The Peloton Enterprise IT Operations Team is expanding and transforming its risk management, compliance and security capabilities and resources.  We are investing in these areas to address an ever increasing cybersecurity threat landscape, as well as regulatory compliance requirements as the company continues to grow.  

The Technology Governance, Risk & Compliance (GRC) Analyst is a critical position within the team, and has GRC responsibilities from a technology and security perspective across the organization globally. Working closely with the entire GRC team, and stakeholders across the organization, this position will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture and reduce risk levels for Peloton. This individual will be directly responsible for implementing, maintaining and improving policies, procedures and internal controls to assure compliance with applicable regulatory and legal requirements as well as best practices. The GRC Analyst will drive risk analysis, designing controls, and implementing industry best practice processes for teams and technologies utilized across the organization.

The role will work across multiple frameworks and regulatory standards including, but not limited to, SOX 404, GDPR, CCPA, PCI-DSS, NIST CSF, etc. This individual will liaise with Engineering, Finance, Enterprise Systems, General Counsel, Internal Audit and other stakeholders globally to implement new solutions and processes as well as remediate outstanding issues. The role will also have responsibility for the administration of systems the team utilizes to run and automate our various risk, compliance and security programs. 

JOB DUTIES:

  • Under the general direction of the Director of GRC and senior team members, the role is responsible for the design, implementation and operations of controls and processes to build and run the GRC program globally.
  • Responsibility for informing leadership of issues resulting from risk analysis and determining potential solutions that are appropriate for Peloton’s business and system architecture.
  • Interacts with technology-focused teams and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies.
  • Work closely with the Security Team to detect potential security weaknesses and developing creative ways to tackle challenges unique to Peloton’s business and systems architecture.
  • Maintains updated knowledge in the field of risk management and compliance to efficiently work on frameworks including SOX 404, GDPR, CCPA, PCI-DSS, NIST CSF, etc.
  • Understanding of qualitative vs. quantitative risk management and inherent vs. residual risk in order to properly determine and report on technology risk levels.
  • Effectively engages Peloton stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment.
  • Understanding of security functions including: Incident Management, Secure Change Management, Identity and Access Management, and Vendor Security Risk Management.
  • Must stay current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy.

ABOUT PELOTON

Peloton is the largest interactive fitness platform in the world with a loyal community of more than 2.6 million Members. The company pioneered connected, technology-enabled fitness, and the streaming of immersive, instructor-led boutique classes for its Members anytime, anywhere. Peloton makes fitness entertaining, approachable, effective, and convenient, while fostering social connections that encourage its Members to be the best versions of themselves. An innovator at the nexus of fitness, technology, and media, Peloton has reinvented the fitness industry by developing a first-of-its-kind subscription platform that seamlessly combines the best equipment, proprietary networked software, and world-class streaming digital fitness and wellness content, creating a product that its Members love. The brand's immersive content is accessible through the Peloton Bike, Peloton Tread, and Peloton App, which allows access to a full slate of fitness classes across disciplines, on any iOS or Android device, Fire TV, Roku, Chromecast and Android TV. Founded in 2012 and headquartered in New York City, Peloton has a growing number of retail showrooms across the US, UK, Canada and Germany. For more information, visit www.onepeloton.com.

 

r.

Apply for this Job

* Required
  
  


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at Peloton are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.