GRC Lead

At Contentful we prioritize the security and privacy of our services. Our Governance Risk and Compliance (GRC) team supports companywide initiatives upholding high standards of quality to ensure continuous compliance and reduce exposure. We believe that Security and GRC are anchored in principles of repeatability scalability and practicality.

We are seeking a committed and driven GRC Lead to support and enhance our GRC program through structured processes and continuous improvement. In this role you will play a key part in maintaining compliance frameworks within Vanta managing the risk register and assisting with compliance monitoring efforts. You will work closely with stakeholders across the business to assess risks conduct gap analyses and support audit readiness activities. As an experienced internal auditor you will bring handson ISO 27001 and SOC 2 expertise.

Candidates should be detailoriented proactive and eager to develop within a fastpaced and evolving security environment. You will be a member of the Security Department reporting to the Business Resilience and GRC Director and collaborate across business functions to ensure compliance requirements are met. You will work both independently and as part of a team contributing to the maturity of Contentfuls GRC practices.

Compliance Alignment:

• Support the identification assessment and remediation of compliance gaps across multiple frameworks.
• Assist in mapping controls across frameworks to streamline compliance efforts.
• Translate controls into actionable steps and provide implementation guidance to stakeholders.
• Support the ongoing maintenance and improvement of GRC software (Vanta) including control testing.
• Monitor compliance tasks in Vanta track progress and ensure timely completion of assigned actions.

GRC Maturity and Continuous improvement:

• Support the use of compliance and industry frameworks to enhance GRC maturity at Contentful.
• Assist in identifying systemic issues analyzing root causes and recommending improvements.
• Track regulatory changes and support updates to maintain compliance.
• Maintain policies and procedures recommending updates to align with best practices.
• Contribute to team initiatives and strategies to strengthen GRC programs.

Internal and External Audits:

• Support audit preparation and to facilitate successful outcomes.
• Conduct internal audits and gap assessments to evaluate compliance with established frameworks.
• Identify areas of noncompliance assess control effectiveness and recommend improvements.

Risk Management:

• Support functional teams in applying the risk management policy and embedding compliance.
• Assist in defining responsibilities and ensuring consistent risk mitigation efforts across Contentful.
• Maintain the risk register track risk mitigation activities and collaborate with stakeholders.
• Conduct risk assessments and gap analyses to identify areas for improvement.

GRC Committee:

• Support GRC committees by coordinating meetings preparing materials and documenting actions.
• Assist in tracking outcomes and following up on action items to ensure progress.

GRC Initiatives:

• Assist in preparing compliance reports tracking key metrics and providing crossfunctional updates.
• Address compliance queries and support internal escalations as needed.
• Support stakeholders with compliance inquiries including contributing to RFP responses.
• Participate in customer engagements to provide security and compliance information.
• Maintain internal and external GRC resources such as the Trust Center datasheets and whitepapers.
• Provide training to drive education on security compliance requirements and best practices.
• Contribute to the growth and scalability of GRC practices by supporting team initiatives.

• 4 years of Governance Risk and Compliance experience.
• 3 years focused on implementing and maintaining ISO 27001 and SOC 2 frameworks.
• Ability to understand and manage multiple compliance frameworks and customer requirements.
• Experience conducting internal audits risk assessments and gap analyses with moderate oversight.
• Familiarity with maintaining ISO 27001 and SOC 2 programs including supporting external audits.
• ISO 27001 Lead Implementer Internal Auditor or similar certifications (e.g. SOC 2 NIST) preferred.
• Exposure to frameworks like PCI DSS CIS COBIT GDPR NIST (CSF 3 is a plus.
• Experience working in a technical or developmentfocused environment.
• Experience supporting the management and of projects.
• Ability to translate requirements and communicate effectively with technical resources.
• Strong written and verbal communication skills.
• Ability to collaborate effectively across different business units and locations.
• Proven track record of building and nurturing relationships with stakeholders.
• Detailoriented with a commitment to maintaining quality and compliance.
• Ability to work independently while being an effective team player.
• Ability to work in a fastpaced environment managing multiple tasks simultaneously.

• Join an ambitious tech company reshaping the way people build digital experiences
• Fulltime employees receive Stock Options for the opportunity to share in the success of our company
• Fertility and family building benefits including a lifetime reimbursable wallet to support your growing family.
• We value WorkLife balance and You Time! A generous amount of paid time off including vacation days sick days  education days compassion days for loss and volunteer days
• Use your personal annual education budget to improve your skills and grow in your career
• Enjoy a full range of virtual and inperson events including workshops guest speakers and fun team activities supporting learning and networking exchange beyond the usual work duties 
• An annual wellbeing stipend to care for your physical financial or emotional health
• A monthly communication phone/internet stipend and phone hardware upgrade reimbursement.
• New hire office equipment stipend for hybrid or distributed employees. Get the gear you need to work at your best.

#LIJE1 #LIHybrid