Technology Governance, Risk & Compliance Analyst (PCI) at Peloton
The Peloton Enterprise Technology team is expanding and transforming its risk management, compliance and information security capabilities and resources. We are investing in these areas to address an ever increasing threat landscape, as well as regulatory compliance requirements as the company continues to grow.
The Technology Governance, Risk & Compliance (GRC) Analyst is a critical position within the team, and has risk and compliance responsibilities from a technology and security perspective across the organization globally. Working closely with the entire GRC team and stakeholders across the organization, this position will be responsible for operating and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture and reduce risk levels for Peloton. This individual will be directly responsible for implementing, maintaining and improving policies, procedures and internal controls to assure compliance with applicable regulatory and legal requirements as well as best practices. The GRC Analyst will drive risk analysis, operate controls, and help implement industry best practices for teams and technologies utilized across the organization.
The role will work across multiple frameworks and regulatory standards including, but not limited to SOX, GDPR, CCPA, PCI-DSS, NIST CSF, etc. This individual will liaise with Software Engineering, Finance, Enterprise Systems, General Counsel, Internal Audit and other stakeholders globally to implement new solutions and processes as well as remediate outstanding issues.
- Under the general direction of the Director of GRC and senior team members, the role is responsible for the design, implementation and operations of controls and processes to build and run the GRC program globally.
- Responsibility for informing leadership of issues resulting from risk analysis and determining potential solutions that are appropriate for Peloton’s business and system architecture.
- Interacts with technology-focused teams and business stakeholders to understand risks to critical infrastructure and data by defining potential business impact with the responsibility to apply effective mitigation strategies.
- Work closely with the Information Security team to detect potential security weaknesses and brainstorm creative ways to tackle challenges unique to Peloton’s business and systems architecture.
- The role will also have some responsibility for the administration of systems the team utilizes to manage our various risk and compliance programs.
- 3+ years of experience working in the technology risk and compliance field
- Experience working in or with a technology organization is preferred
- Experience with one or more of the following: SOX, GDPR/CCPA, PCI DSS
- Knowledge of frameworks such as: ISO 27001, NIST CSF, COBIT
- One or more of these certifications is preferred: CISA, CRISC, ITIL, CISSP
- Solid understanding of key information security and technology change management principles
- Familiarity with data privacy concepts and program operations (GDPR/CCPA)
- Understanding of business continuity / disaster recovery principles is preferred
- Knowledge of qualitative vs. quantitative risk management and inherent vs. residual risk in order to properly determine and report on technology risk levels
- Strong degree of comfort working alongside, engaging and communicating with senior software engineering and business-side stakeholders
- Experience working in a technology intensive agile environment
- Familiarity with agile methodologies and working on a scrum team is preferred
- Knowledge of JIRA and Confluence a plus
- Maintains updated knowledge of best practices in the field of technology risk management, compliance and data privacy
Peloton uses technology + design to connect the world through fitness, empowering people to be the best version of themselves anywhere, anytime. We have reinvented the fitness industry by developing a first-of-its-kind subscription platform. Seamlessly combining hardware, software, and streaming technology, we create digital fitness and wellness content and products that Members love. In 2020 Peloton committed to becoming an antiracist organization with the launch of the Peloton Pledge. Learn more, here.
Peloton is an equal opportunity employer and committed to creating an inclusive environment for all of our applicants. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. If you would like to request any accommodations from application through to interview, please email: [email protected]
Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Peloton does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted here on our careers page and all communications from the Peloton recruiting team and/or hiring managers will be from an @onepeloton.com email address.
If you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Peloton, please email [email protected] before taking any further action in relation to the correspondence.
Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.