Senior Security Engineer, SOX

Senior Security Engineer, SOX ABOUT POSHMARK Poshmark is the leading fashion marketplace where style comes alive through discovery, self-expression, and human connection. Powered by a vibrant community of 165 million members, Poshmark brings real people and taste to shopping through a social experience shaped by shared discovery. Buying and selling fashion feels simple, joyful, and personal, while every item tells its own story. Poshmark empowers sellers to grow meaningful businesses, keeps fashion in circulation longer, and gives shoppers access to unique and trusted finds, from everyday pieces to one-of-a-kind vintage and luxury. The Senior Security Engineer, GRC will support the company’s Korea-specific Sarbanes-Oxley (K-SOX) compliance program, ensuring effective internal controls over financial reporting (ICFR). In addition to SOX responsibilities, this role will contribute to broader Cybersecurity Governance, Risk, and Compliance (GRC) initiatives and support other compliance and security-related activities as bandwidth allows. This role requires a professional with strong hands-on experience in IT General Controls, NIST CSF, audit execution, and control testing, combined with an engineering mindset to improve processes, reporting, and automation. The individual is expected to work independently, partner cross-functionally, and flex across SOX and non-SOX initiatives. Key Responsibilities K-SOX Compliance & Internal Controls - Support the annual K-SOX compliance lifecycle, including scoping, risk assessment, testing, remediation, and reporting - Perform Design Effectiveness (DE) and Operating Effectiveness (OE) testing for: - IT Application Controls - IT General Controls (User Access, Change Management, IT Operations) - Maintain and update K-SOX documentation, including: - Process narratives - Risk & Control Matrices (RCMs) - Flowcharts - Identify control deficiencies and support severity assessment (deficiency, significant deficiency, material weakness) - Track and validate remediation activities in coordination with control owners Audit & Stakeholder Coordination - Act as a key liaison between business/control owners, Internal Audit, and External Auditors - Coordinate walkthroughs, testing schedules, and audit evidence requests - Respond to audit inquiries and support PBC (Provided by Client) requests - Assist with closure of audit findings and validation of remediation effectiveness GRC & Compliance Responsibilities - Support additional compliance and risk initiatives beyond SOX, including: - PCI-DSS compliance activities - Data privacy and regulatory support (e.g., CCPA, PIPEDA, local privacy requirements) - Assist with control mapping across multiple frameworks as required - Support internal policy, standards, and technical risk assessment activities - Take on non-SOX GRC or compliance work during non-peak SOX cycles - Create executive summary, presentation, and other reports as and when needed. Engineering, Reporting & Process Improvement - Participate in process improvement initiatives to enhance control efficiency and reduce audit effort - Identify opportunities to automate, standardize, or rationalize controls and evidence collection - Build and maintain: - Compliance trackers - Dashboards and metrics - Management and audit-ready reports - Prepare clear written documentation and presentations for management, auditors, and stakeholders - Leverage scripting, data analysis, or tooling where appropriate to improve reporting quality and efficiency Required Qualifications Experience - 4–7 years of experience in: - SOX / K-SOX compliance - Internal Audit, GRC, or External Audit (Big 4 or equivalent preferred) - Hands-on experience with: - ICFR and SOX 404–type controls - IT General Controls and IT Application Controls - Experience supporting public or listed companies - Ability to operate independently with minimal supervision Technical Skills - Strong understanding of: ... (truncated, view full listing at source)