Philip Cox
Details
Coupa Software
Deputy Chief Information Security Officer, Federal
Provide security leadership and vision in transition from startup to a public multi-billion dollar valued company. This transition included building a GRC program and team to manage ISO27001, PCI, SOC1/2, ITAR, HIPAA, TUV CCS, and GDPR compliance initiatives, establishing a dedicated Corporate IT security function, and transitioning platform operations security team from outsourced SOC to in house team. Provided industry thought leadership on transitioning security programs from old school walled castle focus to include everywhere connected SaaS-backed environments. Responsibilities include building a comprehensive and robust security and compliance program that covers all aspects of Coupa Security. Working with cross organizational stakeholders to implement a “business risk” driven security program that ensures security is a business enabler, not blocker. Scope of role is all security aspects (program, policies, procedures, design, development, operations, etc.) of our SaaS product offering, corporate back office, and physical offices. Key goal is defined and operating strategy and security program that is consistent with Coupa core values : Focus on Results, Ensuring Customer Success, and Striving for Excellence. All the while ensuring continued adherence to and success of Coupa's current compliance programs.
Provide leadership and oversight to the Security Operations Center, GRC (Governance, Risk and Compliance) team, Threat Management team, SecOps and Sec Dev teams. Work closely with, and support, corporate IT, Legal & HR, Sales, Marketing, and Engineering teams.
2015 : 2022
Coupa Software
VP, Security & Compliance
Responsible for leading all components of Digital Insight’s (a NCR Company) information security posture. The position is a 3-legged stool involving : 1. Acting in the role of the Information Security Officer, responsible for the security and protection of Digital Insight’s corporate and customer ecosystem. 2. Developing an information security program that will be seen as best of breed in the retail banking industry. 3. Designing and execution of an information security consulting offering aimed at providing information security services to Digital Insight’s customers in the retail banking industry.
Effectively responsible for any and all aspects related to securing our applications and our customer’s data.
2014 : 2015
Digital Insight
Director of Security
Brought to Lubrizol to provide leadership in the the move to Office 365, Azure, and AWS cloud services. Goal was to increase productivity, while decreasing overall cost, of a global manufacturing company through the use of innovative IT solutions in a secure manner. Work cross-functionally to educate, collaborate, and identify use cases that would best benefit from new technology capabilities. Implement pilot programs, then help develop transition plans as needed.
2013 : 2014
The Lubrizol Corporation
Senior Solutions Architect, Innovation & Security
Security Driver. Responsible for establishing and maintaining the strategy and program to ensure RightScale and its customer information assets are adequately protected. Be the driving force behind compliance initiatives in the engineering, operations, and corporate environments. Drive the implementation of a governance, risk, and compliance program (e.g., PCI DSS and SSAE 16 Type II) throughout the RightScale organization. Educate and advise customers on cloud security.
2011 : 2013
RightScale
Director of Security and Compliance
About
Information technology and security leader with extensive experience in all facets of information systems design, integration and security. Proven expertise in building security programs from the ground up, and developing strong teams to support those programs. Expertise in designing, implementing, and securing global and enterprise networks. Strong ability to analyze, plan, set goals, coordinate and deliver on key business level objectives. Adept in providing excellent management while prioritizing improvements that maximize immediate business focused results. Outstanding written and verbal skills from both business operations and client base perspectives. Excellent written and verbal skills; able to communicate and collaborate effectively with all levels within a company, from C-level executives to technical co-workers, and externally with clients at all levels.
Specialties: Information System Architectures; Compliance Program Development (SOC, PCI, ISO 2700X, HIPAA, FedRAMP, TUV CCS, GDPR); Risk Assessments; Virtualization Technologies; Cloud Security; Security in DevOps and Agile Environments; Application Vulnerability Testing; Network and System Penetration Testing; Security Information Event Monitoring (SIEM) design and implementation; Threat Management; Enterprise Vulnerability Management; Policies Development; Repeatable Services Delivery; Teaching/Lecturing
Profile Photo
