About Poshmark
Poshmark is the leading fashion marketplace where style comes alive through discovery, self-expression, and human connection.
Powered by a vibrant community of 165 million members, Poshmark brings real people and taste to shopping through a social experience shaped by shared discovery. Buying and selling fashion feels simple, joyful, and personal, while every item tells its own story. Poshmark empowers sellers to grow meaningful businesses, keeps fashion in circulation longer, and gives shoppers access to unique and trusted finds, from everyday pieces to one-of-a-kind vintage and luxury.
The Senior Security Engineer, GRC will support the company’s Korea-specific Sarbanes-Oxley (K-SOX) compliance program, ensuring effective internal controls over financial reporting (ICFR). In addition to SOX responsibilities, this role will contribute to broader Cybersecurity Governance, Risk, and Compliance (GRC) initiatives and support other compliance and security-related activities as bandwidth allows.
This role requires a professional with strong hands-on experience in IT General Controls, NIST CSF, audit execution, and control testing, combined with an engineering mindset to improve processes, reporting, and automation. The individual is expected to work independently, partner cross-functionally, and flex across SOX and non-SOX initiatives.
Key Responsibilities
K-SOX Compliance & Internal Controls
Support the annual K-SOX compliance lifecycle, including scoping, risk assessment, testing, remediation, and reporting
Perform Design Effectiveness (DE) and Operating Effectiveness (OE) testing for:
IT Application Controls
IT General Controls (User Access, Change Management, IT Operations)
Maintain and update K-SOX documentation, including:
Process narratives
Risk & Control Matrices (RCMs)
Flowcharts
Identify control deficiencies and support severity assessment (deficiency, significant deficiency, material weakness)
Track and validate remediation activities in coordination with control owners
Audit & Stakeholder Coordination
Act as a key liaison between business/control owners, Internal Audit, and External Auditors
Coordinate walkthroughs, testing schedules, and audit evidence requests
Respond to audit inquiries and support PBC (Provided by Client) requests
Assist with closure of audit findings and validation of remediation effectiveness
GRC & Compliance Responsibilities
Support additional compliance and risk initiatives beyond SOX, including:
PCI-DSS compliance activities
Data privacy and regulatory support (e.g., CCPA, PIPEDA, local privacy requirements)
Assist with control mapping across multiple frameworks as required
Support internal policy, standards, and technical risk assessment activities
Take on non-SOX GRC or compliance work during non-peak SOX cycles
Create executive summary, presentation, and other reports as and when needed.
Engineering, Reporting & Process Improvement
Participate in process improvement initiatives to enhance control efficiency and reduce audit effort
Identify opportunities to automate, standardize, or rationalize controls and evidence collection
Build and maintain:
Compliance trackers
Dashboards and metrics
Management and audit-ready reports
Prepare clear written documentation and presentations for management, auditors, and stakeholders
Leverage scripting, data analysis, or tooling where appropriate to improve reporting quality and efficiency
Required Qualifications
Experience
4–7 years of experience in:
SOX / K-SOX compliance
Internal Audit, GRC, or External Audit (Big 4 or equivalent preferred)
Hands-on experience with:
ICFR and SOX 404–type controls
IT General Controls and IT Application Controls
Experience supporting public or listed companies
Ability to operate independently with minimal supervision
Technical Skills
Strong understanding of:
COSO Internal Control Framework
SOX / K-SOX compliance requirements
Experience with enterprise technology platforms such as:
Oracle NetSuite, OKTA, JIRA, AWS etc.
Strong proficiency in Excel (trackers, pivots, evidence analysis)
Experience creating reports, dashboards, and presentations
Exposure to scripting, automation, or data analysis is a plus
Soft Skills
Strong analytical and problem-solving skills
Excellent written and verbal communication
Ability to manage multiple priorities in a deadline-driven environment
Comfortable working cross-functionally with Technology, Finance, Security, and Operations
High attention to detail, ownership mindset, and professional skepticism
Preferred Qualifications
Prior Big 4 or large public company experience
Experience with SOX automation or continuous controls monitoring
Exposure to global or multi-entity compliance environments
Cybersecurity or security assurance exposure is a plus
Success Metrics
Timely completion of K-SOX testing cycles
Reduction in repeat audit findings
Quality, clarity, and accuracy of testing documentation
Effective coordination with auditors and control owners
Successful and timely remediation of identified control deficiencies
Ability to contribute meaningfully to non-SOX GRC initiatives
