About the opportunity

Join our Security team at Contentful as a GRC Manager, leading compliance and risk management efforts. Reporting to the Business Resilience and GRC Director, collaborate with cross-functional teams to ensure our security and resilience programs meet industry standards and regulatory requirements. We seek a dedicated GRC Manager with proven experience to develop and drive technology risk and compliance programs. If you're passionate about compliance and understand quality practices, this is the opportunity for you.

• Implement and continuously improve security and resilience compliance management systems.
• Collaborate with cross-functional stakeholders to ensure effective security controls implementation.
• Monitor the regulatory landscape and provide recommended actions for compliance.
• Support GRC roadmaps aligned with customer expectations and regulatory requirements.
• Facilitate audit programs and manage audit processes.
• Coordinate and report on remediation activities for compliance maintenance.
• Develop and manage security risk programs.
• Provide training and awareness to drive education on security compliance best practices.
• Support Business Resilience and Incident Management procedures.

What to expect?

• Provide expert implementation guidance to maintain and continuously improve the GRC program.
• Accountability for maintaining and improving ISO 27000 (Information Security), PCI DSS and TISAX.
• Assist in aligning with new standards like SOC 2 to meet strategic and customer expectations.
• Collaborate with business functions to ensure policy and procedural reviews align with requirements.
• Provide security and compliance expertise, guidance and industry insights.
• Develop and manage Contentful’s security risk program in support of enterprise methodologies.
• Track and report on organization-wide security risks to ensure timely mitigation.
• Strengthen supplier risk management with industry-aligned standards.
• Manage audit programs, including readiness assessments, internal and external audit coordination.
• Prioritize and coordinate remediation activities and ensure audit recommendations are addressed.
• Support the maintenance of policies and documented procedures to align with requirements.
• Produce routine management reports detailing compliance progress, maturity assessments, and risks.
• Enhance and maintain sales support and customer engagement for security and resilience requests.
• Provide support and deputized cover for ongoing development of the Business Resilience requirements.

What you need to be successful?

• Minimum 5 years of GRC experience, with 2 years in compliance and risk management.
• Hands-on experience in a technical environment.
• Expertise in ISO 27001 and SOC 2.
• Exposure to ISO 22301, PCI DSS, TISAX, CIS, COBIT, GRPR, and NIST.
• Experience in developing scalable risk and compliance programs.
• Strong organizational and communication skills.
• Detail-oriented with a passion for maintaining quality.
• Ability to work independently and collaboratively in a fast-paced environment.

What's in it for you?

• Join an ambitious tech company reshaping the way people build digital experiences
• Full-time employees receive Stock Options for the opportunity to share ownership and the success of our company
• We value Work-Life balance and You Time! A generous amount of paid time off, including vacation days, education days, and volunteer days
• Access to our Employee Assistance Program (EAP) for information, support, discussion, and counseling for life’s challenges
• Use your personal education budget to improve your skills and grow in your career.
• Use your physical fitness budget to get away from your desk and support your physical wellness
• Enjoy a full range of virtual and in-person events, including workshops, guest speakers, and fun team activities, supporting learning and networking exchange beyond the usual work duties
• A monthly phone/internet stipend and phone upgrade reimbursement after 2 years
• New hire office equipment stipend. Get the gear you need to work at your best

#LI-Remote