Uncubed
           

IT Governance, Risk and Compliance (GRC) Analyst

Peloton, NY HQ

High-energy group fitness in your living room


SUMMARY:

The Peloton Enterprise Technology Team is expanding and transforming its risk management, compliance and security capabilities and resources.  We are investing in these areas to address an ever increasing cybersecurity threat landscape, as well as regulatory compliance requirements as the company continues to grow.  

The Enterprise Technology Governance, Risk & Compliance (GRC) Analyst is a critical position within the team, and has GRC responsibilities from a technology and security perspective across the organization globally. Working closely with the Director of GRC, Enterprise Technology Team, and stakeholders across the organization, this position will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture for Peloton. This individual will be directly responsible for implementing, maintaining and improving policies, procedures and internal controls to assure compliance with applicable regulatory and legal requirements as well as best practices. The GRC Analyst will drive risk analysis, designing controls, and implementing industry best practice processes for teams and technologies utilized across the organization.

The role will work across multiple frameworks and regulatory standards including, but not limited to, NIST CSF, CIS Controls, PCI-DSS, GDPR, SOX 404, etc. This individual will liaise with Engineering, Finance, General Counsel, Audit and other stakeholders globally to implement new solutions and processes as well as remediate outstanding issues.  The role will also have responsibility for the implementation and ownership of a GRC system that will be used to further the automation of the program.

 

JOB DUTIES:

  • Under general direction of the Director of GRC, the role is responsible for project management and implementation of controls to build and enhance the GRC program.
  • Responsibility for informing leadership of issues resulting from risk analysis and determining potential solutions that are appropriate for Peloton’s business and system architecture.
  • Interacts with Enterprise Technology and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies.
  • Work closely with the Security Team to detect potential security weaknesses and developing creative ways to tackle challenges unique to Peloton’s business and systems architecture.
  • Maintains updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST CSF, CIS Controls, PCI-DSS, GDPR, SOX 404, etc.
  • Understanding of qualitative vs. quantitative risk management and inherent vs. residual risk in order to properly determine and report on technology risk levels.
  • Effectively engages Peloton stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment.
  • Understanding of security functions including: Incident Management, Secure Change Management, Identity and Access Management, and Vendor Security Risk Management.
  • Must stay current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy.

 

ABOUT PELOTON:

Founded in 2012, Peloton is an innovative tech company that brings members the best workouts possible, all from the convenience of their own home via the Bike,Tread and iOS App platforms. Peloton uses technology and design to connect the world through fitness, empowering people to be the best version of themselves anywhere, anytime.

Peloton believes in taking risks and challenging the status quo by continuously innovating and improving. We put our users, members, and customers first and we obsess over every touch point of the member experience – be it the studio, product or showroom. We like to hire the best and encourage all our associates to be Peloton’s brand ambassadors. Most importantly, we know that together we go far.

About Peloton

HOW IT ALL STARTED

Founded in 2012, Peloton brought top talent together in its NYC headquarters to create a new concept in fitness. We loved cycling but had a hard time finding a workout that consistently fit our schedules, and our at-home workouts never felt quite up to par. So, we set out to create a world-class indoor cycling studio experience on your time, and in the comfort of your own home.

A NEW CONCEPT IN FITNESS

At-home fitness equipment has not evolved at the same pace as the group exercise classes that take advantage of trends in fitness, fashion and music to keep you motivated. Peloton has changed this by marrying sophisticated technology with beautiful and thoughtfully designed fitness equipment.

THE PELOTON DIFFERENCE

We are more than just a class, a cycling studio, and a bike. We deliver a fully engaging experience with the technology to make every workout effective, and the social connection to make every workout addicting.


Be a Better Peloton Candidate

Learn skills and get an insider's look at Peloton when you watch classes taught by their top employees.

Want to learn more about Peloton? Visit Peloton's website.