Listing Description
ABOUT THE ROLE
Peloton is seeking a Senior Technical Program Manager (TPM) to drive program and project management for the Information Security (InfoSec) department. You will work with a variety of business and technical stakeholders, vendors, and internal teams, and be assigned to projects and programs as they arise and as your bandwidth permits.
InfoSec provides a targeted set of services, support, and capabilities to prevent cyber attacks from occurring, rapidly detect and contain them when they do, and render data useless were it to leak. The scope of InfoSec at Peloton is global, across all departments and technologies.
We’re looking to hire someone who possesses a high level of integrity and personal accountability, strong interpersonal skills, and information security domain expertise. The successful candidate will be a proactive team player with a bias for action who demonstrates great attention to detail. In this role, you will -
- Lead technical projects and operational programs from inception through closure
- Manage relationships with internal and external partners as well as within the InfoSec department
- Help InfoSec collaborate across Peloton to increase the security posture of our company
THING TO CONSIDER
- We’re a high-growth company, and our processes are in various states of maturity
- We regularly assess the state of the department, the business, and the company, and revisit what processes (and levels of process maturity) are needed for us to reach current and future objectives - you will play a large role in these decisions and changes for the projects and programs you support, and in the Information Security department
- We firmly believe in conducting retrospectives and driving managed, continuous, improvement - you will facilitate many of these and are expected to facilitate and participate in an open and constructive dialogue
- We’re doing a lot really fast - you may be asked to flex outside of your role from time to time. On the other hand, we believe in appropriate work/life balance, and you’ll be asked regularly to gauge your capacity against new efforts to prevent overloading.
YOUR DAILY IMPACT AT PELOTON
- Domain knowledge
- Identify scalable solutions to systemic security issues
- Possess expanded security technology depth
- Possess extensive partner technology and business knowledge
- Write security requirements, threat models, policies, and business and functional requirements and design documents for technical security/automation solutions
- Accurately analyze, identify, and triage security and business risks
- Provide balanced risk remediation recommendations and strategies
- Program governance
- Kick off and run programs and projects with full ownership, effective collaboration, and good process
- Measure program success and risks using data and facts
- Provide clear, accurate, consistent, and timely communications
- Are recognized as an influential and trusted partner because you are compassionate to the needs and situations of both partners and of InfoSec
- Advance Peloton’s Security IQ and culture
- Successfully manage multiple, simultaneous, complex, high-visibility efforts
- Build processes, templates, and structure, or leverage existing ones as appropriate, considering the cost vs benefit of change before implementing
- Antiracism and Inclusivity: Peloton has made a commitment to antiracism
- Contribute to creating a more inclusive culture and environment at Peloton
- Endorse, create, and maintain antiracist policies and processes
YOU BRING TO PELOTON
- Have 4+ years of experience
- Have a flexible (whether proactive or reactive, as the situation requires) approach to change
- Deliver outcomes and overcome obstacles constructively in order to move forward
- Consistently operate above the line
- Are forward-looking and thoughtful
- Are a strong listener with the ability to deeply understand, ask the right questions, and proactively pursue constructive feedback
- Are capable of staying on track and pursuing solutions without supervision
BONUS
- Experience using Smartsheet, Confluence, Jira, and/or GSuite - we don’t use Microsoft Office, Microsoft Outlook, or Microsoft Project here
- PSIRT or product vulnerability disclosure program experience
#LI-AW1
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided