GRC Lead - Remote

Overview

At Contentful, we prioritize the security and privacy of our services. Our Governance, Risk, and Compliance (GRC) team supports company-wide initiatives, upholding high standards of quality to ensure continuous compliance and reduce exposure. We believe that Security and GRC are anchored in principles of repeatability, scalability, and practicality.

We are seeking a committed and driven GRC Lead to support and enhance our GRC program through structured processes and continuous improvement. In this role, you will play a key part in maintaining compliance frameworks within Vanta, managing the risk register, and assisting with compliance monitoring efforts. You will work closely with stakeholders across the business to assess risks, conduct gap analyses, and support audit readiness activities. As an experienced internal auditor, you will bring hands-on ISO 27001 and SOC 2 expertise.

Candidates should be detail-oriented, proactive, and eager to develop within a fast-paced and evolving security environment. You will be a member of the Security Department, reporting to the Business Resilience and GRC Director, and collaborate across business functions to ensure compliance requirements are met. You will work both independently and as part of a team, contributing to the maturity of Contentful’s GRC practices.

In Short

• Support the identification, assessment, and remediation of compliance gaps across multiple frameworks.
• Assist in mapping controls across frameworks to streamline compliance efforts.
• Translate controls into actionable steps and provide implementation guidance to stakeholders.
• Support the ongoing maintenance and improvement of GRC software (Vanta), including control testing.
• Monitor compliance tasks in Vanta, track progress, and ensure timely completion of assigned actions.
• Support the use of compliance and industry frameworks to enhance GRC maturity at Contentful.
• Conduct internal audits and gap assessments to evaluate compliance with established frameworks.
• Support functional teams in applying the risk management policy and embedding compliance.
• Assist in preparing compliance reports, tracking key metrics, and providing cross-functional updates.
• Provide training to drive education on security compliance requirements and best practices.

Requirements

• 4+ years of Governance, Risk, and Compliance experience.
• 3+ years focused on implementing and maintaining ISO 27001 and SOC 2 frameworks.
• Ability to understand and manage multiple compliance frameworks and customer requirements.
• Experience conducting internal audits, risk assessments, and gap analyses with moderate oversight.
• Familiarity with maintaining ISO 27001 and SOC 2 programs, including supporting external audits.
• ISO 27001 Lead Implementer, Internal Auditor, or similar certifications (e.g., SOC 2, NIST) preferred.
• Exposure to frameworks like PCI DSS, CIS, COBIT, GDPR, NIST (CSF, 800-171, 800-53) is a plus.
• Experience working in a technical or development-focused environment.
• Strong written and verbal communication skills.
• Ability to collaborate effectively across different business units and locations.

Benefits

• Join an ambitious tech company reshaping the way people build digital experiences.
• Full-time employees receive Stock Options for the opportunity to share in the success of our company.
• Fertility and family building benefits, including a lifetime reimbursable wallet to support your growing family.
• A generous amount of paid time off, including vacation days, sick days, education days, compassion days for loss, and volunteer days.
• Use your personal annual education budget to improve your skills and grow in your career.
• An annual wellbeing stipend to care for your physical, financial, or emotional health.
• A monthly communication phone/internet stipend and phone hardware upgrade reimbursement.
• New hire office equipment stipend for hybrid or distributed employees.