Our team is made up of people from varied backgrounds, including engineers who built and scaled organizations like Google, Netflix, eBay, GitHub, and LivingSocial. We build modern software with modern techniques like TDD, continuous delivery, DevOps, and service-oriented architecture. Cross-functional partnerships are deeply meaningful to us and are how we’ve built up immense trust with the people running the business. We focus on high-value products that solve clearly identified problems but are designed in a sustainable way so that value continues to deliver in the long term. In fact, some of our proudest moments come from solving business problems without writing a line of code.
We are looking for a Governance Risk and Compliance (GRC) Principal Engineer to join our Information Security organization. Our team members are given a great deal of autonomy in the pursuit of keeping Stitch Fix secure. You will be primarily responsible for identifying security risks to the organization and addressing security compliance findings.
You will coordinate between our Legal and Finance teams to address technology and security compliance requirements (SOX, PCI, GDPR, NIST, etc) as part of our annual assessments and audits. You will contribute to discussions with external auditors and assessors alike to discuss our overall technology and security governance and compliance posture and future roadmaps. Finally, you will be contributing to our Security Awareness program, which involves both partnering with People & Culture on the training of Stitch Fix employees and relevant activities promoting better security awareness and culture. We trust you to focus your time and efforts where they are needed most to drive results at any given time.
You will continue to identify ways we can improve our GRC vendor risk management processes by developing a roadmap to scale our operations and execute recommendations such as automation to improve how we support the business and represent Security internally and externally.
You won’t do this alone. The security team will work with you to evolve our programs and our processes as a whole so that we get faster, more automated, and have a higher degree of focus and speed on GRC.
We’re looking specifically for GRC practitioners who place an emphasis on practical security. Stitch Fix is a fast-growing company, and our security programs need to be able to keep pace with that growth while not disrupting innovation. You will help us improve our ability to respond effectively to outside requests from external stakeholders. You will drive efforts to prototype, implement, test, deploy and maintain new automated processes to meet compliance requirements. You will work to understand our overall risk profile (inclusive of vendor risk), clearly explaining your prioritization decisions and how that impacts our risk management posture.
We use these tools and techniques to help us get the job done and we’re excited to share our expertise with new members of the team. You will have the opportunity to help us continue to adopt effective practices and technologies and explore their full potential.
At Stitch Fix, we’re about personal styling for everybody and we believe in both a service and a workplace where you can be your best, most authentic self. We’re the first fashion retailer to combine technology and data science with the human instinct of a Stylist to deliver a deeply personalized shopping experience. This novel juxtaposition attracts a highly diverse group of talented people who are both thinkers and doers. All of this results in a simple, powerful offering to our customers and a successful, growing business serving millions of men, women, and kids. We believe we are only scratching the surface on our opportunity, and we’re looking for incredible people like you to help us carry on that trend.
Compensation and BenefitsOur anticipated compensation reflects the cost of labor across several US geographic markets, and the range below indicates the low end of the lowest-compensated market to the high end of the highest-compensated market. This position is eligible for new hire and ongoing grants of restricted stock units depending on employee and company performance. In addition, the position is eligible for medical, dental, vision, and other benefits. Applicants should apply via our internal or external careers site.Salary Range$234,000—$250,000 USDThis link leads to the machine readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.
Please review Stitch Fix's US Applicant Privacy Policy and Notice at Collection here: https://stitchfix.com/careers/workforce-applicant-privacy-policy
Recruiting Fraud Alert:
To all candidates: your personal information and online safety are top of mind for us. At Stitch Fix, recruiters only direct candidates to apply through our official career pages at https://www.stitchfix.com/careers/jobs or https://web.fountain.com/c/stitch-fix.
Recruiters will never request payments, ask for financial account information or sensitive information like social security numbers. If you are unsure if a message is from Stitch Fix, please email [email protected].
You can read more about Recruiting Scam Awareness on our FAQ page here: https://support.stitchfix.com/hc/en-us/articles/1500007169402-Recruiting-Scam-Awareness