internal policies.
- Manage external audits, regulatory examinations, and internal compliance reviews.
- Develop and deliver company-wide training and awareness programs on compliance topics, policies, and the Code of Conduct.
- Establish and maintain a robust framework of corporate governance, policies, and standards.
- Collaborate with legal and business stakeholders to draft, review, and disseminate GRC-related policies and procedures.
- Oversee the end-to-end metrics and reporting for the GRC program.
- Develop executive-level reporting that is clear, concise, and business-based, ensuring risk and compliance status are clearly identified and communicated to senior management.
- Partner with Legal, Internal Audit, Finance, and IT Security teams to ensure consistent application of GRC principles.
- Provide expert guidance on compliance and risk considerations for new products, technologies, and market expansions.
Requirements
- Bachelor's degree in Business, Finance, Law, Information Security, or a related field.
- 10+ years of progressive experience in Governance, Risk, and Compliance, with at least 5 years in a leadership role managing enterprise-level GRC programs.
- Strong knowledge of industry compliance frameworks (e.g., SOX, ISO 27001, NIST, SOC 2, HIPAA, PCI DSS, GDPR).
- Relevant industry certifications (e.g., CGRC, CCEP, CRISC, CISA, CISSP).
- Exceptional leadership qualities, with the ability to manage teams and work cross-functionally to set priorities and address overall organizational risk.
- Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex GRC issues to both technical and non-technical audiences, including executive leadership.
Benefits
- Pioneering Technology: At Coupa, we're at the forefront of innovation, leveraging the latest technology to empower our customers with greater efficiency and visibility in their spend.
- Collaborative Culture: We value collaboration and teamwork, and our culture is driven by transparency, openness, and a shared commitment to excellence.
- Global Impact: Join a company where your work has a global, measurable impact on our clients, the business, and each other.