About the Opportunity

Contentful prioritized the security and privacy of our services. Our Governance, Risk, and Compliance (GRC) team supports company-wide initiatives and upholds high standards of quality to ensure continuous compliance and exposure reduction. We believe that Security and GRC are anchored in principles of repeatability, scalability, and practicality.

We are seeking a committed and driven GRC Lead to enhance our GRC program through continuous improvement. You will have daily operational responsibilities, such as maintaining a risk register and compliance monitoring solutions, but you will also be empowered to proactively drive change and shape the growth of our program. You will be expected to be an experienced internal auditor with hands-on ISO 27001 and SOC 2 experience.

Candidates should thrive in a fast-paced and dynamic environment, with proven expertise in balancing experience, continuous learning, and practical application to solve problems. You will be a member of the Security Department, reporting to the Business Resilience and GRC Director, and engaging collaboratively across all business functions. You will work independently, as part of a team, and in partnership with stakeholders throughout the organization to ensure risk and compliance obligations and improvements are met.

What to Expect

• Maintain a risk register, review submissions, collaborate with stakeholders, and track mitigation efforts.
• Conduct risk assessments, gap analyses, and control reviews to identify deficiencies and improvements.
• Monitor GRC software, assign actions, and ensure timely and accurate completion of activities.
• Support customers by addressing compliance inquiries and Requests for Proposal topics.
• Cultivate internal and external trust resources (e.g., Trust Center, whitepapers, datasheets).
• Provide support and guidance for internal and external audits.
• Generate and provide regular cross functional and executive compliance reports and metrics.
• Maintain and propose edits to policies and procedures to ensure effectiveness and compliance.
• Maintain compliance across multiple frameworks and customer requirements.
• Develop and maintain Security and GRC maturity models using compliance and industry frameworks.
• Map controls across different frameworks to identify commonalities and gaps.
• Maintain mapping to facilitate consolidation and consistency of activities across multiple obligations.
• Drive continuous improvement across all aspects of GRC throughout the organization.
• Identify systemic issues and collaborate on approaches to address root causes.
• Proactively monitor regulatory and statutory changes in GRC and drive necessary changes.
• Provide training to drive education on security compliance requirements and best practices.
• Maintain the security and compliance awareness program and reporting.
• Play an active role in scaling GRC practices by contributing to team roadmaps.

What do you need to be Successful?

• 5 years of Governance, Risk, and Compliance experience.
• 3 years focused on implementing and maintaining ISO 27001 and SOC 2 frameworks.
• Ability to navigate complexities of multiple frameworks and customer requirements.
• Conducted internal audits, risk assessment, and gap analysis with limited oversight.
• Maintained and participated in ISO 27001 and SOC 2 programs, including external audits.
• Preferred ISO 27001 credentials (e.g., ISO Lead Auditor or Lead Implementer.)
• Exposure to PCI DSS, CIS, COBIT, GRPR, NIST (CSF, 800-171, 800-53.)
• Proven expertise working in a technical, development focused environment.
• Direct experience managing and executing complex projects.
• Ability to translate requirements and effectively probe and communicate with technical resources.
• Strong written and verbal communication skills.
• Experience working across business units and geographical boundaries.
• Ability to cultivate relationships with stakeholders.
• Detail-oriented with a passion for maintaining quality.
• Capable of working independently and collaboratively with large teams.
• Ability to thrive in a fast-paced environment, often juggling multiple projects.

What's in it for you?

• Join an ambitious tech company reshaping the way people build digital experiences
• Full-time employees receive Stock Options for the opportunity to share in the success of our company
• Comprehensive healthcare package covering 100% of monthly health premiums for employees and 85% of costs for your dependents. 
• Fertility and family building benefits, including a lifetime reimbursable wallet to support your growing family.
• We value Work-Life balance and You Time!A generous amount of paid time off, including vacation days, sick days, compassion days for loss, education days, and volunteer days
• Company paid parental leave to care for and focus on your growing family 
• Use your personal annual education budget to improve your skills and grow in your career
• Enjoy a full range of virtual and in-person events, including workshops, guest speakers, and fun team activities, supporting learning and networking exchange beyond the usual work duties 
• An annual wellbeing stipend to care for your physical, financial, or emotional health
• A monthly communication stipend and phone hardware upgrade reimbursement.
• New hire office equipment stipend for hybrid or distributed employees. Get the gear you need to work at your best.

This role will need to be conducted in a state in which we are currently registered to do business.