GRC Information Security Specialist

Poshmark is the largest community marketplace for fashion where anyone can buy, sell, and share their personal style. With millions of shoppers and seller stylists, Poshmark brings together a vibrant community every day to express themselves and share their love of fashion.

Our security team is looking for the founding GRC member to streamline security policies and information security framework for our internal teams and external 70 million users. 

Responsibilities

• Create and maintain ISMS policies
• Perform security risk assessments to identify gaps, come up with recommendations and drive the gaps to completion
• Setup Internal audit processes for various security needs
• Streamline SOX, PCI and ISO 27001 Audit processes by being the face of security during these audits. Perform internal audits, keep the necessary documentation reviewed and updated as required for audits
• Perform security compliance audits for new regions to comply with local regulations as the company expands internationally
• Perform/Create annual and onboarding trainings to educate personnel and re-iterate security and compliance requirements
• Project management - Initiate and drive complex security projects requiring various stakeholders
• Develop metrics to track security program effectiveness and to report risk 

6-Month Accomplishments 

• Create Policies required for ISMC and maintain them
• Create a governance program for different security areas like Infrastructure, Application, SOC and others
• Identify critical security audit areas, establish the audit process and have completed audit of few areas
• Create and update security risk metrics to measure the risk levels across systems and processes
• Create security awareness and educational trainings for the company and specific teams

12+ Month Accomplishments

• Complete internal audit of critical processes and as required for PCI and SOX
• Complete risk assessments of high risk processes and come up with gaps and recommendations
• Successfully complete PCI certification, represent cyber security during SOX audits
• Rollout security awareness trainings for the company and Engineering teams

Requirements

• Expertise in two or more of the following areas: IT/Cloud/Application/Data security
• 5+ years of experience in various frameworks and standards for regulatory and security compliance (PCI, GDPR, ISO, NIST, COBIT, and etc...)
• Experience performing internal audits and interfacing external security audits like PCI
• Ability to establish and execute PMO for security projects
• Technology focussed. Good high level understanding of different technologies and IT security
• Ability to establish trust with stakeholders and partners
• Effective and clear communication

Why Poshmark?

Poshmark is a leading social marketplace for new and secondhand style for women, men, kids, home, and more. By combining the human connection of physical shopping with the scale, ease, and selection benefits of ecommerce, Poshmark makes buying and selling simple, social, and fun. Its community of more than 70 million registered users across the U.S. and Canada is driving the future of commerce while promoting more sustainable consumption. For more information, please visit www.poshmark.com, and for company news and announcements, please visit investors.poshmark.com. You can also find Poshmark on Instagram, Facebook, Twitter, Pinterest, and YouTube.

About Us:

At Poshmark, we’re constantly challenging the status quo and are looking for innovative and passionate people to help shape the future of Poshmark. We’re disrupting the industry by combining social connections with e-commerce through data-driven solutions and the latest technology to optimize our platform. We’re nothing without our amazing team who deliver an unparalleled social shopping experience to the millions of people we connect each day.

We built Poshmark around four core values: 1) focus on people to create empowered communities that drive success; 2) together we grow to support each other to strive for our dreams; 3) lead with love to foster genuine connections built upon a foundation of respect; and 4) embrace your weirdness to accept and empower one another on their own unique journey. We’re invested in our team and community, working together to build an entirely new way to shop. That way, when we win, we all win together. Come help us build the most connected shopping experience ever.

Here’s what we’ll set you up with:

• A team that is invested in your career growth and training
• Competitive salary and equity, based on experience
• Company sponsors up to 100% cost for your health, dental and vision plans and up to 90% for your dependents
• Work alongside world-class talent
• Flexible vacation / paid time off policy
• Parental leave
• Personal style encouraged (or not, whatever you’re in to)

Poshmark is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.