Governance, Risk and Compliance Analyst

Bloomreach is the world’s #1 Commerce Experience Cloud, empowering brands to deliver customer journeys so personalized, they feel like magic. It offers a suite of products that drive true personalization and digital commerce growth, including:

• Discovery, offering AI-driven search and merchandising
• Content, offering a headless CMS
• Engagement, offering a leading CDP and marketing automation solutions

Together, these solutions combine the power of unified customer and product data with the speed and scale of AI-optimization, enabling revenue-driving digital commerce experiences that convert on any channel and every journey. Bloomreach serves over 850 global brands including Albertsons, Bosch, Puma, FC Bayern München, and Marks & Spencer. Bloomreach recently raised $175 million in a Series F funding round, bringing its total valuation to $2.2 billion. The investment was led by Goldman Sachs Asset Management with participation from Bain Capital Ventures and Sixth Street Growth. For more information, visit Bloomreach.com.

Become a Governance, Risk, and Compliance Analyst for Bloomreach!. The work you do will impact many customers in dozens of different verticals in the e-commerce space. Your work will impact hundreds of millions of customers in the online space. You will be working in one of our Central European offices (Slovakia, Czech republic) or from home (based in EU) on a full-time basis and you´ll become a core part of the Governance, Risk, and Compliance (GRC) Team. The starting salary for Slovakia is € 2 500 monthly along with stock options and other benefits.

Your job will be to:

• You will work collaboratively with GRC team members and stakeholders in internal information security and risk assessments to support the Bloomreach internal control environment against SOC 2, ISO, and other related information systems security and control frameworks, including control testing and documentation of findings 
• Work collaboratively with GRC team members and stakeholders for external auditors and internal stakeholders to manage projects security reviews, risk and compliance, and other assessments
• Manage and support GRC compliance tools including the department’s project management tools.  
• Own Bloomreach’s policy management program, including defining the process by which policies are created and reviewed
• Maintain Bloomreach’s policy register, and work with teams across the organization to ensure policies exist to address regulatory and operational requirements
• Be responsible for the company wide information security related initiatives, such as annual policy acknowledgment,  annual security training, and phishing campaigns
• Work with teams across the organization to ensure that externally facing documentation regarding information security is periodically reviewed and updated
• Assist in compiling metrics and reports for status reporting on priority GRC initiatives
• Conduct periodic presentations on emerging information security topics to raise company awareness on security trends and best practices.
• Assist the Head of GRC in the coordination and management of the Bloomreach Information Security Council documentation and meetings. 
• Build relationships across business functions, locations, and technical stakeholders to accomplish goals 

Your success story will be:

• In 30 days, you will learn about the Bloomreach organization, the GIST department, and the expectations of your new role, including supporting the tools and technologies used by the department
• In 90 days, you will be assisting the team in controls identification, testing and risk management 
• In 180 days, you will support the team in periodic awareness program launches, phishing exercises, and training for the company
• In 210 days, you assume the responsibility of managing individual projects and development activities

You have the following experience and qualities:

Professional experience

• 1-5 years experience in an IT Security, Compliance, risk or IT audit, role is preferred
• Experience with company wide information security initiatives, including information security policy development and compliance, security awareness program development and training, and phishing campaigns, strongly preferred.
• Excellent communication skills and ability to triage and manage multiple projects simultaneously
• Professional certification (CISA/CIA/CISSP) preferred
• Familiarity with cloud technologies (e.g., GCP and AWS) preferred

Personal qualities

• Ability to work in a fast-pace environment
• Ability to manage multiple projects
• Dilligent and Organized
• Technologically competent
• Excellent communication skills

Excited? Join us and transform the future of commerce experiences.

#LI-AC1

More things you'll like about Bloomreach:

Culture:

• A great deal of freedom and trust. At Bloomreach we don’t clock in and out, and we have neither corporate rules nor long approval processes. This freedom goes hand in hand with responsibility. We are interested in results from day one. 

• We have defined our 5 values and the 10 underlying key behaviors that we strongly believe in. We can only succeed if everyone lives these behaviors day to day. We've embedded them in our processes like recruitment, onboarding, feedback, personal development, performance review and internal communication. 

• We believe in flexible working hours to accommodate your working style.

• We work remote-first with several Bloomreach Hubs available across three continents.

• We organize company events to experience the global spirit of the company and get excited about what's ahead.

• We encourage and support our employees to engage in volunteering activities - every Bloomreacher can take 5 paid days off to volunteer*.

• The Bloomreach Glassdoor page elaborates on our stellar 4.6/5 rating. The Bloomreach Comparably page Culture score is even higher at 4.9/5

Personal Development:

• We have a People Development Program -- participating in personal development workshops on various topics run by experts from inside the company. We are continuously developing & updating competency maps for select functions.

• Our resident communication coach Ivo Večeřa is available to help navigate work-related communications & decision-making challenges.*

• Our managers are strongly encouraged to participate in the Leader Development Program to develop in the areas we consider essential for any leader. The program includes regular comprehensive feedback, consultations with a coach and follow-up check-ins.

• Bloomreachers utilize the $1,500 professional education budget on an annual basis to purchase education products (books, courses, certifications, etc.)*

Well-being:

• The Employee Assistance Program -- with counselors -- is available for non-work-related challenges.*

• Subscription to Calm - sleep and meditation app.*

• We organize ‘DisConnect’ days where Bloomreachers globally enjoy one additional day off each quarter, allowing us to unwind together and focus on activities away from the screen with our loved ones.

• We facilitate sports, yoga, and meditation opportunities for each other.

Compensation:

• Stock options are granted depending on a team member’s role, seniority, and location.*

• Everyone gets to participate in the company's success through the company performance bonus.*

• We offer an employee referral bonus of up to $3,000 paid out immediately after the new hire starts.

• We celebrate work anniversaries -- Bloomversaries!*

*Subject to employment type. Interns are exempt from marked benefits for the first 6 months.

If this position doesn't suit you, but you know someone who might be a great fit, share it - we will be very grateful!

Any unsolicited resumes/candidate profiles submitted through our website or to personal email accounts of employees of Bloomreach are considered property of Bloomreach and are not subject to payment of agency fees.

 #LI-Remote