Governance, Risk & Compliance (Grc) Senior Analyst

Peloton Cycle New York , NY 10007

Posted 4 months ago


The Peloton Enterprise Technology Team is expanding and transforming its risk management, compliance and security capabilities and resources. We are investing in these areas to address an ever increasing cybersecurity threat landscape, as well as regulatory compliance requirements as the company continues to grow.

The Enterprise Technology Governance, Risk & Compliance (GRC) Senior Analyst is a critical position within the team, and has GRC responsibilities from a technology and security perspective across the organization globally. Working closely with the Director of GRC, Enterprise Technology Team, and stakeholders across the organization, this position will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture for Peloton. This individual will be directly responsible for implementing, maintaining and improving policies, procedures and internal controls to assure compliance with applicable regulatory and legal requirements as well as best practices. The GRC Senior Analyst will drive risk analysis, designing controls, and implementing industry best practice processes for teams and technologies utilized across the organization.

The role will work across multiple frameworks and regulatory standards including, but not limited to, NIST CSF, CIS Controls, PCI-DSS, GDPR, SOX 404, etc. This individual will liaise with Engineering, Finance, General Counsel, Audit and other stakeholders globally to implement new solutions and processes as well as remediate outstanding issues. The role will also have responsibility for the implementation and ownership of a GRC system that will be used to further the automation of the program.


  • Under general direction of the Director of GRC, the role is responsible for project management and implementation of controls to build and enhance the GRC program.

  • Responsibility for informing leadership of issues resulting from risk analysis and determining potential solutions that are appropriate for Peloton's business and system architecture.

  • Interacts with Enterprise Technology and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies.

  • Work closely with the Security Team to detect potential security weaknesses and developing creative ways to tackle challenges unique to Peloton's business and systems architecture.

  • Maintains updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST CSF, CIS Controls, PCI-DSS, GDPR, SOX 404, etc.

  • Understanding of qualitative vs. quantitative risk management and inherent vs. residual risk in order to properly determine and report on technology risk levels.

  • Effectively engages Peloton stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment.

  • Understanding of security functions including: Incident Management, Secure Change Management, Identity and Access Management, and Vendor Security Risk Management.

  • Must stay current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy.


Founded in 2012, Peloton is an innovative tech company that brings members the best workouts possible, all from the convenience of their own home via the Bike,Tread and iOS App platforms. Peloton uses technology and design to connect the world through fitness, empowering people to be the best version of themselves anywhere, anytime.

Peloton believes in taking risks and challenging the status quo by continuously innovating and improving. We put our users, members, and customers first and we obsess over every touch point of the member experience be it the studio, product or showroom. We like to hire the best and encourage all our associates to be Peloton's brand ambassadors. Most importantly, we know that together we go far.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Specialist Third Party Governance (Tpg) Risk Assessor

The Bank Of New York Mellon

Posted Yesterday

VIEW JOBS 8/24/2019 12:00:00 AM 2019-11-22T00:00 The Office of Third-Party Governance is responsible for BNY Mellon's Third Party Governance (TPG) program, an enterprise-wide initiative that facilitates a comprehensive risk framework and robust due diligence and oversight process in the selection and use of third parties. As the owner of the program, TPG is responsible and accountable for establishing the Program and overseeing the execution globally. Description As a Third Party Governance (TPG) Risk Assessor, you will be reporting directly to The Manager of the Third Party Governance Risk Assessment Team and will help assess and identify third party vendor issues, complete quality control function reviews and execute Third Party Vendor risk assessments. This will include escalating potential red flags and/or remediating identified risks with department or line of business partners, while providing robust and challenging insight on business risk and on the adequacy and effectiveness of the test control processes in place. Ambitious, hardworking candidates with a desire to produce outstanding output as a way to differentiate and make a case for their career advancement are preferred. Responsibilities include: * Perform risk assessments by analyzing questionnaires such as third party profiles and due diligence evaluations. * Evaluate third party vendor's control infrastructure effectiveness and review evidence of controls by applying audit, compliance, security and regulatory framework knowledge and experience including, but not limited to: ISO 27001, Privacy Regulation and FFIEC (non-AML) requirements. * Analyze vendor risk data including performance metrics and scorecards; aggregate reporting for executive sponsors, line of business owners and stakeholders as needed. * Liaise with key business partners and team members to facilitate risk analysis to identify appropriate third party vendor risk classifications. * Manage required artifacts, perform quality control reviews and support the termination process of third party vendors. * Participate in the Third Party Governance (TPG) risk and compliance program's execution and adherence, including process enhancements and remediation efforts, as applicable. * Develop working knowledge of the Bank of New York Mellon's operations as needed to ensure optimization of due diligence reviews and risk assessments. * Train and mentor junior team members. Required Skills / Experience: * Experience performing vendor risk assessments is required (experience only in vendor oversight or vendor management is not sufficient) * Experience gathering information from a range of different sources and methods e.g. data collection, interviews, meetings, review of processes, manuals, and documentation is required * Knowledge of Compliance, Audit, Regulatory and Risk Principles is required * Knowledge of Information Security Principles is preferred * Ability to plan, organize, prioritize and drive workload autonomously * Experience driving solutions and working as part of a flexible high performing team * Outstanding interpersonal, written and communication skills Qualifications * 7-10 years of total work experience preferred * Bachelor's degree or equivalent combination of education and work experience is required * Advanced Excel and PowerPoint skills are preferred * Strong analytical and quantitative skills are preferred * Process optimization experience is preferred BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals With Disabilities/Protected Veterans. Primary Location: United States-New York-New York Internal Jobcode: 85238 Job: Finance/Accounting Organization: BNY Mellon CAO-HR16507 Requisition Number: 1911297 The Bank Of New York Mellon New York NY

Governance, Risk & Compliance (Grc) Senior Analyst

Peloton Cycle