GRC Lead

At Contentful, we prioritize the security and privacy of our services, and our Governance, Risk, and Compliance (GRC) team plays a critical role in supporting company-wide initiatives and upholding high standards of quality to ensure continuous compliance and exposure reduction. We believe that Security and GRC are anchored in principles of repeatability, scalability, and practicality.

We are seeking a highly motivated and experienced GRC Lead to enhance our GRC program through continuous improvement. As a key member of our Security Department, you will be responsible for maintaining a risk register, reviewing submissions, collaborating with stakeholders, and tracking mitigation efforts. You will also conduct risk assessments, gap analyses, and control reviews to identify deficiencies and improvements, and monitor GRC software to ensure timely and accurate completion of activities.

• Maintain a risk register, review submissions, collaborate with stakeholders, and track mitigation efforts.
• Conduct risk assessments, gap analyses, and control reviews to identify deficiencies and improvements.
• Monitor GRC software, assign actions, and ensure timely and accurate completion of activities.
• Support customers by addressing compliance inquiries and Requests for Proposal topics.
• Cultivate internal and external trust resources (e.g., Trust Center, whitepapers, datasheets).
• Provide support and guidance for internal and external audits.
• Generate and provide regular cross-functional and executive compliance reports and metrics.
• Maintain and propose edits to policies and procedures to ensure effectiveness and compliance.
• Maintain compliance across multiple frameworks and customer requirements.
• Develop and maintain Security and GRC maturity models using compliance and industry frameworks.
• Map controls across different frameworks to identify commonalities and gaps.
• Maintain mapping to facilitate consolidation and consistency of activities across multiple obligations.
• Drive continuous improvement across all aspects of GRC throughout the organization.
• Identify systemic issues and collaborate on approaches to address root causes.
• Proactively monitor regulatory and statutory changes in GRC and drive necessary changes.
• Provide training to drive education on security compliance requirements and best practices.
• Maintain the security and compliance awareness program and reporting.
• Play an active role in scaling GRC practices by contributing to team roadmaps.

• 5+ years of Governance, Risk, and Compliance experience.
• 3+ years focused on implementing and maintaining ISO 27001 and SOC 2 frameworks.
• Ability to navigate complexities of multiple frameworks and customer requirements.
• Conducted internal audits, risk assessment, and gap analysis with limited oversight.
• Maintained and participated in ISO 27001 and SOC 2 programs, including external audits.
• Preferred ISO 27001 credentials (e.g., ISO Lead Auditor or Lead Implementer).
• Exposure to PCI DSS, CIS, COBIT, GRPR, NIST (CSF,,
• Proven expertise working in a technical, development-focused environment.
• Direct experience managing and executing complex projects.
• Ability to translate requirements and effectively probe and communicate with technical resources.
• Strong written and verbal communication skills.
• Experience working across business units and geographical boundaries.
• Ability to cultivate relationships with stakeholders.
• Detail-oriented with a passion for maintaining quality.
• Capable of working independently and collaboratively with large teams.
• Ability to thrive in a fast-paced environment, often juggling multiple projects.

• Join a dynamic tech company reshaping the way people build digital experiences.
• Full-time employees receive Stock Options for the opportunity to share in the success of our company.
• Comprehensive healthcare package covering 100% of monthly health premiums for employees and 85% of costs for your dependents.
• Fertility and family building benefits, including a lifetime reimbursable wallet to support your growing family.
• We value Work-Life balance and You TimeA generous amount of paid time off, including vacation days, sick days, compassion days for loss, education days, and volunteer days.
• Company paid parental leaveto care for and focus on your growing family.
• Use your personal annual education budget to improve your skills and grow in your career.
• Enjoy a full range of virtual and in-person events, including workshops, guest speakers, and fun team activities, supporting learning and networking exchange beyond the usual work duties.
• An annual wellbeing stipend to care for your physical, financial, or emotional health.
• A monthly communication stipend and phone hardware upgrade reimbursement.
• New hire office equipment stipend for hybrid or distributed employees. Get the gear you need to work at your best.