Manager, Security Architecture

About Stitch Fix, Inc.

Stitch Fix (NASDAQ: SFIX) is the leading online personal styling service that helps people discover the styles they will love that fit perfectly so they always look - and feel - their best. Few things are more personal than getting dressed, but finding clothing that fits and looks great can be a challenge. Stitch Fix solves that problem. By pairing expert stylists with best-in-class AI and recommendation algorithms, the company leverages its assortment of exclusive and national brands to meet each client's individual tastes and needs, making it convenient for clients to express their personal style without having to spend hours in stores or sifting through endless choices online. Stitch Fix, which was founded in 2011, is headquartered in San Francisco.

 

About the Role

The Manager of Security Architecture will lead the development and implementation of the firm’s DevSecOps framework, enterprise security architecture, ensuring the protection of Stitch Fix’s assets and intellectual property. You will deliver enterprise level planning, design, and implementation of security solutions and controls related to Secure Software Development Life Cycle (SSDLC), Modern Security Engineering/Architecture practices, Solution Development, and Delivery and Product technologies. Demonstrate security and technical expertise in cloud security technology, agile development, architecture, designs, systems implementation and integration across cloud environments.You will conduct threat modeling exercises to identify potential security threats and risks in applications. Perform code reviews, static and dynamic analysis to ensure the security of the application codebase and partner with development teams to prioritize and address identified threats. Lead a team of security architects, work closely with IT, operations, and executive teams to ensure security measures are aligned with business objectives and regulatory requirements. This is a remote position available within the United States. We operate in an agile-inspired manner; collaborating across multiple time zones.

You're excited about this opportunity because you will…

• Lead the design and innovation of security architectures, integrating advanced technologies to protect against evolving threats while enabling business agility and growth
• Provide thought leadership from an application security perspective on emerging technologies such as GenAI, Post-Quantum, and Blockchain/DLT
• Oversee the evaluation and implementation of security solutions, including encryption, firewalls, and other protective technologies.
• Define and document security strategies, policies, and processes to mitigate risks and vulnerabilities.
• Ensure the security architecture is scalable, flexible, and adaptable to evolving threats and technologies.
• Manage, mentor, and develop a team of security architects, fostering a collaborative and innovative environment.
• Conduct security assessments and threat modeling to identify vulnerabilities and recommend remediation plans.
• Ensure that security policies and architectures comply with all relevant regulations, including GDPR, HIPAA, and PCI-DSS.

We’re excited about you because…

• Bachelor's degree in Information Security, Computer Science, or related field (Master's preferred).
• Minimum of 7-10 years of experience in information security, with a focus on architecture and design.
• Strategic thinking with the ability to align security goals with business objectives.
• Expertise in cybersecurity frameworks, cloud security, network security with proficiency in implementing zero-trust architectures and DevSecOps practices across diverse IT environments.
• In-depth knowledge of cloud security architectures (AWS, Azure, Google Cloud).
• Strong experience in securing cloud environments and applications with demonstrated knowledge of cloud solutions
• Strong experience with security frameworks (e.g., NIST, ISO 27001) and technologies (e.g., firewalls, SIEM, IDS/IPS, encryption).
• Proven leadership and team management experience.
• Experience with risk management, compliance, and incident response.

Why you'll love working at Stitch Fix...

• We are a group of bright, kind people who are motivated by challenge. We value integrity, innovation and trust. You’ll bring these characteristics to life in everything you do at Stitch Fix.
• We cultivate a community of diverse perspectives— all voices are heard and valued.
• We are an innovative company and leverage our strengths in fashion and tech to disrupt the future of retail. 
• We win as a team, commit to our work, and celebrate grit together because we value strong relationships.
• We boldly create the future while keeping equity and sustainability at the center of all that we do. 
• We are the owners of our work and are energized by solving problems through a growth mindset lens. We think broadly and creatively through every situation to create meaningful impact.
• We offer comprehensive compensation packages and inclusive health and wellness benefits.

Compensation and Benefits

Our anticipated compensation reflects the cost of labor across several US geographic markets, and the range below indicates the low end of the lowest-compensated market to the high end of the highest-compensated market. This position is eligible for new hire and ongoing grants of restricted stock units depending on employee and company performance. In addition, the position is eligible for medical, dental, vision, and other benefits. Applicants should apply via our internal or external careers site.Salary Range$234,000—$250,000 USD

This link leads to the machine readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.

Please review Stitch Fix's US Applicant Privacy Policy and Notice at Collection here: https://stitchfix.com/careers/workforce-applicant-privacy-policy

Recruiting Fraud Alert: 

To all candidates: your personal information and online safety are top of mind for us.  At Stitch Fix, recruiters only direct candidates to apply through our official career pages at https://www.stitchfix.com/careers/jobs or https://web.fountain.com/c/stitch-fix.

Recruiters will never request payments, ask for financial account information or sensitive information like social security numbers. If you are unsure if a message is from Stitch Fix, please email careers@stitchfix.com. 

You can read more about Recruiting Scam Awareness on our FAQ page here: https://support.stitchfix.com/hc/en-us/articles/1500007169402-Recruiting-Scam-Awareness