Senior Security Engineer, GRC

About Poshmark

Poshmark is a leading fashion resale marketplace powered by a vibrant, highly engaged community of buyers and sellers and real-time social experiences. Designed to make online selling fun, more social and easier than ever, Poshmark empowers its sellers to turn their closet into a thriving business and share their style with the world. Since its founding in 2011, Poshmark has grown its community to over 130 million users and generated over $10 billion in GMV, helping sellers realize billions in earnings, delighting buyers with deals and one-of-a-kind items, and building a more sustainable future for fashion. For more information, please visit www.poshmark.com, and for company news, visit newsroom.poshmark.com.

The Senior Security Engineer, GRC will support the company's Korea-specific Sarbanes-Oxley (K-SOX) compliance program, ensuring effective internal controls over financial reporting (ICFR). In addition to SOX responsibilities, this role will contribute to broader Cybersecurity Governance, Risk, and Compliance (GRC) initiatives and support other compliance and security-related activities as bandwidth allows.

This role requires a professional with strong hands-on experience in IT General Controls, NIST CSF, audit execution, and control testing, combined with an engineering mindset to improve processes, reporting, and automation. The individual is expected to work independently, partner cross-functionally, and flex across SOX and non-SOX initiatives.

Key Responsibilities

K-SOX Compliance & Internal Controls

• Support the annual K-SOX compliance lifecycle, including scoping, risk assessment, testing, remediation, and reporting
• Perform Design Effectiveness (DE) and Operating Effectiveness (OE) testing for:
• IT Application Controls
• IT General Controls (User Access, Change Management, IT Operations)
• Maintain and update K-SOX documentation, including:
• Process narratives
• Risk & Control Matrices (RCMs)
• Flowcharts
• Identify control deficiencies and support severity assessment (deficiency, significant deficiency, material weakness)
• Track and validate remediation activities in coordination with control owners
  

Audit & Stakeholder Coordination

• Act as a key liaison between business/control owners, Internal Audit, and External Auditors
• Coordinate walkthroughs, testing schedules, and audit evidence requests
• Respond to audit inquiries and support PBC (Provided by Client) requests
• Assist with closure of audit findings and validation of remediation effectiveness
  
  

GRC & Compliance Responsibilities

• Support additional compliance and risk initiatives beyond SOX, including:
• PCI-DSS compliance activities
• Data privacy and regulatory support (e.g., CCPA, PIPEDA, local privacy requirements)
• Assist with control mapping across multiple frameworks as required
• Support internal policy, standards, and technical risk assessment activities
• Take on non-SOX GRC or compliance work during non-peak SOX cycles
• Create executive summary, presentation, and other reports as and when needed.
  

Engineering, Reporting & Process Improvement

• Participate in process improvement initiatives to enhance control efficiency and reduce audit effort
• Identify opportunities to automate, standardize, or rationalize controls and evidence collection
• Build and maintain:
• Compliance trackers
• Dashboards and metrics
• Management and audit-ready reports
• Prepare clear written documentation and presentations for management, auditors, and stakeholders
• Leverage scripting, data analysis, or tooling where appropriate to improve reporting quality and efficiency
  

Experience

Required Qualifications

• 47 years of experience in:
• SOX / K-SOX compliance
• Internal Audit, GRC, or External Audit (Big 4 or equivalent preferred)
• Hands-on experience with:
• ICFR and SOX 404type controls
• IT General Controls and IT Application Controls
• Experience supporting public or listed companies
• Ability to operate independently with minimal supervision
  

Technical Skills

• Strong understanding of:
• COSO Internal Control Framework
• SOX / K-SOX compliance requirements
• Experience with enterprise technology platforms such as:
• Oracle NetSuite, OKTA, JIRA, AWS etc.
• Strong proficiency in Excel (trackers, pivots, evidence analysis)
• Experience creating reports, dashboards, and presentations
• Exposure to scripting, automation, or data analysis is a plus
  

Soft Skills

• Strong analytical and problem-solving skills
• Excellent written and verbal communication
• Ability to manage multiple priorities in a deadline-driven environment
• Comfortable working cross-functionally with Technology, Finance, Security, and Operations
• High attention to detail, ownership mindset, and professional skepticism
  
  

Preferred Qualifications

• Prior Big 4 or large public company experience
• Experience with SOX automation or continuous controls monitoring
• Exposure to global or multi-entity compliance environments
• Cybersecurity or security assurance exposure is a plus
  
  

Success Metrics

• Timely completion of K-SOX testing cycles
• Reduction in repeat audit findings
• Quality, clarity, and accuracy of testing documentation
• Effective coordination with auditors and control owners
• Successful and timely remediation of identified control deficiencies
• Ability to contribute meaningfully to non-SOX GRC initiatives