Governance, Risk, and Compliance Engineer

Summary

Join Bloomreach as a Security & Compliance Analyst (GRC Engineer) and play a vital role in building and solidifying customer trust. You will implement and assess controls aligned with industry standards (SOC 2, ISO 27001), impacting millions of online consumers. Based in a Central European office or remotely (Czechia/Slovakia), you'll be part of the Global Information Security & Technology (GIST) group. The role involves performing internal assessments, acting as a liaison with external auditors, collaborating on remediation efforts, and assisting with security questionnaires. Bloomreach offers a competitive salary (2000-3000 EUR gross monthly, Slovakia only), potential for significant increases, and a flexible work environment.

Requirements

• 1-3 years experience in an IT audit, compliance, or risk management role
• Must have experience with executing, documenting, and reporting controls testing in line with industry frameworks
• Ability to communicate control requirements and “the why” behind compliance initiatives to stakeholders
• Support risk management and assessment activities
• English fluency, additional language is a plus

Responsibilities

• Perform internal assessments to assess the Bloomreach control environment against SOC 2 and ISO frameworks, including control testing and documentation of findings
• Act as a liaison between external auditors and internal stakeholders and lead external SOC 2 and ISO assessments
• Work collaboratively with GRC team members and stakeholders across the organization to remediate gaps, including advising on control design and operating effectiveness testing to ensure remediation
• Assist in compiling metrics and reports for status reporting on priority GRC initiatives
• Assist teams across the organization (Sales, Customer Success, etc.) with ad hoc requests related to security questionnaires

Preferred Qualifications

• AICPA SOC2 type2 / ISO9001:2015 / ISO27001:2022 / ISO27017:2015 / ISO27018:2015 / ISO22301:2019 / Sarbanes-Oxley experience is an advantage
• Professional certification (CISA/CIA/CISSP) preferred but not required
• Experience working in a fast paced growing company a plus
• Familiarity with cloud technologies (GCP, AWS) preferred
• Knowledge of Drata GRC tool is an advantage

Benefits

• A great deal of freedom and trust. At Bloomreach we don’t clock in and out, and we have neither corporate rules nor long approval processes. This freedom goes hand in hand with responsibility. We are interested in results from day one
• We believe in flexible working hours to accommodate your working style
• We work virtual-first with several Bloomreach Hubs available across three continents
• We organize company events to experience the global spirit of the company and get excited about what's ahead
• We encourage and support our employees to engage in volunteering activities - every Bloomreacher can take 5 paid days off to volunteer
• We have a People Development Program -- participating in personal development workshops on various topics run by experts from inside the company. We are continuously developing & updating competency maps for select functions
• Our resident communication coach Ivo Večeřa is available to help navigate work-related communications & decision-making challenges
• Our managers are strongly encouraged to participate in the Leader Development Program to develop in the areas we consider essential for any leader. The program includes regular comprehensive feedback, consultations with a coach and follow-up check-ins
• Bloomreachers utilize the $1,500 professional education budget on an annual basis to purchase education products (books, courses, certifications, etc.)
• The Employee Assistance Program -- with counselors -- is available for non-work-related challenges
• Subscription to Calm - sleep and meditation app
• We organize ‘DisConnect’ days where Bloomreachers globally enjoy one additional day off each quarter, allowing us to unwind together and focus on activities away from the screen with our loved ones
• We facilitate sports, yoga, and meditation opportunities for each other
• Extended parental leave up to 26 calendar weeks for Primary Caregivers
• Restricted Stock Units or Stock Options are granted depending on a team member’s role, seniority, and location
• Everyone gets to participate in the company's success through the company performance bonus
• We offer an employee referral bonus of up to $3,000 paid out immediately after the new hire starts
• We reward & celebrate work anniversaries -- Bloomversaries!