Governance, Risk and Compliance (GRC), Principal Analyst

ABOUT TECHNOLOGY AND SECURITY

At Stitch Fix, we blend cutting-edge technology with the human touch to deliver personalized styling experiences. Our commitment to innovation extends beyond fashion; it encompasses every aspect of our business, including information security. We strive to maintain the highest standards of security while fostering a culture of collaboration and innovation. We're seeking a talented Governance, Risk, and Compliance (GRC) Specialist to join our team and contribute to our security excellence.

ABOUT THE ROLE

As a GRC Specialist at Stitch Fix, you'll play a pivotal role in ensuring the security of our technology stack and maintaining compliance with regulatory requirements. You'll collaborate with cross-functional teams, including IT, Legal, and Finance, to address technology and security compliance needs. Your responsibilities will include coordinating annual assessments and audits, contributing to our security awareness program, and identifying opportunities to enhance our GRC processes.

YOU ARE EXCITED ABOUT THIS OPPORTUNITY BECAUSE YOU WILL…

• Coordinate with cross-functional teams to address technology and security compliance requirements, such as SOX, PCI, GDPR, and NIST.
• Contribute to discussions with external auditors and assessors to assess our overall technology and security governance and compliance posture.
• Develop and maintain information security policies, standards, and procedures aligned with industry best practices.
• Conduct risk assessments and collaborate with stakeholders to develop risk mitigation strategies.
• Manage compliance initiatives, including gap assessments and implementation of controls to address regulatory requirements.
• Lead internal and external audits related to information security and compliance.
• Provide guidance and support to business units on information security matters, including security awareness training and incident response.
• Develop key performance indicators (KPIs) and metrics to measure the effectiveness of the information security GRC program.

REQUISITE SKILLS AND EXPERIENCE

• 6+ years of experience in security, preferably in a GRC role or similar capacity.
• Demonstrated experience with common compliance frameworks (SOX, GDPR, PCI, ISO27000, NIST Cybersecurity Framework).
• Understanding of common vendor risks and attestations (SSAE16, SOC2, SIG-Full/Lite).
• Strong written and spoken communication skills.
• Ability to drive multiple workstreams within GRC in parallel.
• Strong partnership and soft skills to influence stakeholders outside the security organization.

WE ARE EXCITED ABOUT YOU BECAUSE...

• YOU ARE ENTHUSIASTIC ABOUT SECURITY. You will collaborate to build interesting security solutions using the appropriate tools and contribute to design and architecture across multiple systems. You want to build on your experience and help us to adopt new technologies. You'll learn from us, and we'll learn from you. You care deeply about the fighting to protect and secure our clients and our employees from threats. 
• YOU HAVE A PARTNERSHIP MINDSET. Our team works together with multiple stakeholders to deliver projects that use secure technologies and processes to solve real business problems. Your team members and business partners will seek out your opinion on the focus and outcome you’re looking to achieve. You aren’t afraid to dig deep and ask the tough questions of our customers, company, and executive team.
• YOU ARE INTERESTED REPRESENTING THE BEST OF SECURITY TO OTHERS. You should strongly believe in the mission of the team and the importance of security culture in the organization and being a champion of this culture. 
• YOU HAVE DEEP RESPECT FOR YOUR CRAFT. We are dedicated to building security sustainably, not chasing the latest fad but understanding the best solution for the problem. You're always looking for more and better ways to bake security into everyday processes, and enthusiastic about sharing them with your team.
• YOU ARE RESPECTFUL, EMPATHETIC, AND HUMBLE. We want you to take your work seriously and be open to personal and professional growth. Successful security professionals show everyone respect and consideration.

WHY YOU'LL LOVE WORKING AT STITCH FIX...

• We are a group of bright, kind people who are motivated by challenge. We value integrity, innovation and trust. You’ll bring these characteristics to life in everything you do at Stitch Fix.
• We cultivate a community of diverse perspectives— all voices are heard and valued.
• We are an innovative company and leverage our strengths in fashion and tech to disrupt the future of retail. 
• We win as a team, commit to our work, and celebrate grit together because we value strong relationships.
• We boldly create the future while keeping equity and sustainability at the center of all that we do. 
• We are the owners of our work and are energized by solving problems through a growth mindset lens. We think broadly and creatively through every situation to create meaningful impact.
• We offer comprehensive compensation packages and inclusive health and wellness benefits.

ABOUT STITCH FIX

We're changing the industry and bringing personal styling to every body. We believe in a service and a workplace where you can show up as your best, most authentic self. The Stitch Fix experience is not merely curated—it’s truly personalized to each client we style. We are changing the way people find what they love. We’re disrupting the future of retail with the precision of data science by combining it with human instinct to find pieces that fit our client’s unique style. This novel juxtaposition attracts a highly diverse group of talented people who are both thinkers and doers. This results in a simple, yet powerful offering to our customers and a successful, growing business serving millions of men, women and kids throughout the US. We believe we are only scratching the surface and are looking for incredible people like you to help us boldly create our future. 

Compensation and Benefits

Our anticipated compensation reflects the cost of labor across several US geographic markets, and the range below indicates the low end of the lowest-compensated market to the high end of the highest-compensated market. This position is eligible for new hire and ongoing grants of restricted stock units depending on employee and company performance. In addition, the position is eligible for medical, dental, vision, and other benefits. Applicants should apply via our internal or external careers site.Salary Range$210,000—$224,000 USD

This link leads to the machine readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.

Please review Stitch Fix's US Applicant Privacy Policy and Notice at Collection here: https://stitchfix.com/careers/workforce-applicant-privacy-policy

Recruiting Fraud Alert: 

To all candidates: your personal information and online safety are top of mind for us.  At Stitch Fix, recruiters only direct candidates to apply through our official career pages at https://www.stitchfix.com/careers/jobs or https://web.fountain.com/c/stitch-fix.

Recruiters will never request payments, ask for financial account information or sensitive information like social security numbers. If you are unsure if a message is from Stitch Fix, please email RecruitingOperations@stitchfix.com. 

You can read more about Recruiting Scam Awareness on our FAQ page here: https://support.stitchfix.com/hc/en-us/articles/1500007169402-Recruiting-Scam-Awareness