The Peloton Enterprise IT Operations Team is expanding & transforming its risk management, compliance & security capabilities & resources. We are investing in these areas to address an ever increasing cybersecurity threat landscape, as well as regulatory compliance requirements as the company continues to grow.
The Technology Governance, Risk & Compliance (GRC) Analyst is a critical position within the team, & has GRC responsibilities from a technology & security perspective across the organization globally. Working closely with the entire GRC team, & stakeholders across the organization, this position will be responsible for building & enhancing the GRC portfolio of efforts to raise the overall security & compliance posture & reduce risk levels for Peloton. This individual will be directly responsible for implementing, maintaining & improving policies, procedures & internal controls to assure compliance with applicable regulatory & legal requirements as well as best practices. The GRC Analyst will drive risk analysis, designing controls, & implementing industry best practice processes for teams & technologies utilized across the organization.
The role will work across multiple frameworks & regulatory standards including, but not limited to, SOX 404, GDPR, CCPA, PCI-DSS, NIST CSF, etc. This individual will liaise with Engineering, Finance, Enterprise Systems, General Counsel, Internal Audit & other stakeholders globally to implement new solutions & processes as well as remediate outstanding issues. The role will also have responsibility for the administration of systems the team utilizes to run & automate our various risk, compliance & security programs.
- Under the general direction of the Director of GRC & senior team members, the role is responsible for the design, implementation & operations of controls & processes to build & run the GRC program globally.
- Responsibility for informing leadership of issues resulting from risk analysis & determining potential solutions that are appropriate for Pelotons business & system architecture.
- Interacts with technology-focused teams & business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies.
- Work closely with the Security Team to detect potential security weaknesses & developing creative ways to tackle challenges unique to Pelotons business & systems architecture.
- Maintains updated knowledge in the field of risk management & compliance to efficiently work on frameworks including SOX 404, GDPR, CCPA, PCI-DSS, NIST CSF, etc.
- Understanding of qualitative vs. quantitative risk management & inherent vs. residual risk in order to properly determine & report on technology risk levels.
- Effectively engages Peloton stakeholders, business partners, & vendors to maintain an understanding of current risks, new systems, & changes to the environment.
- Understanding of security functions including: Incident Management, Secure Change Management, Identity & Access Management, & Vendor Security Risk Management.
- Must stay current with industry, regulatory, & legal requirements relevant to security, compliance, & privacy.
Founded in 2012, Peloton is an innovative tech company that brings members the best workouts possible, all from the convenience of their own home via the Bike,Tread & iOS App platforms. Peloton uses technology & design to connect the world through fitness, empowering people to be the best version of themselves anywhere, anytime.
Peloton believes in taking risks & challenging the status quo by continuously innovating & improving. We put our users, members, & customers first & we obsess over every touch point of the member experience be it the studio, product or showroom. We like to hire the best & encourage all our associates to be Pelotons brand ambassadors. Most importantly, we know that together we go far.