The Peloton Enterprise Technology team is expanding & transforming its risk management, compliance & information security capabilities & resources. We are investing in these areas to address an ever increasing threat landscape, as well as regulatory compliance requirements as the company continues to grow.
The Technology Governance, Risk & Compliance (GRC) Analyst is a critical position within the team, & has risk & compliance responsibilities from a technology & security perspective across the organization globally. Working closely with the entire GRC team & stakeholders across the organization, this position will be responsible for operating & enhancing the GRC portfolio of efforts to raise the overall security & compliance posture & reduce risk levels for Peloton. This individual will be directly responsible for implementing, maintaining & improving policies, procedures & internal controls to assure compliance with applicable regulatory & legal requirements as well as best practices. The GRC Analyst will drive risk analysis, operate controls, & help implement industry best practices for teams & technologies utilized across the organization.
The role will work across multiple frameworks & regulatory standards including, but not limited to SOX, GDPR, CCPA, PCI-DSS, NIST CSF, etc. This individual will liaise with Software Engineering, Finance, Enterprise Systems, General Counsel, Internal Audit & other stakeholders globally to implement new solutions & processes as well as remediate outstanding issues.
- Under the general direction of the Director of GRC & senior team members, the role is responsible for the design, implementation & operations of controls & processes to build & run the GRC program globally.
- Responsibility for informing leadership of issues resulting from risk analysis & determining potential solutions that are appropriate for Pelotons business & system architecture.
- Interacts with technology-focused teams & business stakeholders to understand risks to critical infrastructure & data by defining potential business impact with the responsibility to apply effective mitigation strategies.
- Work closely with the Information Security team to detect potential security weaknesses & brainstorm creative ways to tackle challenges unique to Pelotons business & systems architecture.
- The role will also have some responsibility for the administration of systems the team utilizes to manage our various risk & compliance programs.
- 3+ years of experience working in the technology risk & compliance field
- Experience working in or with a technology organization is preferred
- Experience with one or more of the following: SOX, GDPR/CCPA, PCI DSS
- Knowledge of frameworks such as: ISO 27001, NIST CSF, COBIT
- One or more of these certifications is preferred: CISA, CRISC, ITIL, CISSP
- Solid understanding of key information security & technology change management principles
- Familiarity with data privacy concepts & program operations (GDPR/CCPA)
- Understanding of business continuity / disaster recovery principles is preferred
- Knowledge of qualitative vs. quantitative risk management & inherent vs. residual risk in order to properly determine & report on technology risk levels
- Strong degree of comfort working alongside, engaging & communicating with senior software engineering & business-side stakeholders
- Experience working in a technology intensive agile environment
- Familiarity with agile methodologies & working on a scrum team is preferred
- Knowledge of JIRA & Confluence a plus
- Maintains updated knowledge of best practices in the field of technology risk management, compliance & data privacy
Peloton is the largest interactive fitness platform in the world with a loyal community of more than 3 million Members. The company pioneered connected, technology-enabled fitness, & the streaming of immersive, instructor-led boutique classes for its Members anytime, anywhere. Peloton makes fitness entertaining, approachable, effective, & convenient, while fostering social connections that encourage its Members to be the best versions of themselves. An innovator at the nexus of fitness, technology, & media, Peloton has reinvented the fitness industry by developing a first-of-its-kind subscription platform that seamlessly combines the best equipment, proprietary networked software, & world-class streaming digital fitness & wellness content, creating a product that its Members love. The brand's immersive content is accessible through the Peloton Bike, Peloton Tread, Peloton Bike+, Peloton Tread+, & Peloton App, which allows access to a full slate of fitness classes across disciplines, on any iOS or Android device, Apple TV, Fire TV, Roku TVs, & Chromecast & Android TV. Founded in 2012 & headquartered in New York City, Peloton has a growing number of retail showrooms across the US, UK, Canada & Germany. For more information, visit www.onepeloton.com.
"Together We Go Far means that we are greater than the sum of our parts, stronger collectively when each one of us is at our best. In order to be the best version of Peloton, we are deeply committed to building a diverse workforce & inclusive culture where all of our team members can be the best version of themselves. This work has no endpoint; it is the constant work of running an organization that strives to reach its full potential. As a first step in our commitment, we announced the Peloton Pledge to invest $100 million over the next four years to fight racial injustice & inequity in our world, & to promote health & wellbeing for all, from the inside out.