Security GRC Senior Analyst

ABOUT THE ROLE

Peloton inspires and motivates millions of people every day. A key part of delivering on that mission is not only an outstanding experience that our instructors and platforms provide, but also the data, telemetry, and insights that empower our members to be the best version of themselves anywhere, anytime. Earning and maintaining our members’ trust and safeguarding their data is key to everything we do.

The Security Governance, Risk & Compliance (GRC) Analyst is a critical position within the team, and has risk and compliance responsibilities from a technology and security perspective across the organization globally. The main objective of the Security GRC team is to deliver best in class Security Governance, Risk and Compliance, services to ensure that Peloton operates in a risk mitigated, security managed environment and that Peloton’s security compliance objectives are being met. Their responsibilities span Peloton’s products and services and the internal applications, tools, and infrastructure that support them.

YOUR DAILY IMPACT AT PELOTON:

• Lead the strategy, approach, and compliance activities for Peloton’s compliance to PCI DSS.
• Execute multiple PCI DSS control validation programs simultaneously with specific deadlines. 
• Manage the progress of remediation steps on identified control deficiencies.
• Ensure reports and findings are delivered in a timely and appropriate manner to management.
• Coordinate certified PCI ASV scans, ensure passing scan for each quarter, and drive remediation of scans.
• Advise on proposed security tool and process changes that could impact PCI DSS compliance.
• Knowledge of all requirements of PCI DSS v3.2.1 with some knowledge of the changes in PCI DSS v4.0.
• Administer the annual PCI DSS assessment process with our Qualified Security Assessor (PCI QSA).

YOU BRING TO PELOTON:

• 6 years of experience executing PCI DSS compliance programs.
• Highly organized, motivated, and detail-oriented with the ability to work independently in a fast-paced environment. 
• Flexible and able to adapt quickly in a fast-moving environment. 
• Excellent problem-solving skills and ability to manage competing priorities and deadlines.
• Strong degree of comfort working alongside, engaging and communicating with senior software engineering and business-side stakeholders. 
• Must have familiarity with systems, networks, and a variety of the security concepts, practices, and procedures.
• Must be able to read and interpret network diagrams and technical architecture drawings.
• Experience developing, championing, and managing complex internal and external compliance efforts.
• Ability to work independently and effectively with all levels of staff and management both internally and externally.
• Expert knowledge of the ISO, COBIT and PCI DSS control frameworks is expected.
• One or more of the following certifications is preferred: CISA, CISM, CRISC, CISSP. 

#LI-SV2 #LI-Remote