Security GRC Analyst

ABOUT THE ROLE

Peloton inspires and motivates millions of people every day. A key part of delivering on that mission is not only an amazing experience that our instructors and platforms provide, but also the data, telemetry, and insights that empower our members to be the best version of themselves anywhere, anytime. Earning and maintaining our members’ trust and safeguarding their data is key to everything we do.

The Security Governance, Risk & Compliance (GRC) Analyst is a critical position within the team, and has risk and compliance responsibilities from a technology and security perspective across the organization globally. The main objective of the Security GRC team is to deliver best in class Security Governance, Risk and Compliance, services to ensure that Peloton operates in a risk mitigated, security managed environment and that Peloton’s security compliance objectives are being met. Their responsibilities span Peloton’s products and services and the internal applications, tools, and infrastructure that support them.

YOUR DAILY IMPACT AT PELOTON:

• Working closely with the entire GRC team and stakeholders across the organization, this individual will be directly responsible for implementing, maintaining and improving internal controls to assure compliance with applicable regulatory and legal requirements. 
• Drive risk analysis, operate controls, and help implement industry best practices for teams and technologies used across the organization. 
• Responsible for executing internal Information Technology (IT) controls in support of regulatory and compliance frameworks for in-scope applications, operating systems and databases.
• Partner effectively with Information Security, Product, Platform, Internal Audit, Legal, and other internal peers to support Peloton’s compliance with applicable legal, regulatory, and security frameworks.
• Work closely with the Internal Audit Team to ensure alignment on timing, controls reliance, external audit reliance, etc.
• Support the development of new testing automations through the GRC platform, or similar tool-sets, to automate the IT internal controls testing (i.e. SOX user access review controls, data analytics, etc).
• Maintains updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST CSF, CIS Controls, PCI-DSS, SOX 404, etc.

YOU BRING TO PELOTON:

• 4+ years of relevant internal audit and SOX experience, with a mix of private and public accounting experience preferred. 
• Working knowledge of IT systems - SAP, WMS, ADP, Salesforce, Coupa, etc. 
• Highly organized, motivated, and detail-oriented with the ability to work independently in a fast-paced environment.  
• Flexible and able to adapt quickly in a fast-moving environment.
• Excellent problem-solving skills and ability to manage competing priorities and deadlines.
• Strong degree of comfort working alongside, engaging and communicating with senior software engineering and business-side stakeholders.
• Experience developing, championing, and managing internal compliance programs.
• One or more of the following certifications is preferred: CISA, CISM, CISSP. 

#LI-SV2 #LI-Remote