Back to all jobs

Security GRC Analyst


Jun 22


Peloton inspires and motivates millions of people every day. A key part of delivering on that mission is not only an amazing experience that our instructors and platforms provide, but also the data, telemetry, and insights that empower our members to be the best version of themselves anywhere, anytime. Earning and maintaining our members’ trust and safeguarding their data is key to everything we do.

The Security Governance, Risk & Compliance (GRC) Analyst is a critical position within the team, and has risk and compliance responsibilities from a technology and security perspective across the organization globally. The main objective of the Security GRC team is to deliver best in class Security Governance, Risk and Compliance, services to ensure that Peloton operates in a risk mitigated, security managed environment and that Peloton’s security compliance objectives are being met. Their responsibilities span Peloton’s products and services and the internal applications, tools, and infrastructure that support them.


  • Working closely with the entire GRC team and stakeholders across the organization, this individual will be directly responsible for implementing, maintaining and improving internal controls to assure compliance with applicable regulatory and legal requirements. 
  • Drive risk analysis, operate controls, and help implement industry best practices for teams and technologies utilized across the organization. 
  • Responsible for executing internal Information Technology (IT) controls in support of regulatory and compliance frameworks for in-scope applications, operating systems and databases.
  • Partner effectively with Information Security, Product, Platform, Internal Audit, Legal, and other internal peers to support Peloton’s compliance with applicable legal, regulatory, and security frameworks.
  • Work closely with the Internal Audit Team to ensure alignment on timing, controls reliance, external audit reliance, etc.
  • Support the development of new testing automations through the GRC platform, or similar tool-sets, to automate the IT internal controls testing (i.e. SOX user access review controls, data analytics, etc.).
  • Maintains updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST CSF, CIS Controls, PCI-DSS, SOX 404, etc.


  • 4+ years of relevant internal audit and SOX experience, with a mix of private and public accounting experience preferred
  • Working knowledge of IT systems - SAP, WMS, ADP, Salesforce, Coupa, etc
  • Highly organized, motivated, and detail-oriented with the ability to work independently in a fast-paced environment 
  • Flexible and able to adapt quickly in a fast-moving environment
  • Excellent problem-solving skills and ability to manage competing priorities and deadlines
  • Strong degree of comfort working alongside, engaging and communicating with senior software engineering and business-side stakeholders
  • Experience developing, championing, and managing internal compliance programs.
  • One or more of the following certifications is preferred: CISA, CISM, CISSP



Peloton is the leading interactive fitness platform globally, with a passionate community of 7 million Members in the US, UK, Canada, Germany, and Australia. Peloton makes fitness entertaining, approachable, effective, and convenient, while fostering social connections that motivate its Members to commit to their fitness journeys. An innovator at the nexus of fitness, technology, and media, Peloton reinvented the fitness industry by developing a first-of-its-kind subscription platform that seamlessly combines the best equipment, proprietary networked software, world-class streaming digital fitness and wellness content, and best-in-class fitness experts and Instructors.

At Peloton, we motivate the world to live better. “Together We Go Far” means that we are greater than the sum of our parts, stronger collectively when each one of us is at our best. By combining hardware, software, content, retail, apparel, manufacturing, Member support, and so much more, we deliver an exhilarating fitness experience that unlocks our members' greatness. Join our team to unlock yours.

Peloton is an equal opportunity employer and committed to creating an inclusive environment for all of our applicants. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. If you would like to request any accommodations from application through to interview, please email:  [email protected]

Peloton has a COVID-19 vaccination policy to safeguard the health and well-being of our employees and customers globally. All employees based in the U.S. and Canada are required to provide proof of vaccination, unless the employee has a Peloton-approved reasonable accommodation or as otherwise required by law.

Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Peloton does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted here on our careers page and all communications from the Peloton recruiting team and/or hiring managers will be from an email address. 

If you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Peloton, please email [email protected] before taking any further action in relation to the correspondence.


Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.