Governance, Risk, and Compliance Engineer

Summary

Join Bloomreach as a Security & Compliance Analyst and become an essential member of our Governance, Risk, and Compliance team. You will play a crucial role in building and solidifying customer trust by implementing and assessing controls aligned with industry standards like SOC 2 and ISO 27001. Based in a Central European office or remotely within Central EU, you will perform internal assessments, act as a liaison with external auditors, collaborate on remediation efforts, and assist with various security-related tasks. This role offers a competitive salary starting at 2500 EUR gross monthly (Slovakia) with potential for increases based on performance. Bloomreach provides a flexible and supportive work environment with various benefits.

Requirements

• 1-3 years experience in an IT audit, compliance, or risk management role
• Must have experience with executing, documenting, and reporting controls testing in line with industry frameworks (AICPA SOC2 type2 / ISO9001:2015 / ISO27001:2022 / ISO27017:2015 / ISO27018:2015 / ISO22301:2019 / Sarbanes-Oxley experience is an advantage)
• Ability to communicate control requirements and “the why” behind compliance initiatives to stakeholders
• English fluency

Responsibilities

• Perform internal assessments to assess the Bloomreach control environment against SOC 2 and ISO frameworks, including control testing and documentation of findings
• Act as a liaison between external auditors and internal stakeholders and lead external SOC 2 and ISO assessments
• Work collaboratively with GRC team members and stakeholders across the organization to remediate gaps, including advising on control design and operating effectiveness testing to ensure remediation
• Assist in compiling metrics and reports for status reporting on priority GRC initiatives
• Assist teams across the organization (Sales, Customer Success, etc.) with ad hoc requests related to security questionnaires
• Support risk management and assessment activities

Preferred Qualifications

• Professional certification (CISA/CIA/CISSP)
• Experience working in a fast paced growing company
• Familiarity with cloud technologies (GCP, AWS)
• Knowledge of Drata GRC tool
• Additional language

Benefits

• Flexible working hours
• Virtual-first with several Bloomreach Hubs available across three continents
• Company events
• 5 paid days off to volunteer
• People Development Program -- participating in personal development workshops on various topics run by experts from inside the company
• Our resident communication coach Ivo Večeřa is available to help navigate work-related communications & decision-making challenges
• Our managers are strongly encouraged to participate in the Leader Development Program to develop in the areas we consider essential for any leader. The program includes regular comprehensive feedback, consultations with a coach and follow-up check-ins
• Bloomreachers utilize the $1,500 professional education budget on an annual basis to purchase education products (books, courses, certifications, etc.)
• The Employee Assistance Program -- with counselors -- is available for non-work-related challenges
• Subscription to Calm - sleep and meditation app
• ���DisConnect’ days where Bloomreachers globally enjoy one additional day off each quarter, allowing us to unwind together and focus on activities away from the screen with our loved ones
• We facilitate sports, yoga, and meditation opportunities for each other
• Extended parental leave up to 26 calendar weeks for Primary Caregivers
• Restricted Stock Units or Stock Options are granted depending on a team member’s role, seniority, and location
• Everyone gets to participate in the company's success through the company performance bonus
• We offer an employee referral bonus of up to $3,000 paid out immediately after the new hire starts
• We reward & celebrate work anniversaries -- Bloomversaries!