GRC Lead

Summary

Join Contentful's Governance, Risk, and Compliance (GRC) team as a GRC Lead. You will support and enhance the GRC program through structured processes and continuous improvement, maintaining compliance frameworks within Vanta and managing the risk register. Responsibilities include compliance alignment, GRC maturity improvements, supporting internal and external audits, risk management, and GRC committee support. You will work with stakeholders across the business to assess risks, conduct gap analyses, and support audit readiness activities. The ideal candidate possesses 4+ years of GRC experience, 3+ years with ISO 27001 and SOC 2 frameworks, and relevant certifications. Contentful offers competitive benefits, including stock options, family building benefits, generous paid time off, education budget, wellbeing stipend, and more.

Requirements

• 4+ years of Governance, Risk, and Compliance experience
• 3+ years focused on implementing and maintaining ISO 27001 and SOC 2 frameworks
• Ability to understand and manage multiple compliance frameworks and customer requirements
• Experience conducting internal audits, risk assessments, and gap analyses with moderate oversight
• Familiarity with maintaining ISO 27001 and SOC 2 programs, including supporting external audits
• Strong written and verbal communication skills
• Ability to collaborate effectively across different business units and locations
• Proven track record of building and nurturing relationships with stakeholders
• Detail-oriented, with a commitment to maintaining quality and compliance
• Ability to work independently while being an effective team player
• Ability to work in a fast-paced environment, managing multiple tasks simultaneously

Responsibilities

• Support the identification, assessment, and remediation of compliance gaps across multiple frameworks
• Assist in mapping controls across frameworks to streamline compliance efforts
• Translate controls into actionable steps and provide implementation guidance to stakeholders
• Support the ongoing maintenance and improvement of GRC software (Vanta), including control testing
• Monitor compliance tasks in Vanta, track progress, and ensure timely completion of assigned actions
• Support the use of compliance and industry frameworks to enhance GRC maturity at Contentful
• Assist in identifying systemic issues, analyzing root causes, and recommending improvements
• Track regulatory changes and support updates to maintain compliance
• Maintain policies and procedures, recommending updates to align with best practices
• Contribute to team initiatives and strategies to strengthen GRC programs
• Support audit preparation and execution to facilitate successful outcomes
• Conduct internal audits and gap assessments to evaluate compliance with established frameworks
• Identify areas of non-compliance, assess control effectiveness, and recommend improvements
• Support functional teams in applying the risk management policy and embedding compliance
• Assist in defining responsibilities and ensuring consistent risk mitigation efforts across Contentful
• Maintain the risk register, track risk mitigation activities, and collaborate with stakeholders
• Conduct risk assessments and gap analyses to identify areas for improvement
• Support GRC committees by coordinating meetings, preparing materials, and documenting actions
• Assist in tracking outcomes and following up on action items to ensure progress
• Assist in preparing compliance reports, tracking key metrics, and providing cross-functional updates
• Address compliance queries and support internal escalations as needed
• Support stakeholders with compliance inquiries, including contributing to RFP responses
• Participate in customer engagements to provide security and compliance information
• Maintain internal and external GRC resources, such as the Trust Center, datasheets, and whitepapers
• Provide training to drive education on security compliance requirements and best practices
• Contribute to the growth and scalability of GRC practices by supporting team initiatives

Preferred Qualifications

• ISO 27001 Lead Implementer, Internal Auditor, or similar certifications (e.g., SOC 2, NIST) preferred
• Exposure to frameworks like PCI DSS, CIS, COBIT, GDPR, NIST (CSF, 800-171, 800-53) is a plus
• Experience working in a technical or development-focused environment
• Experience supporting the management and execution of projects
• Ability to translate requirements and communicate effectively with technical resources

Benefits

• Full-time employees receive Stock Options for the opportunity to share in the success of our company
• Fertility and family building benefits, including a lifetime reimbursable wallet to support your growing family
• A generous amount of paid time off, including vacation days, sick days,  education days, compassion days for loss, and volunteer days
• Time off to care for and focus on your growing family
• Use your personal annual education budget to improve your skills and grow in your career
• Enjoy a full range of virtual and in-person events, including workshops, guest speakers, and fun team activities, supporting learning and networking exchange beyond the usual work duties
• An annual wellbeing stipend to care for your physical, financial, or emotional health
• A monthly communication phone/internet stipend and phone hardware upgrade reimbursement
• New hire office equipment stipend for hybrid or distributed employees. Get the gear you need to work at your best