Governance, Risk and Compliance Manager (f/m/d)
Contentful, Berlin, Berlin, Germany
Contentful: a developer-friendly, API first CMS
About the Opportunity
Contentful strives to build a secure and safe service and commits considerable effort and resources to security and resilience. Our Security team supports corporate-wide information security management programs and collaborates closely with internal teams.
We are looking for a GRC Manager with experience developing, maturing, and running technology risk and compliance programs. You will report directly to the Business Resilience Director and work cross-functionally with all Contentful business units. You are expected to be passionate about solving difficult problems and finding innovative solutions with a strong emphasis on long-term growth and scalability.
You will be expected to work independently, work as a part of a team, and partner with stakeholders throughout the organization to develop and maintain a risk management framework and build and manage our cybersecurity and resilience compliance strategy.
What to Expect
- Develop and manage Contentful’s technology risk program in support of enterprise methodologies
- Proactively identify, report, and catalog risks in existing and new technology solutions
- Lead efforts triaging, analyzing, classifying, and developing treatment plans with stakeholders
- Track organization-wide technology risk to ensure timely mitigation
- Curate, maintain, and run a program to facilitate responses to customer cybersecurity requests, questionnaires, audits, and RFP responses.
- Define a compliance roadmap in-line with customer expectations, legal requirements, and commensurate with the global cybersecurity threat landscape
- Implement and drive a cohesive cybersecurity controls program across multiple frameworks including ISO27001, NIST CSF, and NIST 800-53.
- Maintain policies, procedures, and standards in line with current and emerging requirements
- Enhance and streamline third-party supplier assessments, ensuring cybersecurity involvement, cataloging and tracking of risks, and monitoring for changes.
- Stay abreast with international laws and regulations to proactively identify gaps
What do you need to be successful?
- At least 5 years experience of risk management — demonstrable practical experience developing scalable and robust risk and compliance programs
- At least 3 years of experience in governance and compliance
- Experience in designing and implementing processes for working with sales teams to answer customer security questions
- Expertise in ISO 27001, SOX, NIST (CSF, 800-171, and 800-53) and SANS Top 20 Controls
- Strong organizational and communication skills to cultivate relationships with stakeholders
- Experience working across business units and geographical boundaries to engage team members
- Proactive with strong ownership, analytical, and problem-solving skills
- Passion for creating, implementing, and maintaining programs
- Capable of working independently and collaboratively with large teams
- Ability to work in a fast-paced environment, often juggling multiple projects
What's in it for you?
- Join an ambitious tech company reshaping the way people build digital experiences
- Full-time employees receive Stock Options for the opportunity to share ownership and the success of our company
- We value Work-Life balance and You Time! A generous amount of paid time off, including vacation days, education days, and volunteer days
- Access to our Employee Assistance Program (EAP) for information, support, discussion, and counseling for life’s challenges
- Use your personal education budget to improve your skills and grow in your career. Join a free German class or one of our many internal learning initiatives!
- Use your physical fitness budget to get away from your desk and support your physical wellness
- Enjoy a full range of virtual events, including workshops, guest speakers, and fun team activities, supporting learning and networking exchange beyond the usual work duties
- A monthly phone/internet stipend and phone upgrade reimbursement after 2 years
- Plus, Contentful socks! And other amazing swag as part of company events. Oh yeah!
To view more career opportunities, visit https://www.contentful.com/careers/
Who are we?
Contentful is the leading content platform that powers digital experiences for over 30% of the Fortune 500 companies and thousands of global brands. Our platform unifies content in a single hub, structures it for use in any digital channel and integrates seamlessly with hundreds of tools through open APIs. It lets developers and content creators work in parallel, increasing team efficiency and happiness. Companies such as Shopify, Staples, Atlassian, Electronic Arts, Chanel, Roche, Vodafone use Contentful to build their mobile and web products, voice-controlled apps and more.
We’re growing rapidly and we have secured over $330 million in funding from top-tier partners such as Tiger Global, Sapphire Ventures, Salesforce Ventures, General Catalyst and Benchmark.
More than 750 people from 70 nations contribute their energy and creativity to Contentful, working from hubs in Berlin, San Francisco, Denver and distributed around the world.
Everyone is welcome here!
“Everyone is welcome here” is a celebrated component of our culture. At Contentful, we strive to create an inclusive environment that empowers our employees. We believe that our products and services benefit from our diverse backgrounds and experiences and are proud to be an equal opportunity employer. All qualified applications will receive consideration for employment without regard to race, color, national origin, religion, sexual orientation, gender, gender identity, age, physical [dis]ability, or length of time spent unemployed. We invite you to apply and join us!
If you need reasonable accommodations at any point during the application or interview process, please let your recruiting coordinator know.
Please be aware of scammers who may fraudulently allege to be from Contentful. These types of fraud can be carried out through copycat websites, fake email addresses claiming to be from our company, or social media. We do not ask for your personal information such as bank account numbers, identification numbers, etc through social media or chat-based apps, nor do we request or send money for the purchase of business equipment. If you suspect fraud, please report it to your local authorities, as well as reaching out to us at [email protected] with any information you may have.
By clicking “Apply for this job,” I acknowledge that I have read the “Contentful’s Candidate Privacy Notice”, and hereby consent to the collection, processing, use, and storage of my personal information as described therein.
Contentful (https://www.contentful.com) is a content management developer platform that enables web and mobile developers to manage, integrate, and deliver digital content to any kind of device or service that can connect to an API - be it smart cars, VR, mobile, web, digital signage, or any new platform. We solve the complexities of content management for tens of thousands web and mobile developers, some independent and many working at enterprise customers that include Jack-in-the-box, Petsmart, Specialized, Fidelity Investments, and Urban Outfitters.
Want to learn more about Contentful? Visit Contentful's website.
Slack's cloud-based collaboration tools and services are used worldwide.