About Stitch Fix, Inc.
Stitch Fix (NASDAQ: SFIX) is the leading online personal styling service that helps people discover the styles they will love that fit perfectly so they always look – and feel – their best. Few things are more personal than getting dressed, but finding clothing that fits and looks great can be a challenge. Stitch Fix solves that problem. By pairing expert stylists with best-in-class AI and recommendation algorithms, the company leverages its assortment of exclusive and national brands to meet each client’s individual tastes and needs, making it convenient for clients to express their personal style without having to spend hours in stores or sifting through endless choices online. Stitch Fix, which was founded in 2011, is headquartered in San Francisco.
About the Role
As the Manager of Risk Management at Stitch Fix, you will lead the development, implementation and ongoing coordination of an enterprise-wide cyber security governance, risk, and compliance management program including cyber risk identification, analysis, and mitigation, tracking and reporting to executive management. You will implement a comprehensive and effective Governance, Risk, and Compliance (GRC) program to ensure compliance with Stitch Fix internal policies and regulatory requirements (NIST, SOX, PCI, etc). Define and align security policies, strategy, standards and controls, risk management, 3rd party risk assessments, baseline security controls as well as technology compliance initiative, Proactively assess, identify, and develop recommendations regarding data protection, GRC, and third party risk issues and vulnerabilities, working collaboratively with multiple stakeholder teams including Legal, People & Culture (HR), and IT. You will manage and mentor staff responsible for Stitch Fix’s vendor risk management and data protection programs. You will oversee Stitch Fix’s IT and Information Security Training and Awareness program and be responsible for internal communication. Work closely with internal stakeholders to drive risk mitigation and prioritize remediation efforts. This is a remote position available within the United States. We operate in an agile-inspired manner; collaborating across multiple time zones.
You’re excited about this opportunity because you will…
- Play a leadership role in Stitch Fix’s Information Security and IT organization and work closely with the firm’s CISO, business and product community to embed security best practices and foster a culture of information security awareness
- You will develop and implement the first line of defense for an end-to-end IT and information security risk management program in alignment with Stitch Fix’s Enterprise Risk Management program to drive the identification, assessment, and prioritization of existing and emerging IT and security risks across the organization.
- Drive continuous improvement by developing metrics, monitoring trends, and implementing pragmatic solutions that balance security needs with business goals
- Assist the CISO in developing and implementing a comprehensive IT and information security strategy
- Develop and implement the company’s risk management framework, ensuring it is aligned with strategic goals.
- Lead efforts in business continuity planning and disaster recovery exercises, ensuring preparedness for any potential disruptions
- Provide risk reporting and insights to senior management, ensuring risks are communicated effectively and decision-makers have the necessary information.
- Manage and track the effectiveness of implemented controls and risk mitigation efforts.
- Stay up to date with industry trends and regulatory changes, ensuring the company’s risk management practices are current and compliant.
We’re excited about you because…
- Bachelor’s degree in Information Technology, Risk Management, Business Administration, or a related field.
- 5+ years of experience in risk management or a related discipline, with at least 2 years in a managerial role.
- Possess extensive experience in risk management and security within a publicly traded company
- Strong understanding of risk management frameworks, methodologies, and tools.
- Strong understanding of security frameworks, regulations and standards (ex: PCI, SOX, NIST CSF, etc)
- Excellent analytical, problem-solving, and decision-making skills.
- Experience with regulatory compliance, business continuity, disaster recovery, and resiliency planning.
- Strong communication skills, with the ability to work collaboratively across departments and present risk information to senior leadership.
Why you’ll love working at Stitch Fix…
- We are a group of bright, kind people who are motivated by challenge. We value integrity, innovation and trust. You’ll bring these characteristics to life in everything you do at Stitch Fix.
- We cultivate a community of diverse perspectives— all voices are heard and valued.
- We are an innovative company and leverage our strengths in fashion and tech to disrupt the future of retail.
- We win as a team, commit to our work, and celebrate grit together because we value strong relationships.
- We boldly create the future while keeping equity and sustainability at the center of all that we do.
- We are the owners of our work and are energized by solving problems through a growth mindset lens. We think broadly and creatively through every situation to create meaningful impact.
- We offer comprehensive compensation packages and inclusive health and wellness benefits.
Our anticipated compensation reflects the cost of labor across several US geographic markets, and the range below indicates the low end of the lowest-compensated market to the high end of the highest-compensated market. This position is eligible for new hire and ongoing grants of restricted stock units depending on employee and company performance. In addition, the position is eligible for medical, dental, vision, and other benefits. Applicants should apply via our internal or external careers site.
This link leads to the machine readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.
Please review Stitch Fix’s US Applicant Privacy Policy and Notice at Collection here: https://stitchfix.com/careers/workforce-applicant-privacy-policy