Jobs
Stitch Fix logoStitch Fix

Governance, Risk and Compliance (GRC), Principal Engineer

ABOUT TECHNOLOGY AND SECURITY

Our team is made up of people from varied backgrounds, including engineers who built and scaled organizations like Google, Netflix, eBay, GitHub, and LivingSocial. We build modern software with modern techniques like TDD, continuous delivery, DevOps, and service-oriented architecture. Cross-functional partnerships are deeply meaningful to us and are how we’ve built up immense trust with the people running the business.  We focus on high-value products that solve clearly identified problems but are designed in a sustainable way so that value continues to deliver in the long term. In fact, some of our proudest moments come from solving business problems without writing a line of code.

ABOUT THE ROLE

We are looking for a Governance Risk and Compliance (GRC) Principal Engineer to join our Information Security organization. Our team members are given a great deal of autonomy in the pursuit of keeping Stitch Fix secure.  You will be primarily responsible for identifying security risks to the organization and addressing security compliance findings. 

You will coordinate between our Legal and Finance teams to address technology and security compliance requirements (SOX, PCI, GDPR, NIST, etc) as part of our annual assessments and audits. You will contribute to discussions with external auditors and assessors alike to discuss our overall technology and security governance and compliance posture and future roadmaps. Finally, you will be contributing to our Security Awareness program, which involves both partnering with People & Culture on the training of Stitch Fix employees and relevant activities promoting better security awareness and culture. We trust you to focus your time and efforts where they are needed most to drive results at any given time. 

You will continue to identify ways we can improve our GRC vendor risk management processes by developing a roadmap to scale our operations and execute recommendations such as automation to improve how we support the business and represent Security internally and externally. 

You won’t do this alone. The security team will work with you to evolve our programs and our processes as a whole so that we get faster, more automated, and have a higher degree of focus and speed on GRC. 

We’re looking specifically for GRC practitioners who place an emphasis on practical security. Stitch Fix is a fast-growing company, and our security programs need to be able to keep pace with that growth while not disrupting innovation. You will help us improve our ability to respond effectively to outside requests from external stakeholders. You will drive efforts to prototype, implement, test, deploy and maintain new automated processes to meet compliance requirements. You will work to understand our overall risk profile (inclusive of vendor risk), clearly explaining your prioritization decisions and how that impacts our risk management posture. 

REQUISITE SKILLS AND EXPERIENCE

  • At least 6+ years in Security, preferably in GRC role or similar (Technology/IT Audit, Internal Audit, IT Consulting, etc)
  • Demonstrated experience with common compliance frameworks (SOX, GDPR, CCPA, PCI, ISO27000, NIST Cybersecurity Framework, NIST SP800-53)
  • Understanding of common vendor risks and common vendor attestations (SSAE16, SOC2, SIG-Full/Lite)
  • Understanding of security best practices (Password security, device security etc) in the context of Security Training and Awareness
  • Demonstrated ability to drive multiple workstreams in parallel within GRC
  • Strong written and spoken communication skills when responding to external requests
  • Strong partnership and soft skills to influence outside of the Security organization to drive a culture of Security

YOU’RE EXCITED ABOUT THIS OPPORTUNITY BECAUSE...

  • We work collaboratively as both a centralized and distributed team —we are a combined team of both remote and HQ-based professionals. We use a variety of technologies extensively to collaborate with each other.
  • You will have the opportunity to drive GRC solutions in a cloud-native environment at scale
  • We view Security as an enabling part of the business which requires a purposeful strategy through an overarching vision of how security can support the organization’s goals.
  • You are a Problem Solver. Ultimately, anyone can say “no” to something —but just saying “no” isn’t solving a problem. Figuring out a compromise, like preserving or even improving an experience while still ensuring an organization’s security, is a hard problem — the type of problem which should be the most intellectually fulfilling.

We use these tools and techniques to help us get the job done and we’re excited to share our expertise with new members of the team. You will have the opportunity to help us continue to adopt effective practices and technologies and explore their full potential.

WE ARE EXCITED ABOUT YOU BECAUSE...

