Senior GRC Security Enginee
Location: [Poshmark Office Location / Remote if applicable - *Add this if known*]
About Poshmark: Where Fashion Meets Innovation & Community
Join Poshmark, a leading fashion resale marketplace that’s not just about transactions, but about building a vibrant, highly engaged community. With over 130 million users and over $10 billion in GMV, we empower individuals to transform their closets into thriving businesses, share their unique style, and contribute to a more sustainable future for fashion. We're a tech-driven platform at scale, fostering real-time social experiences and redefining online selling. Discover more at www.poshmark.com and our newsroom at newsroom.poshmark.com.
The Opportunity: Build Secure Foundations for a Global Platform
Are you a seasoned security professional with a strong GRC background and an engineering mindset? Poshmark is seeking a **Senior GRC Security Engineer** to be a cornerstone of our cybersecurity posture. This critical role will primarily drive our Korea-specific Sarbanes-Oxley (K-SOX) compliance program, ensuring robust internal controls over financial reporting (ICFR). Beyond K-SOX, you'll be instrumental in shaping our broader Cybersecurity Governance, Risk, and Compliance initiatives, applying an innovative, automation-first approach to enhance our security frameworks. If you thrive on improving processes, leveraging data, and making a tangible impact on an enterprise-scale platform, this is your chance to lead from the front.
What You'll Do: Drive Security, Compliance, and Process Excellence
K-SOX Compliance & Internal Controls Leadership
Lead the annual K-SOX compliance lifecycle from end-to-end, including comprehensive scoping, meticulous risk assessment, thorough control testing, effective remediation planning, and precise reporting. IT Application Controls (ITACs) Maintain and update essential K-SOX documentation, including detailed process narratives, comprehensive Risk & Control Matrices (RCMs), and clear flowcharts. Audit & Stakeholder Coordination Excellence Serve as a primary liaison, bridging communication between business/control owners, Internal Audit, and External Auditors. Broader GRC & Compliance Contributions Extend your impact beyond SOX, supporting vital compliance and risk initiatives such as: PCI-DSS compliance activities Assist in sophisticated control mapping across various compliance frameworks. Engineering, Reporting & Process Automation Drive process improvement initiatives to significantly enhance control efficiency and minimize audit effort. What You'll Bring: Your Expertise & Qualifications Experience 4-7 years of hands-on experience in: SOX / K-SOX compliance. Demonstrated expertise with ICFR and SOX 404-type controls. Technical Skills Deep understanding of the COSO Internal Control Framework and SOX / K-SOX compliance requirements. Soft Skills Superior analytical and problem-solving capabilities. Bonus Points For: Elevate Your Application Prior experience with a Big 4 firm or a large public company. Your Impact & Success Metrics: What Success Looks Like Ensure the timely and successful completion of K-SOX testing cycles.
Execute both Design Effectiveness (DE) and Operating Effectiveness (OE) testing for critical controls:
IT General Controls (ITGCs) across User Access Management, Change Management, and IT Operations.
Proactively identify control deficiencies and conduct severity assessments (deficiency, significant deficiency, material weakness).
Track and validate remediation activities, collaborating closely with control owners to ensure timely and effective resolution.
Strategically coordinate walkthroughs, testing schedules, and audit evidence requests (PBC requests).
Provide expert responses to audit inquiries and support the delivery of high-quality audit evidence.
Facilitate the closure of audit findings and rigorously validate the effectiveness of remediation efforts.
Data privacy and regulatory support (e.g., CCPA, PIPEDA, and local privacy requirements).
Contribute to the development and maintenance of internal policies, standards, and technical risk assessments.
Proactively take on non-SOX GRC or compliance projects during off-peak SOX cycles.
Develop executive summaries, presentations, and other critical reports for stakeholders and leadership.
Champion opportunities to automate, standardize, and rationalize controls and evidence collection.
Design, build, and maintain robust compliance trackers, intuitive dashboards, insightful metrics, and audit-ready reports.
Craft clear, concise written documentation and compelling presentations for management, auditors, and key stakeholders.
Leverage scripting, advanced data analysis, and modern tooling to elevate reporting quality and operational efficiency.
Internal Audit, GRC, or External Audit (Big 4 or equivalent experience strongly preferred).
Extensive practical experience with IT General Controls (ITGCs) and IT Application Controls (ITACs).
Proven track record supporting public or listed companies in a compliance capacity.
Ability to operate independently, take ownership, and deliver results with minimal supervision.
Hands-on experience with enterprise technology platforms such as Oracle NetSuite, OKTA, JIRA, and AWS.
Exceptional proficiency in Excel for data analysis, compliance trackers, pivot tables, and evidence aggregation.
Proven ability to create high-quality reports, dashboards, and presentations.
Exposure to scripting (e.g., Python, PowerShell), automation, or data analysis tools is a significant plus.
Outstanding written and verbal communication skills, able to articulate complex topics clearly.
Adept at managing multiple priorities and projects in a fast-paced, deadline-driven environment.
Comfortable and effective collaborating cross-functionally with teams across Technology, Finance, Security, and Operations.
Possesses a high attention to detail, a strong ownership mindset, and professional skepticism.
Experience with SOX automation or continuous controls monitoring.
Exposure to global or multi-entity compliance environments.
Additional cybersecurity or security assurance experience.
Your contributions will be measured by your ability to:
Achieve a measurable reduction in repeat audit findings.
Produce testing documentation that exemplifies quality, clarity, and accuracy.
Demonstrate highly effective coordination with auditors and control owners.
Drive the successful and timely remediation of all identified control deficiencies.
Make meaningful contributions to non-SOX GRC initiatives, expanding our overall security posture.