Senior Security Engineer, SOX

About Poshmark

Poshmark is the leading fashion marketplace where style comes alive through discovery, self-expression, and human connection. Powered by a vibrant community of 165 million members, Poshmark brings real people and taste to shopping through a social experience shaped by shared discovery. Buying and selling fashion feels simple, joyful, and personal, while every item tells its own story. Poshmark empowers sellers to grow meaningful businesses, keeps fashion in circulation longer, and gives shoppers access to unique and trusted finds, from everyday pieces to one-of-a-kind vintage and luxury.

The Senior Security Engineer, GRC, will support the company's Korea-specific Sarbanes-Oxley (K-SOX) compliance program, ensuring effective internal controls over financial reporting (ICFR). In addition to SOX responsibilities, this role will contribute to broader Cybersecurity Governance, Risk, and Compliance (GRC) initiatives and support other compliance and security-related activities, as bandwidth allows. This role requires a professional with strong hands-on experience in IT General Controls, NIST CSF, audit execution, and control testing, combined with an engineering mindset to improve processes, reporting, and automation. The individual is expected to work independently, partner cross-functionally, and flex across SOX and non-SOX initiatives.

Key Responsibilities:

K-SOX Compliance & Internal Controls:

Support the annual K-SOX compliance lifecycle, including scoping, risk assessment, testing, remediation, and reporting. Perform Design Effectiveness (DE) and Operating Effectiveness (OE) testing for IT Application Controls and IT General Controls (User Access, Change Management, IT Operations). Maintain and update K-SOX documentation, including process narratives, Risk & Control Matrices (RCMs), and flowcharts. Identify control deficiencies and support severity assessment (deficiency, significant deficiency, material weakness). Track and validate remediation activities in coordination with control owners.

Audit & Stakeholder Coordination:

Act as a key liaison between business/control owners, Internal Audit, and External Auditors. Coordinate walkthroughs, testing schedules, and audit evidence requests. Respond to audit inquiries and support PBC (Provided by Client) requests. Assist with closure of audit findings and validation of remediation effectiveness.

GRC & Compliance Responsibilities:

Support additional compliance and risk initiatives beyond SOX, including PCI-DSS compliance activities and data privacy and regulatory support (e.g., CCPA, PIPEDA, local privacy requirements). Assist with control mapping across multiple frameworks, as required. Support internal policy, standards, and technical risk assessment activities. Take on non-SOX GRC or compliance work during non-peak SOX cycles. Create executive summaries, presentations, and other reports, as needed.

Engineering, Reporting & Process Improvement:

Participate in process improvement initiatives to enhance control efficiency and reduce audit effort. Identify opportunities to automate, standardize, or rationalize controls and evidence collection. Build and maintain compliance trackers, dashboards and metrics, and management and audit-ready reports. Prepare clear written documentation and presentations for management, auditors, and stakeholders. Leverage scripting, data analysis, or tooling, where appropriate, to improve reporting quality and efficiency.

Required Qualifications:

Experience:

47 years of experience in SOX / K-SOX compliance, Internal Audit, GRC, or External Audit (Big 4 or equivalent preferred). Hands-on experience with ICFR and SOX 404type controls, and IT General Controls and IT Application Controls. Experience supporting public or listed companies. Ability to operate independently, with minimal supervision.

Technical Skills:

Strong understanding of COSO Internal Control Framework and SOX / K-SOX compliance requirements. Experience with enterprise technology platforms such as Oracle NetSuite, OKTA, JIRA, AWS, etc. Strong proficiency in Excel (trackers, pivots, evidence analysis). Experience creating reports, dashboards, and presentations. Exposure to scripting, automation, or data analysis is a plus.

Soft Skills:

Strong analytical and problem-solving skills. Excellent written and verbal communication. Ability to manage multiple priorities in a deadline-driven environment. Comfortable working cross-functionally with Technology, Finance, Security, and Operations. High attention to detail, ownership mindset, and professional skepticism.

Preferred Qualifications:

Prior Big 4 or large public company experience. Experience with SOX automation or continuous controls monitoring. Exposure to global or multi-entity compliance environments. Cybersecurity or security assurance exposure is a plus.

Success Metrics:

Timely completion of K-SOX testing cycles. Reduction in repeat audit findings. Quality, clarity, and accuracy of testing documentation. Effective coordination with auditors and control owners. Successful and timely remediation of identified control deficiencies. Ability to contribute meaningfully to non-SOX GRC initiatives.