Poshmark is the largest community marketplace for fashion where anyone can buy, sell, and share their personal style. With millions of shoppers and seller stylists, Poshmark brings together a vibrant community every day to express themselves and share their love of fashion.

Our security team is looking for the founding GRC member to streamline security policies and information security framework for our internal teams and external 70 million users. 

Responsibilities

  • Create and maintain ISMS policies
  • Perform security risk assessments to identify gaps, come up with recommendations and drive the gaps to completion
  • Setup Internal audit processes for various security needs
  • Streamline SOX, PCI and ISO 27001 Audit processes by being the face of security during these audits. Perform internal audits, keep the necessary documentation reviewed and updated as required for audits
  • Perform security compliance audits for new regions to comply with local regulations as the company expands internationally
  • Perform/Create annual and onboarding trainings to educate personnel and re-iterate security and compliance requirements
  • Project management - Initiate and drive complex security projects requiring various stakeholders
  • Develop metrics to track security program effectiveness and to report risk 

6-Month Accomplishments 

  • Create Policies required for ISMC and maintain them
  • Create a governance program for different security areas like Infrastructure, Application, SOC and others
  • Identify critical security audit areas, establish the audit process and have completed audit of few areas
  • Create and update security risk metrics to measure the risk levels across systems and processes
  • Create security awareness and educational trainings for the company and specific teams

12+ Month Accomplishments

  • Complete internal audit of critical processes and as required for PCI and SOX
  • Complete risk assessments of high risk processes and come up with gaps and recommendations
  • Successfully complete PCI certification, represent cyber security during SOX audits
  • Rollout security awareness trainings for the company and Engineering teams

Requirements

  • Expertise in two or more of the following areas: IT/Cloud/Application/Data security
  • 5+ years of experience in various frameworks and standards for regulatory and security compliance (PCI, GDPR, ISO, NIST, COBIT, and etc...)
  • Experience performing internal audits and interfacing external security audits like PCI
  • Ability to establish and execute PMO for security projects
  • Technology focussed. Good high level understanding of different technologies and IT security
  • Ability to establish trust with stakeholders and partners
  • Effective and clear communication

Why Poshmark?

Poshmark is a leading social marketplace for new and secondhand style for women, men, kids, pets, home, and more. By combining the human connection of physical shopping with the scale, ease, and selection benefits of ecommerce, Poshmark makes buying and selling simple, social, and sustainable. Its community of more than 70 million registered users across the U.S., Canada, and Australia is driving the future of commerce while promoting more sustainable consumption. For more information, please visit www.poshmark.com, and for company news and announcements, please visit investors.poshmark.com. You can also find Poshmark on Instagram, Facebook, Twitter, Pinterest, and YouTube.

About Us:

At Poshmark, we’re constantly challenging the status quo and are looking for innovative and passionate people to help shape the future of Poshmark. We’re disrupting the industry by combining social connections with e-commerce through data-driven solutions and the latest technology to optimize our platform. We’re nothing without our amazing team who deliver an unparalleled social shopping experience to the millions of people we connect each day.

We built Poshmark around four core values: 1) focus on people to create empowered communities that drive success; 2) together we grow to support each other to strive for our dreams; 3) lead with love to foster genuine connections built upon a foundation of respect; and 4) embrace your weirdness to accept and empower one another on their own unique journey. We’re invested in our team and community, working together to build an entirely new way to shop. That way, when we win, we all win together. Come help us build the most connected shopping experience ever.

Here’s what we’ll set you up with:

  • A team that is invested in your career growth and training
  • Competitive salary and equity, based on experience
  • Company sponsors up to 100% cost for your health, dental and vision plans and up to 90% for your dependents
  • Work alongside world-class talent
  • Flexible vacation / paid time off policy
  • Parental leave
  • Personal style encouraged (or not, whatever you’re in to)

Poshmark is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Apply for this Job

* Required

  
  


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at Poshmark are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.