Security & Compliance Analyst

Bloomreach is the world’s #1 Commerce Experience Cloud, empowering brands to deliver customer journeys so personalized, they feel like magic. It offers a suite of products that drive true personalization and digital commerce growth, including:

• Discovery, offering AI-driven search and merchandising
• Content, offering a headless CMS
• Engagement, offering a leading CDP and marketing automation solutions

Together, these solutions combine the power of unified customer and product data with the speed and scale of AI-optimization, enabling revenue-driving digital commerce experiences that convert on any channel and every journey. Bloomreach serves over 850 global brands including Albertsons, Bosch, Puma, FC Bayern München, and Marks & Spencer. Bloomreach recently raised $175 million in a Series F funding round, bringing its total valuation to $2.2 billion. The investment was led by Goldman Sachs Asset Management with participation from Bain Capital Ventures and Sixth Street Growth. For more information, visit Bloomreach.com.

Become a Security & Compliance Analyst for Bloomreach! You will be an essential member of our Governance, Risk, and Compliance team, helping the organization build and solidify the trust of our customers (both current and future!) by implementing and assessing controls in line with industry standard frameworks (SOC 2/ISO 27001). Our company provides the best digital experience for the top international e-commerce companies. Your work will impact hundreds of millions of consumers in the online space. You will work in one of our European offices or from home (based in EU) on a full-time basis, and be part of the GIST (Global Information Security & Technology) group. The salary starts at 3 500 EUR Gross monthly (Slovakia).

Your job will be to:

• Perform internal assessments to assess the Bloomreach control environment against SOC 2 and ISO 27001 frameworks, including control testing and documentation of findings.
• Act as a liaison between external auditors and internal stakeholders and lead external SOC 2 and ISO 27001 assessments
• Work collaboratively with GRC team members and stakeholders across the organization to remediate gaps, including advising on control design and operating effectiveness testing to ensure remediation.
• Assist in compiling metrics and reports for status reporting on priority GRC initiatives.
• Assist teams across the organization (Sales, Customer Success, etc.) with ad hoc requests related to security questionnaires.

What we expect of the candidate:

• 3+ years of experience in an IT audit, compliance, or risk management role
• Must have experience with executing, documenting, and reporting controls testing in line with industry frameworks (SOC 1, SOC 2, ISO 27001, Sarbanes-Oxley) 
• Ability to communicate control requirements and “the why” behind compliance initiatives to stakeholders 
• Experience performing control readiness assessments strongly preferred
• Professional certification (CISA/CIA/CISSP) preferred but not required
• Experience working in a fast paced growing company a plus
• Familiarity with cloud technologies (GCP, AWS) preferred   

#LI-AC1

Excited? Join us and transform the future of commerce experiences.

More things you'll like about Bloomreach:

Culture:

• A great deal of freedom and trust. At Bloomreach we don’t clock in and out, and we have neither corporate rules nor long approval processes. This freedom goes hand in hand with responsibility. We are interested in results from day one. 

• We have defined our 5 values and the 10 underlying key behaviors that we strongly believe in. We can only succeed if everyone lives these behaviors day to day. We've embedded them in our processes like recruitment, onboarding, feedback, personal development, performance review and internal communication. 

• We believe in flexible working hours to accommodate your working style.

• We work remote-first with several Bloomreach Hubs available across three continents.

• We organize company to experience the global spirit of the company and get excited about what's ahead.

• We encourage and support our employees to engage in volunteering activities - every Bloomreacher can take 5 paid days off to volunteer*.

• The Bloomreach Glassdoor page elaborates on our stellar 4.6/5 rating. The Bloomreach Comparably page Culture score is even higher at 4.9/5

Personal Development:

• We have a People Development Program -- participating in personal development workshops on various topics run by experts from inside the company. We are continuously developing & updating competency maps for select functions.

• Our resident communication coach Ivo Večeřa is available to help navigate work-related communications & decision-making challenges.*

• Our managers are strongly encouraged to participate in the Leader Development Program to develop in the areas we consider essential for any leader. The program includes regular comprehensive feedback, consultations with a coach and follow-up check-ins.

• Bloomreachers utilize the $1,500 professional education budget on an annual basis to purchase education products (books, courses, certifications, etc.)*

Well-being:

• The Employee Assistance Program -- with counselors -- is available for non-work-related challenges.*

• Subscription to Calm - sleep and meditation app.*

• We organize ‘DisConnect’ days where Bloomreachers globally enjoy one additional day off each quarter, allowing us to unwind together and focus on activities away from the screen with our loved ones.

• We facilitate sports, yoga, and meditation opportunities for each other.

Compensation:

• Stock options are granted depending on a team member’s role, seniority, and location.*

• Everyone gets to participate in the company's success through the company performance bonus.*

• We offer an employee referral bonus of up to $3,000 paid out immediately after the new hire starts.

• We celebrate work anniversaries -- Bloomversaries!*

*Subject to employment type. Interns are exempt from marked benefits for the first 6 months.

If this position doesn't suit you, but you know someone who might be a great fit, share it - we will be very grateful!

Any unsolicited resumes/candidate profiles submitted through our website or to personal email accounts of employees of Bloomreach are considered property of Bloomreach and are not subject to payment of agency fees.

 #LI-Remote