ABOUT TECHNOLOGY AND SECURITY

At Stitch Fix, we blend cutting-edge technology with the human touch to deliver personalized styling experiences. Our commitment to innovation extends beyond fashion; it encompasses every aspect of our business, including information security. We strive to maintain the highest standards of security while fostering a culture of collaboration & innovation. We're seeking a talented Governance, Risk, & Compliance (GRC) Specialist to join our team & contribute to our security excellence.

ABOUT THE ROLE

As a GRC Specialist at Stitch Fix, you'll play a pivotal role in ensuring the security of our technology stack & maintaining compliance with regulatory requirements. You'll collaborate with cross-functional teams, including IT, Legal, & Finance, to address technology & security compliance needs. Your responsibilities will include coordinating annual assessments & audits, contributing to our security awareness program, & identifying opportunities to enhance our GRC processes.

YOU ARE EXCITED ABOUT THIS OPPORTUNITY BECAUSE YOU WILL

• Coordinate with cross-functional teams to address technology & security compliance requirements, such as SOX, PCI, GDPR, & NIST.
• Contribute to discussions with external auditors & assessors to assess our overall technology & security governance & compliance posture.
• Develop & maintain information security policies, standards, & procedures aligned with industry best practices.
• Conduct risk assessments & collaborate with stakeholders to develop risk mitigation strategies.
• Manage compliance initiatives, including gap assessments & implementation of controls to address regulatory requirements.
• Lead internal & external audits related to information security & compliance.
• Provide guidance & support to business units on information security matters, including security awareness training & incident response.
• Develop key performance indicators (KPIs) & metrics to measure the effectiveness of the information security GRC program.

REQUISITE SKILLS AND EXPERIENCE

• 6+ years of experience in security, preferably in a GRC role or similar capacity.
• Demonstrated experience with common compliance frameworks (SOX, GDPR, PCI, ISO27000, NIST Cybersecurity Framework).
• Understanding of common vendor risks & attestations (SSAE16, SOC2, SIG-Full/Lite).
• Strong written & spoken communication skills.
• Ability to drive multiple workstreams within GRC in parallel.
• Strong partnership & soft skills to influence stakeholders outside the security organization.

WE ARE EXCITED ABOUT YOU BECAUSE...

• YOU ARE ENTHUSIASTIC ABOUT SECURITY. You will collaborate to build interesting security solutions using the appropriate tools & contribute to design & architecture across multiple systems. You want to build on your experience & help us to adopt new technologies. You'll learn from us, & we'll learn from you. You care deeply about the fighting to protect & secure our clients & our employees from threats. 
• YOU HAVE A PARTNERSHIP MINDSET. Our team works together with multiple stakeholders to deliver projects that use secure technologies & processes to solve real business problems. Your team members & business partners will seek out your opinion on the focus & outcome youre looking to achieve. You arent afraid to dig deep & ask the tough questions of our customers, company, & executive team.
• YOU ARE INTERESTED REPRESENTING THE BEST OF SECURITY TO OTHERS. You should strongly believe in the mission of the team & the importance of security culture in the organization & being a champion of this culture. 
• YOU HAVE DEEP RESPECT FOR YOUR CRAFT. We are dedicated to building security sustainably, not chasing the latest fad but understanding the best solution for the problem. You're always looking for more & better ways to bake security into everyday processes, & enthusiastic about sharing them with your team.
• YOU ARE RESPECTFUL, EMPATHETIC, AND HUMBLE. We want you to take your work seriously & be open to personal & professional growth. Successful security professionals show everyone respect & consideration.

WHY YOU'LL LOVE WORKING AT STITCH FIX...

• We are a group of bright, kind people who are motivated by challenge. We value integrity, innovation & trust. Youll bring these characteristics to life in everything you do at Stitch Fix.
• We cultivate a community of diverse perspectives all voices are heard & valued.
• We are an innovative company & leverage our strengths in fashion & tech to disrupt the future of retail. 
• We win as a team, commit to our work, & celebrate grit together because we value strong relationships.
• We boldly create the future while keeping equity & sustainability at the center of all that we do. 
• We are the owners of our work & are energized by solving problems through a growth mindset lens. We think broadly & creatively through every situation to create meaningful impact.
• We offer comprehensive compensation packages & inclusive health & wellness benefits.

ABOUT STITCH FIX

We're changing the industry & bringing personal styling to every body. We believe in a service & a workplace where you can show up as your best, most authentic self. The Stitch Fix experience is not merely curatedits truly personalized to each client we style. We are changing the way people find what they love. Were disrupting the future of retail with the precision of data science by combining it with human instinct to find pieces that fit our clients unique style. This novel juxtaposition attracts a highly diverse group of talented people who are both thinkers & doers. This results in a simple, yet powerful offering to our customers & a successful, growing business serving millions of men, women & kids throughout the US. We believe we are only scratching the surface & are looking for incredible people like you to help us boldly create our future.