Bloomreach software enables highly personalized digital experiences for enterprises around the world. Bloomreach Experience (BRX) is the world's first Digital Experience Platform specifically designed for retailers, brands, distributors and manufacturers. It combines a next-gen CMS with AI-powered digital merchandising and super search. BRX stimulates customer engagement and loyalty, even as it boosts conversion and increases revenue. Further, BRX balances machine learning with tools that keep human creativity at the helm of digital experience.
Recognized by leading analyst firms, Bloomreach is a Leader in the Gartner Magic Quadrant for Web Content Management (WCM), a Strong Performer in the Forrester Wave for WCM, and a Visionary in the Gartner Magic Quadrant for DXP.
With a global network of certified partners, Bloomreach serves hundreds of large and medium enterprise customers such as Neiman Marcus, Staples, REI, Mailchimp, FC Bayern München, and the UK’s NHS Digital. Founded in 2009, Bloomreach is headquartered in Silicon Valley and Amsterdam, with offices worldwide.
Bloomreach is seeking an experienced Information Security Analyst to join our Information Security team, to help apply comprehensive cybersecurity and privacy analysis to our organization. This team member will work with our Head of Information Security to oversee the Information Security Governance, Risk, and Compliance program for Bloomreach. In this role, you will establish security policies, standards, methodologies, and processes while being responsible for executing assessments to ensure compliance with internal and external requirements, identifying risks, and communicating the identified risks to the stakeholders. As the subject matter expert in Information Security, you will have the opportunity to lead large cross-functional projects.
- Review, audit, monitor, and analyze security risks and vulnerabilities against policies, standards and frameworks such as ISO, SOC, GDPR, etc.
- Work with cross-functional team members to identify improvement opportunities and providing feedback
- Identify, document, and maintain security control matrix
- Manage remediation efforts and track completion status of deficiencies
- Manage the implementation of security governance by leading the process of governance, administration, and maintenance
- Interact with sales, engineering, and product teams to ensure security capabilities and controls are in place and meet industry requirements
- Serve as the subject matter expert who will actively guide Product & Engineering on all security and compliance related technical components
- Develop, execute, maintain, and review Information Security Policies and Standards
- Stay up to date on the latest changes in security practices, issues, and technologies
- Conduct risk assessment reviews to identify risks and recommend remediation based on security best practices
- Implement and recommend security controls based on ISO27001 framework
- Work together with Sales and Legal team members to provide responses for customer proposals (RFPs)
- 5+ years in Information Security (InfoSec), risk assessment, compliance, audit, security practices/ solutions/ methods (e.g. SOC, ISO, GDPR, etc).
- Understanding of business processes, internal controls, risk management, IT controls, and related standards
- Fundamental understanding of security domains
- Experience in assisting in building Governance, Risk and Compliance practices
- Thorough knowledge and understanding of current information risk assessment techniques required
- Knowledge of frameworks such as NIST, ISO27001, etc
- Strong analytical and organization skills with demonstrated ability to plan and manage projects along with ensuring deliverables meet work plan specifications and deadlines
- Demonstrated understanding of SDLC and security related processes
- Ability to interpret and communicate technical terms to non-technical audience
- Certification preferred (CISSP, CISM, CISA, etc)
Any unsolicited resumes/candidate profiles submitted through our website or to personal email accounts of employees of BloomReach are considered property of BloomReach and are not subject to payment of agency fees.