Governance, Risk, and Compliance Analyst

As a GRC Analyst at Coupa, you play a crucial role in supporting the operational backbone of the enterprise risk management, third-party risk, and compliance programs. Your responsibilities include: Role Overview: The GRC Analyst at Coupa supports risk management and compliance operations by focusing on core activities such as risk metrics, dashboarding, vendor/third-party risk reviews, control and requirement inventory management, and policy lifecycle oversight. Your role is to ensure clear visibility into risk posture, compliance obligations, and remediation efforts. Key Responsibilities: - Collect, analyze, and interpret risk data from various sources including security operations, product, compliance, and audits. - Conduct risk assessments for suppliers, SaaS vendors, and third-party partners. - Manage vendor due-diligence questionnaires, review responses, SOC reports, and certifications to identify gaps. - Maintain and update Risk Dashboards, KRI/KPI Reports, and decision-support visuals. - Monitor remediation progress and support the creation of vendor scorecards and risk summaries. - Maintain control and requirement mappings, ensuring alignment with regulatory and industry frameworks. - Manage the enterprise policy inventory and version history. - Track policy review cycles, coordinate updates with cross-functional teams, and manage publication workflows. - Support control testers and auditors with accurate mapping views and evidence expectations. - Aggregate data from various systems to build metric packs. - Support administration and maintenance of GRC platforms used for risk, compliance, audit, and vendor workflows. - Identify improvements to reporting structure, data quality, and visual presentation. Qualifications Required: - 13 years of experience in risk management, GRC operations, security compliance, vendor management, or audit. - Basic understanding of security and compliance frameworks such as NIST CSF, ISO 27001/27701, SOC 2, PCI DSS, or similar. - Strong organizational, analytical, and documentation skills. - Ability to work with metrics, spreadsheets, and structured data. - Excellent communication and follow-up skills for coordinating cross-functional reviews. At Coupa, we value equal opportunity and offer an inclusive work environment. We ensure fair decision-making processes related to hiring, compensation, training, and performance evaluation. Please note that inquiries or resumes from recruiters will not be accepted. By applying to this role, you acknowledge Coupa's Privacy Policy and consent to the processing of your personal data for recruitment and employment purposes. You can find more information about data processing and retention in our Privacy Policy. Experience Level: Mid Level As a GRC Analyst at Coupa, you play a crucial role in supporting the operational backbone of the enterprise risk management, third-party risk, and compliance programs. Your responsibilities include: Role Overview: The GRC Analyst at Coupa supports risk management and compliance operations by focusing on core activities such as risk metrics, dashboarding, vendor/third-party risk reviews, control and requirement inventory management, and policy lifecycle oversight. Your role is to ensure clear visibility into risk posture, compliance obligations, and remediation efforts. Key Responsibilities: - Collect, analyze, and interpret risk data from various sources including security operations, product, compliance, and audits. - Conduct risk assessments for suppliers, SaaS vendors, and third-party partners. - Manage vendor due-diligence questionnaires, review responses, SOC reports, and certifications to identify gaps. - Maintain and update Risk Dashboards, KRI/KPI Reports, and decision-support visuals. - Monitor remediation progress and support the creation of vendor scorecards and risk summaries. - Maintain control and requirement mappings, ensuring alignment with regulatory and industry frameworks. - Manage the enterprise policy inventory and version history. - Track policy review cycles, coordinate updates with cross-functional teams, and manage publication workflows. - Support control testers and auditors with accurate mapping views and evidence expectations. - Aggregate data from various systems to build metric packs. - Support administration and maintenance of GRC platforms used for risk, compliance, audit, and vendor workflows. - Identify improvements to reporting structure, data quality, and visual presentation. Qualifications Required: - 13 years of experience in risk management, GRC operations, security compliance, vendor management, or audit. - Basic understanding of security and compliance frameworks such as NIST CSF, ISO 27001/27701, SOC 2, PCI DSS, or similar. - Strong organizational, analytical, and documentation skills. - Ability to work with metrics, spreadsheets, and structured data. - Excellent communication and follow-up skills for coordinating cross-functional reviews. At Coup