  • YOU ARE ENTHUSIASTIC ABOUT SECURITY. You will collaborate to build interesting security solutions using the appropriate tools and contribute to design and architecture across multiple systems. You want to build on your experience and help us to adopt new technologies. You'll learn from us, and we'll learn from you. You care deeply about the fighting to protect and secure our clients and our employees from threats. 
  • YOU HAVE A PARTNERSHIP MINDSET. Our team works together with multiple stakeholders to deliver projects that use secure technologies and processes to solve real business problems. Your team members and business partners will seek out your opinion on the focus and outcome you’re looking to achieve. You aren’t afraid to dig deep and ask the tough questions of our customers, company, and executive team.
  • YOU ARE INTERESTED REPRESENTING THE BEST OF SECURITY TO OTHERS. You should strongly believe in the mission of the team and the importance of security culture in the organization and being a champion of this culture. 
  • YOU HAVE DEEP RESPECT FOR YOUR CRAFT. We are dedicated to building security sustainably, not chasing the latest fad but understanding the best solution for the problem. You're always looking for more and better ways to bake security into everyday processes, and enthusiastic about sharing them with your team.
  • YOU ARE RESPECTFUL, EMPATHETIC, AND HUMBLE. We want you to take your work seriously and be open to personal and professional growth. Successful security professionals show everyone respect and consideration.

YOU'LL LOVE WORKING AT STITCH FIX BECAUSE WE...

  • Are a successful, vibrant, fast-growing company
  • Are a technologically and data-driven business.
  • Are at the forefront of tech and fashion, redefining shopping for the next generation.
  • Are passionate about our clients and live/breathe the client experience.
  • Get to be creative every day.
  • Have a smart, experienced, and diverse leadership team that wants to do it right & is open to new ideas.
  • Believe in autonomy & taking initiative.
  • Have sunny offices in downtown San Francisco, CA, Austin, TX and Pittsburgh, PA, or your home :)
  • Offer transparent, equitable, and competitive compensation based on your level to help eliminate bias in salaries, as well as equity and comprehensive health benefits.
  • Are serious about our commitment to life-work balance, and have generous parental leave policies.

ABOUT STITCH FIX

At Stitch Fix, we’re about personal styling for everybody and we believe in both a service and a workplace where you can be your best, most authentic self. We’re the first fashion retailer to combine technology and data science with the human instinct of a Stylist to deliver a deeply personalized shopping experience. This novel juxtaposition attracts a highly diverse group of talented people who are both thinkers and doers. All of this results in a simple, powerful offering to our customers and a successful, growing business serving millions of men, women, and kids. We believe we are only scratching the surface on our opportunity, and we’re looking for incredible people like you to help us carry on that trend.

Compensation and BenefitsOur anticipated compensation reflects the cost of labor across several US geographic markets, and the range below indicates the low end of the lowest-compensated market to the high end of the highest-compensated market. This position is eligible for new hire and ongoing grants of restricted stock units depending on employee and company performance. In addition, the position is eligible for medical, dental, vision, and other benefits. Applicants should apply via our internal or external careers site.Salary Range$234,000—$250,000 USD

This link leads to the machine readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.

Please review Stitch Fix's US Applicant Privacy Policy and Notice at Collection here: https://stitchfix.com/careers/workforce-applicant-privacy-policy

Recruiting Fraud Alert: 

To all candidates: your personal information and online safety are top of mind for us.  At Stitch Fix, recruiters only direct candidates to apply through our official career pages at https://www.stitchfix.com/careers/jobs or https://web.fountain.com/c/stitch-fix.

Recruiters will never request payments, ask for financial account information or sensitive information like social security numbers. If you are unsure if a message is from Stitch Fix, please email [email protected]

You can read more about Recruiting Scam Awareness on our FAQ page here: https://support.stitchfix.com/hc/en-us/articles/1500007169402-Recruiting-Scam-Awareness 

Cyber Security Jobs by Category

Remote jobsFull Time jobsAudit jobsConsulting jobs

Cyber Security Salaries

Remote SalaryFull Time SalaryAudit SalaryConsulting Salary