GRC Analyst - 11125

Coupa makes margins multiply through its community-generated AI and industry-leading total spend management platform for businesses large and small. Coupa AI is informed by trillions of dollars of direct and indirect spend data across a global network of 10M+ buyers and suppliers. We empower you with the ability to predict, prescribe, and automate smarter, more profitable business decisions to improve operating margins.

Why join Coupa?

• Pioneering Technology: At Coupa, we're at the forefront of innovation, leveraging the latest technology to empower our customers with greater efficiency and visibility in their spend.
• Collaborative Culture: We value collaboration and teamwork, and our culture is driven by transparency, openness, and a shared commitment to excellence.
• Global Impact: Join a company where your work has a global, measurable impact on our clients, the business, and each other.

Learn more on Life at Coupa blog and hear from our employees about their experiences working at Coupa.

The Impact of a GRC Analyst at Coupa:

The GRC Analyst supports the operational backbone of Coupa's enterprise risk management, third-party risk, and compliance programs. This critical role focuses on core activities across risk metrics, dashboarding, vendor/third-party risk reviews, control and requirement inventory management, and policy lifecycle oversight. The analyst ensures the organization maintains clear visibility into risk posture, compliance obligations, and remediation efforts.

This is an ideal role for an analytical, detail-oriented professional motivated to grow in the GRC field, comfortable working with structured data, and capable of managing both risk and compliance operational tasks.

What You'll Do:

• Risk Management & Reporting - 40%
• Collect, analyze, and interpret risk data from multiple sources (security operations, product, compliance, audits).
• Conduct onboarding and periodic risk assessments for suppliers, SaaS vendors, and key third-party partners.
• Send and track vendor due-diligence questionnaires, review responses, SOC reports, and certifications to identify gaps.
• Maintain and update quarterly Risk Dashboards, KRI/KPI Reports, and decision-support visuals.
• Monitor remediation progress across risk owners and functional teams.
• Support creation of vendor scorecards, risk summaries, and executive-ready reporting.
• Compliance Operations & Governance - 40%
• Maintain the single source of truth for control and requirement mappings, ensuring alignment with regulatory and industry frameworks (ISO 27001/27701, SOC 2, NIST CSF, PCI DSS, etc.).
• Perform periodic inventory housekeeping (archiving, gap cleanup) and ensure control owners are assigned and accountable.
• Maintain the enterprise policy inventory and version history.
• Track policy and standard review cycles, coordinate updates with cross-functional teams (Security, Privacy, Legal, HR, IT), and manage publication/acknowledgment workflows.
• Prepare baseline compliance reports and dashboards for management review.
• Support control testers and auditors with accurate mapping views and evidence expectations.
• GRC Tool Administration & Data Operations - 20%
• Aggregate data from GRC tools, Jira, spreadsheets, and other systems to build metric packs.
• Support administration and maintenance of GRC platforms used for risk, compliance, audit, and vendor workflows.
• Update records, maintain integrations, monitor workflow health, and troubleshoot issues.
• Help operationalize new modules, automations, and reporting capabilities.
• Identify improvements to reporting structure, data quality, and visual presentation.
• Typical Day-to-Day Tasks
• Update control mappings across compliance frameworks and ensure alignment with policies.
• Pull vendor risk data and send out assessment questionnaires; review third-party documents (SOC reports, pen tests).
• Run weekly owner review notifications for controls and follow-up tasks.
• Update risk dashboards, KRI datasets, and compliance posture reports.
• Track policy review timelines and coordinate with content owners.
• Aggregate data across sources to prepare weekly or monthly GRC metrics.
• Update workflows and records in GRC tools; troubleshoot platform issues.

What You Will Bring to Coupa:

• 1-3 years of experience in risk management, GRC operations, security compliance, vendor management, or audit.
• Basic understanding of security and compliance frameworks (NIST CSF, ISO 27001/27701, SOC 2, PCI DSS, or similar).
• Strong organizational, analytical, and documentation skills; comfortable working with metrics, spreadsheets, and structured data.
• Ability to review and map detailed compliance requirements logically to controls.
• Ability to interpret vendor documentation and identify red flags or gaps.
• Excellent communication and follow-up skills for coordinating cross-functional reviews.

Coupa complies with relevant laws and regulations regarding equal opportunity and offers a welcoming and inclusive work environment. Decisions related to hiring, compensation, training, or evaluating performance are made fairly, and we provide equal employment opportunities to all qualified candidates and employees.

Please be advised that inquiries or resumes from recruiters will not be accepted.

By submitting your application, you acknowledge that you have read Coupa's Privacy Policy and understand that Coupa receives/collects your application, including your personal data, for the purposes of managing Coupa's ongoing recruitment and placement activities, including for employment purposes in the event of a successful application and for notification of future job opportunities if you did not succeed the first time. You will find more details about how your application is processed, the purposes of processing, and how long we retain your application in our Privacy Policy.

Client-provided location(s): Pune, India

Job ID: Coupa-0b3d505b-7ec6-4ac4-96b7-deee8ab465dc

Employment Type: OTHER

Posted: 2026-02-05T18:30:02