Description

About the Opportunityn

nAt Contentful, we prioritize the security and privacy of our services. Our Governance, Risk, and Compliance (GRC) team supports company-wide initiatives, upholding high standards of quality to ensure continuous compliance and reduce exposure. We believe that Security and GRC are anchored in principles of repeatability, scalability, and practicality.nn

n

Who are we?n

nContentful is the intelligent composable content platform that unlocks all of an organization’s digital content to deliver impactful customer experiences, making content a strategic business asset. The Contentful Platform, Contentful Studio, and the Contentful Ecosystem combine the flexibility of composable content with the intelligence of AI, empowering digital teams to drive business momentum through collaboration, speed, and scale. Contentful powers innovative content experiences across brands, regions, and channels for organizations around the world, including nearly 30% of the Fortune 500. Nearly 800 people from more than 70 nations contribute their energy and creativity to Contentful, working from hubs in Berlin, Denver and distributed around the world.n

n

nWe are seeking a committed and driven GRC Lead to support and enhance our GRC program through structured processes and continuous improvement. In this role, you will play a key part in maintaining compliance frameworks within Vanta, managing the risk register, and assisting with compliance monitoring efforts. You will work closely with stakeholders across the business to assess risks, conduct gap analyses, and support audit readiness activities. As an experienced internal auditor, you will bring hands-on ISO 27001 and SOC 2 expertise.n

n

nCandidates should be detail-oriented, proactive, and eager to develop within a fast-paced and evolving security environment. You will be a member of the Security Department, reporting to the Business Resilience and GRC Director, and collaborate across business functions to ensure compliance requirements are met. You will work both independently and as part of a team, contributing to the maturity of Contentful’s GRC practices.nn

n

What to expect?n

Compliance Alignment:n

  • nSupport the identification, assessment, and remediation of compliance gaps across multiple frameworks.nn

n

  • nAssist in mapping controls across frameworks to streamline compliance efforts.nn

n

  • nTranslate controls into actionable steps and provide implementation guidance to stakeholders.nn

n

  • nSupport the ongoing maintenance and improvement of GRC software (Vanta), including control testing.nn

n

  • nMonitor compliance tasks in Vanta, track progress, and ensure timely completion of assigned actions.nn

n

GRC Maturity and Continuous improvement:n

  • nSupport the use of compliance and industry frameworks to enhance GRC maturity at Contentful.nn

n

  • nAssist in identifying systemic issues, analyzing root causes, and recommending improvements.nn

n

  • nTrack regulatory changes and support updates to maintain compliance.nn

n

  • nMaintain policies and procedures, recommending updates to align with best practices.nn

n

  • nContribute to team initiatives and strategies to strengthen GRC programs.nn

n

Internal and External Audits:n

  • nSupport audit preparation and execution to facilitate successful outcomes.nn

n

  • nConduct internal audits and gap assessments to evaluate compliance with established frameworks.nn

n

  • nIdentify areas of non-compliance, assess control effectiveness, and recommend improvements.nn

n

Risk Management:n

  • nSupport functional teams in applying the risk management policy and embedding compliance.nn

n

  • nAssist in defining responsibilities and ensuring consistent risk mitigation efforts across Contentful.nn

n

  • nMaintain the risk register, track risk mitigation activities, and collaborate with stakeholders.nn

n

  • nConduct risk assessments and gap analyses to identify areas for improvement.nn

n

GRC Committee:n

  • nSupport GRC committees by coordinating meetings, preparing materials, and documenting actions.nn

n

  • nAssist in tracking outcomes and following up on action items to ensure progress.nn

n

GRC Initiatives:n

  • nAssist in preparing compliance reports, tracking key metrics, and providing cross-functional updates.nn

n

  • nAddress compliance queries and support internal escalations as needed.nn

n

  • nSupport stakeholders with compliance inquiries, including contributing to RFP responses.nn

n

  • nParticipate in customer engagements to provide security and compliance information.nn

n

  • nMaintain internal and external GRC resources, such as the Trust Center, datasheets, and whitepapers.nn

n

  • nProvide training to drive education on security compliance requirements and best practices.nn

n

  • nContribute to the growth and scalability of GRC practices by supporting team initiatives.nn

n

What you need to be successful?n

  • n4+ years of Governance, Risk, and Compliance experience.nn

n

  • n3+ years focused on implementing and maintaining ISO 27001 and SOC 2 frameworks.nn

n

  • nAbility to understand and manage multiple compliance frameworks and customer requirements.nn

n

  • nExperience conducting internal audits, risk assessments, and gap analyses with moderate oversight.nn

n

  • nFamiliarity with maintaining ISO 27001 and SOC 2 programs, including supporting external audits.nn

n

  • nISO 27001 Lead Implementer, Internal Auditor, or similar certifications (e.g., SOC 2, NIST) preferred.nn

n

  • nExposure to frameworks like PCI DSS, CIS, COBIT, GDPR, NIST (CSF, 800-171, 800-53) is a plus.nn

n

  • nExperience working in a technical or development-focused environment.nn

n

  • nExperience supporting the management and execution of projects.nn

n

  • nAbility to translate requirements and communicate effectively with technical resources.nn

n

  • nStrong written and verbal communication skills.nn

n

  • nAbility to collaborate effectively across different business units and locations.nn

n

  • nProven track record of building and nurturing relationships with stakeholders.nn

n

  • nDetail-oriented, with a commitment to maintaining quality and compliance.nn

n

  • nAbility to work independently while being an effective team player.nn

n

  • nAbility to work in a fast-paced environment, managing multiple tasks simultaneously.nn

n

  • nJoin an ambitious tech company reshaping the way people build digital experiencesnn

n

  • nFull-time employees receive Stock Options for the opportunity to share in the success of our companynn

n

  • nComprehensive healthcare package covering 100% of monthly health premiums for employees and 85% of costs for your dependents.nn

n

  • nFertility and family building benefits, including a lifetime reimbursable wallet to support your growing family.nn

n

  • nWe value Work-Life balanceand! You TimeA generous amount of paid time off, including vacation days, sick days, compassion days for loss, education days, and volunteer daysn

n

  • Company paid parental leaven
  • nUse your personal annual education budget to improve your skills and grow in your careernn

n

  • nEnjoy a full range of virtual and in-person events, including workshops, guest speakers, and fun team activities, supporting learning and networking exchange beyond the usual work dutiesnn

n

  • nAn annual wellbeing stipend to care for your physical, financial, or emotional healthnn

n

  • nA monthly communication stipend and phone hardware upgrade reimbursement.nn

n

  • nNew hire office equipment stipend for hybrid or distributed employees. Get the gear you need to work at your best.nn

n

This role will need to be conducted in a state in which we are currently registered to do business.n

The application deadline is 5/10/25n

nColorado Salary Statement: The salary range displayed is specifically for those potential hires who will work or reside in the state of Colorado if selected for the role. Any offered salary is determined based on internal equity, internal salary ranges, market data/ranges, applicant’s skills and prior relevant experience, certain degrees and certifications (e.g. JD/technology), for example.nn

n

Colorado Salary Range: $106,000 – $115,000 [This position is eligible for equity awards in accordance with the terms of Contentful’s equity plans.]
n

n #LI-JE1 #LI-Hybridn

n

Everyone is welcome here!n

n is a celebrated component of our culture. At Contentful, we strive to create an inclusive environment that empowers our employees. We believe that our products and services benefit from our diverse backgrounds and experiences and are proud to be an equal opportunity employer. All qualified applications will receive consideration for employment without regard to race, color, national origin, religion, sexual orientation, gender, gender identity, age, physical [dis]ability, or length of time spent unemployed.