GRC Lead

About the Opportunity

At Contentful, we prioritize the security and privacy of our services. Our Governance, Risk, and Compliance (GRC) team supports company-wide initiatives, upholding high standards of quality to ensure continuous compliance and reduce exposure. We believe that Security and GRC are anchored in principles of repeatability, scalability, and practicality.

We are seeking a committed and driven GRC Lead to support and enhance our GRC program through structured processes and continuous improvement. In this role, you will play a key part in maintaining compliance frameworks within Vanta, managing the risk register, and assisting with compliance monitoring efforts. You will work closely with stakeholders across the business to assess risks, conduct gap analyses, and support audit readiness activities. As an experienced internal auditor, you will bring hands-on ISO 27001 and SOC 2 expertise.

Candidates should be detail-oriented, proactive, and eager to develop within a fast-paced and evolving security environment. You will be a member of the Security Department, reporting to the Business Resilience and GRC Director, and collaborate across business functions to ensure compliance requirements are met. You will work both independently and as part of a team, contributing to the maturity of Contentful’s GRC practices.

What to expect?

Compliance Alignment:

• Support the identification, assessment, and remediation of compliance gaps across multiple frameworks.
• Assist in mapping controls across frameworks to streamline compliance efforts.
• Translate controls into actionable steps and provide implementation guidance to stakeholders.
• Support the ongoing maintenance and improvement of GRC software (Vanta), including control testing.
• Monitor compliance tasks in Vanta, track progress, and ensure timely completion of assigned actions.

GRC Maturity and Continuous improvement:

• Support the use of compliance and industry frameworks to enhance GRC maturity at Contentful.
• Assist in identifying systemic issues, analyzing root causes, and recommending improvements.
• Track regulatory changes and support updates to maintain compliance.
• Maintain policies and procedures, recommending updates to align with best practices.
• Contribute to team initiatives and strategies to strengthen GRC programs.

Internal and External Audits:

• Support audit preparation and execution to facilitate successful outcomes.
• Conduct internal audits and gap assessments to evaluate compliance with established frameworks.
• Identify areas of non-compliance, assess control effectiveness, and recommend improvements.

Risk Management:

• Support functional teams in applying the risk management policy and embedding compliance.
• Assist in defining responsibilities and ensuring consistent risk mitigation efforts across Contentful.
• Maintain the risk register, track risk mitigation activities, and collaborate with stakeholders.
• Conduct risk assessments and gap analyses to identify areas for improvement.

GRC Committee:

• Support GRC committees by coordinating meetings, preparing materials, and documenting actions.
• Assist in tracking outcomes and following up on action items to ensure progress.

GRC Initiatives:

• Assist in preparing compliance reports, tracking key metrics, and providing cross-functional updates.
• Address compliance queries and support internal escalations as needed.
• Support stakeholders with compliance inquiries, including contributing to RFP responses.
• Participate in customer engagements to provide security and compliance information.
• Maintain internal and external GRC resources, such as the Trust Center, datasheets, and whitepapers.
• Provide training to drive education on security compliance requirements and best practices.
• Contribute to the growth and scalability of GRC practices by supporting team initiatives.

What you need to be successful?

• 4+ years of Governance, Risk, and Compliance experience.
• 3+ years focused on implementing and maintaining ISO 27001 and SOC 2 frameworks.
• Ability to understand and manage multiple compliance frameworks and customer requirements.
• Experience conducting internal audits, risk assessments, and gap analyses with moderate oversight.
• Familiarity with maintaining ISO 27001 and SOC 2 programs, including supporting external audits.
• ISO 27001 Lead Implementer, Internal Auditor, or similar certifications (e.g., SOC 2, NIST) preferred.
• Exposure to frameworks like PCI DSS, CIS, COBIT, GDPR, NIST (CSF, 800-171, 800-53) is a plus.
• Experience working in a technical or development-focused environment.
• Experience supporting the management and execution of projects.
• Ability to translate requirements and communicate effectively with technical resources.
• Strong written and verbal communication skills.
• Ability to collaborate effectively across different business units and locations.
• Proven track record of building and nurturing relationships with stakeholders.
• Detail-oriented, with a commitment to maintaining quality and compliance.
• Ability to work independently while being an effective team player.
• Ability to work in a fast-paced environment, managing multiple tasks simultaneously.

What's in it for you?

• Join an ambitious tech company reshaping the way people build digital experiences
• Full-time employees receive Stock Options for the opportunity to share in the success of our company
• Fertility and family building benefits, including a lifetime reimbursable wallet to support your growing family.
• We value Work-Life balance and You Time! A generous amount of paid time off, including vacation days, sick days,  education days, compassion days for loss, and volunteer days
• Time off to care for and focus on your growing family 
• Use your personal annual education budget to improve your skills and grow in your career
• Enjoy a full range of virtual and in-person events, including workshops, guest speakers, and fun team activities, supporting learning and networking exchange beyond the usual work duties 
• An annual wellbeing stipend to care for your physical, financial, or emotional health
• A monthly communication phone/internet stipend and phone hardware upgrade reimbursement.
• New hire office equipment stipend for hybrid or distributed employees. Get the gear you need to work at your best.

#LI-JE1 #LI-REMOTE