Security GRC Senior Analyst

at Peloton Interactive, Inc. in Augusta, Maine, United States

Job Description


Peloton inspires and motivates millions of people every day. A key part of delivering on that mission is not only an outstanding experience that our instructors and platforms provide, but also the data, telemetry, and insights that empower our members to be the best version of themselves anywhere, anytime. Earning and maintaining our members’ trust and safeguarding their data is key to everything we do.

The Security Governance, Risk & Compliance (GRC) Analyst is a critical position within the team, and has risk and compliance responsibilities from a technology and security perspective across the organization globally. The main objective of the Security GRC team is to deliver best in class Security Governance, Risk and Compliance, services to ensure that Peloton operates in a risk mitigated, security managed environment and that Peloton’s security compliance objectives are being met. Their responsibilities span Peloton’s products and services and the internal applications, tools, and infrastructure that support them.


+ Lead the strategy, approach, and compliance activities for Peloton’s compliance to PCI DSS.

+ Execute multiple PCI DSS control validation programs simultaneously with specific deadlines.

+ Manage the progress of remediation steps on identified control deficiencies.

+ Ensure reports and findings are delivered in a timely and appropriate manner to management.

+ Coordinate certified PCI ASV scans, ensure passing scan for each quarter, and drive remediation of scans.

+ Advise on proposed security tool and process changes that could impact PCI DSS compliance.

+ Knowledge of all requirements of PCI DSS v3.2.1 with some knowledge of the changes in PCI DSS v4.0.

+ Administer the annual PCI DSS assessment process with our Qualified Security Assessor (PCI QSA).


+ 6+ years of experience executing PCI DSS compliance programs.

+ Highly organized, motivated, and detail-oriented with the ability to work independently in a fast-paced environment.

+ Flexible and able to adapt quickly in a fast-moving environment.

+ Excellent problem-solving skills and ability to manage competing priorities and deadlines.

+ Strong degree of comfort working alongside, engaging and communicating with senior software engineering and business-side stakeholders.

+ Must have familiarity with systems, networks, and a variety of the security concepts, practices, and procedures.

+ Must be able to read and interpret network diagrams and technical architecture drawings.

+ Experience developing, championing, and managing complex internal and external compliance efforts.

+ Ability to work independently and effectively with all levels of staff and management both internally and externally.

+ Expert knowledge of the ISO, COBIT and PCI DSS control frameworks is expected.

+ One or more of the following certifications is preferred: CISA, CISM, CRISC, CISSP.

\#LI-SV2 #LI-Remote


Peloton is the leading interactive fitness platform globally, with a passionate community of nearly 7 million Members in the US, UK, Canada, Germany, and Australia. Peloton makes fitness entertaining, approachable, effective, and convenient, while fostering social connections that motivate its Members to commit to their fitness journeys. An innovator at the nexus of fitness, technology, and media, Peloton reinvented the fitness industry by developing a first-of-its-kind subscription platform that seamlessly combines the best equipment, proprietary networked software, world-class streaming digital fitness and wellness content, and best-in-class fitness experts and Instructors..

Peloton is an equal opportunity employer and committed to creating an inclusive environment for all of our applicants. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Peloton does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted here ( on our careers page and all communications from the Peloton recruiting team and/or hiring managers will be from an @ email address.

If you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Peloton, please email before taking any further action in relation to the correspondence.

Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.

Copy Link

Job Posting: JC224291274

Posted On: Sep 21, 2022

Updated On: Oct 23, 2022