Stitch Fix (NASDAQ: SFIX) is the leading online personal styling service that helps people discover the styles they will love that fit perfectly so they always look - and feel - their best. Few things are more personal than getting dressed, but finding clothing that fits and looks great can be a challenge. Stitch Fix solves that problem. By pairing expert stylists with best-in-class AI and recommendation algorithms, the company leverages its assortment of exclusive and national brands to meet each client's individual tastes and needs, making it convenient for clients to express their personal style without having to spend hours in stores or sifting through endless choices online. Stitch Fix, which was founded in 2011, is headquartered in San Francisco.
About the Team
At Stitch Fix, The Governance, Risk and Compliance team ensures StitchFix stays Cyber secure. We create controls and standards, perform third party risk assessments, run the risk exception process and use modern tools to help us stay safe. Join our team of talented, compassionate individuals as we set new benchmarks of excellence and ensure an unparalleled experience for all our clients.
About the Role
Stitch Fix is looking for a bright, kind, and goal-oriented Lead Security Engineer I to work closely with various Engineering, Platform, Governance and Legal teams at Stitch Fix in order to develop and improve our security posture. The ideal candidate will bring deep expertise in security frameworks such as NIST and PCI DSS, along with proven experience in developing policies, standards, and controls. Familiarity with GRC platforms like Archer, Drata, or similar tools is also essential.
Our team members partner, collaborate, communicate, share, educate and learn while continuing the pursuit of keeping Stitch Fix secure. A successful candidate will demonstrate strong communication skills (both verbally and written), ensuring clarity, accuracy, and a comprehensive record of information exchange. They should be comfortable and feel productive working in a remote setting within a highly distributed organization.
You're excited about this opportunity because you will…
- Drive Policy and Standard Development: Collaborate cross-functionally to develop and maintain information security policies, standards, and procedures that align with Stitch Fix’s risk appetite. Your work will balance security requirements with the practical needs of business operations, enabling teams to move quickly while maintaining compliance.
- Execute Third-Party Risk Assessments: Support the end-to-end third-party risk management process by conducting security assessments of vendors and partners. Offer clear, actionable recommendations and partner with business owners to ensure our third-party relationships uphold Stitch Fix’s security and compliance standards.
- GRC Tool Ownership and Reporting: Serve as a subject matter expert for our GRC platform (e.g., Drata, Archer, or equivalent). Maintain the tool’s configuration and workflows, generate reports and metrics, and support audit and compliance activities through effective data collection and visualization.
- Enable Risk-Informed Decision Making: Provide strategic insights and operational support to enable business units to make informed decisions regarding risk. Support internal audits, regulatory reviews, and compliance initiatives across the organization.
We’re excited about you because you…
- Bring 5+ years of hands-on experience in a Governance, Risk, and Compliance (GRC) environment, with a deep understanding of risk management principles.
- Excel at translating complex technical concepts into clear, accessible language for non-technical stakeholders, helping teams navigate security concerns with confidence.
- Demonstrate strong written and verbal communication skills, with experience creating technical documentation, policy guidance, and best practices.
- Are well-versed in GRC tools and terminology, and know how to leverage them to support compliance and audit readiness.
- Have a solid grasp of security frameworks (e.g., NIST, ISO, PCI DSS) and understand their practical applications in a business environment.
- Understand core cloud security principles and can apply them across modern infrastructure environments.
- Are a natural problem-solver and critical thinker, skilled at identifying security gaps and driving thoughtful solutions.
- Possess the ability to analyze complex systems, evaluate risks, and develop actionable mitigation strategies.
- Thrive in a collaborative, fast-paced environment, and enjoy working cross-functionally to drive impact and influence outcomes.
Why you'll love working at Stitch Fix...
- We are a group of bright, kind people who are motivated by challenge. We value integrity, innovation and trust. You’ll bring these characteristics to life in everything you do at Stitch Fix.
- We cultivate a community of diverse perspectives— all voices are heard and valued.
- We are an innovative company and leverage our strengths in fashion and tech to disrupt the future of retail.
- We win as a team, commit to our work, and celebrate grit together because we value strong relationships.
- We boldly create the future while keeping equity and sustainability at the center of all that we do.
- We are the owners of our work and are energized by solving problems through a growth mindset lens. We think broadly and creatively through every situation to create meaningful impact.
- We offer comprehensive compensation packages and inclusive health and wellness benefits.
Compensation and Benefits
This role will receive a competitive salary, benefits, and equity. The salary for US-based employees hired into this role will be aligned with the range below, which includes our three geographic areas. A variety of factors are considered when determining someone’s compensation–including a candidate’s professional background, experience, location, and performance.This position is eligible for new hire and ongoing grants of restricted stock units depending on employee and company performance. In addition, the position is eligible for medical, dental, vision, and other benefits. Applicants should apply via our internal or external careers site.
Salary Range
$121,000—$178,000 USD
This link leads to the machine readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.
Please review Stitch Fix's US Applicant Privacy Policy and Notice at Collection here: https://stitchfix.com/careers/workforce-applicant-privacy-policy
Recruiting Fraud Alert:
To all candidates: your personal information and online safety are top of mind for us. At Stitch Fix, recruiters only direct candidates to apply through our official career pages at https://www.stitchfix.com/careers/jobs or https://web.fountain.com/c/stitch-fix.
Recruiters will never request payments, ask for financial account information or sensitive information like social security numbers. If you are unsure if a message is from Stitch Fix, please email [email protected].
You can read more about Recruiting Scam Awareness on our FAQ page here: https://support.stitchfix.com/hc/en-us/articles/1500007169402-Recruiting-Scam-Awareness
Top Skills
Similar Jobs
What you need to know about the Charlotte Tech Scene
Key Facts About Charlotte Tech
- Number of Tech Workers: 90,859; 6.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lowe’s, Bank of America, TIAA, Microsoft, Honeywell
- Key Industries: Fintech, artificial intelligence, cybersecurity, cloud computing, e-commerce
- Funding Landscape: $3.1 billion in venture capital funding in 2024 (CED)
- Notable Investors: Microsoft, Google, Falfurrias Management Partners, RevTech Labs Foundation
- Research Centers and Universities: University of North Carolina at Charlotte, Northeastern University, North Carolina Research Campus
