Governance, Risk and Compliance Manager (f/m/d)
About the Opportunity
Contentful strives to build a secure and safe service and commits considerable effort and resources to security and resilience. Our Security team supports corporate-wide Information Security management programs and collaborates closely with internal teams.
We are looking for a GRC Manager with experience developing, maturing, and running technology risk and compliance programs. You will report directly to the Business Resilience Director and work cross-functionally with all Contentful business units. You are expected to be passionate about solving difficult problems and finding innovative solutions with a strong emphasis on long-term growth and scalability.
You will be expected to work independently, work as a part of a team, and partner with stakeholders throughout the organization to develop and maintain a risk management framework and build and manage our cybersecurity and resilience compliance strategy.
What to Expect
- Develop and manage Contentful’s technology risk program in support of enterprise methodologies.
- Proactively identify, report, and catalog risks in existing and new technology solutions.
- Lead efforts triaging, analyzing, classifying, and developing treatment plans with stakeholders.
- Track and report on organization-wide technology risk to ensure timely mitigation.
- Improve and maintain a program to facilitate customer and prospect cybersecurity requests.
- Define roadmaps in-line with customer expectations, legal requirements, and commensurate with the global cybersecurity threat landscape.
- Implement and drive a cohesive cybersecurity controls program across multiple frameworks including
ISO 27001 (Information Security), NIST Cybersecurity Framework, and NIST 800-53 (Security and Privacy Controls.) - Maintain policies, procedures, and standards in line with current and emerging requirements.
- Enhance and streamline third-party supplier assessments, ensuring cybersecurity involvement, cataloging and tracking of risks, and monitoring for changes.
- Stay abreast with international laws and regulations to proactively identify gaps.
What do you need to be successful?
- At least five years of GRC experience (with a minimum of two relating to compliance activities and minimum of two relating to risk management)
- Practical hands on experience working within a technical environment, with direct engagement with information security and technology engineering teams.
- Expertise in ISO 27001, SOX, NIST (CSF, 800-171, and 800-53) and SANS Top 20 Controls.
- Practical experience developing scalable and robust risk and compliance programs.
- Experience collaborating with cross functional teams to develop and track risk mitigation efforts.
- Experience owning Information Security gap analysis against compliance standards.
- Experience of supporting and facilitating audit preparedness activities.
- Experience implementing processes to facilitate customer security inquiries.
- Strong organizational and communication skills to cultivate relationships with stakeholders.
- Experience working across business units and geographical boundaries to engage cross functional teams .
- Proactive with strong ownership, analytical, and problem-solving skills.
- Passion for creating, implementing, and maintaining programs.
- Capable of working independently and collaboratively with large teams.
- Ability to work in a fast-paced environment, often juggling multiple projects.
What's in it for you?
- Join an ambitious tech company reshaping the way people build digital experiences
- Full-time employees receive Stock Options for the opportunity to share ownership and the success of our company
- We value Work-Life balance and You Time! A generous amount of paid time off, including vacation days, education days, and volunteer days
- Access to our Employee Assistance Program (EAP) for information, support, discussion, and counseling for life’s challenges
- Use your personal education budget to improve your skills and grow in your career. Join a free German class or one of our many internal learning initiatives!
- Use your physical fitness budget to get away from your desk and support your physical wellness
- Enjoy a full range of virtual events, including workshops, guest speakers, and fun team activities, supporting learning and networking exchange beyond the usual work duties
- A monthly phone/internet stipend and phone upgrade reimbursement after 2 years
- Plus, Contentful socks! And other amazing swag as part of company events. Oh yeah!
To view more career opportunities, visit https://www.contentful.com/careers/
#LI-MC1
#LI-Remote
Contentful is the leading content platform that powers digital experiences for over 30% of the Fortune 500 companies and thousands of global brands. Our platform unifies content in a single hub, structures it for use in any digital channel and integrates seamlessly with hundreds of tools through open APIs. It lets developers and content creators work in parallel, increasing team efficiency and happiness. Companies such as Shopify, Staples, Atlassian, Electronic Arts, Chanel, Roche, Vodafone use Contentful to build their mobile and web products, voice-controlled apps and more.
We’re growing rapidly and we have secured over $330 million in funding from top-tier partners such as Tiger Global, Sapphire Ventures, Salesforce Ventures, General Catalyst and Benchmark.
More than 750 people from 70 nations contribute their energy and creativity to Contentful, working from hubs in Berlin, San Francisco, Denver and distributed around the world.
Everyone is welcome here!
“Everyone is welcome here” is a celebrated component of our culture. At Contentful, we strive to create an inclusive environment that empowers our employees. We believe that our products and services benefit from our diverse backgrounds and experiences and are proud to be an equal opportunity employer. All qualified applications will receive consideration for employment without regard to race, color, national origin, religion, sexual orientation, gender, gender identity, age, physical [dis]ability, or length of time spent unemployed. We invite you to apply and join us!
If you need reasonable accommodations at any point during the application or interview process, please let your recruiting coordinator know.
Please be aware of scammers who may fraudulently allege to be from Contentful. These types of fraud can be carried out through copycat websites, fake email addresses claiming to be from our company, or social media. We do not ask for your personal information such as bank account numbers, identification numbers, etc through social media or chat-based apps, nor do we request or send money for the purchase of business equipment. If you suspect fraud, please report it to your local authorities, as well as reaching out to us at [email protected] with any information you may have.
By clicking “Apply for this job,” I acknowledge that I have read the “Contentful’s Candidate Privacy Notice”, and hereby consent to the collection, processing, use, and storage of my personal information as described therein.