This job has expired.
Meet the team:
Dexcom's Governance, Risk and Control (GRC) team, part of its Information Security unit, is either located in San Diego HQ or remotely around the globe. Our backgrounds are rich in regulatory compliance, IT and security-related audits, risk assessments, and industry security and privacy certifications (i.e., ISO 27001, FedRAMP, CMMC, SOC2, HIPAA, GDPR, CCPA, etc.), exceptional project management prowess, and enterprise-wide GCR-related activities, such as policy development, security awareness training and communications, and phishing campaigns. With our various backgrounds and talents, we help the organization achieve favorable business outcomes while improving its security posture and reducing risk across the business. We're part of IT but are closely connected and partner with R&D, HR, Privacy, Facilities, and Legal & Compliance.
The Staff Technical Program Manager in Dexcom's Information Security (InfoSec) GRC unit will manage and support concurrent projects to achieve favorable business outcomes while improving the security posture and reducing risk across the business. You will apply your diverse skillset to the organization's GRC, InfoSec, and IT goals. If you excel at building and maintaining effective relationships across business units, are an accomplished communicator and driver for InfoSec interests, and can execute the art of influencing partners to achieve security, risk, and control program objectives., you may be the candidate we're looking for!
Where you come in:
• You will support the enterprise Infosec program by meeting Infosec objectives, developing and documenting program artifacts, tracking metrics and KPIs, and developing reports, communication plans and policies.
• You will serve on numerous cross-functional teams to drive successful outcomes, ensure compliance with all regulations and laws, and represent the Infosec team.
• You will work with diverse control and system owners to mitigate risks across the organization, collect control evidence and artifacts, and prepare them for the organization's security-related certifications, audits, and assessments.
• You will develop, implement, mature, and manage the organization's compliance for information security controls (i.e., ISO 27001, HIPPA, SOC 2, FedRAMP, CMMC, HIPAA, PCI, etc.).
• You will map, align, and educate others about the frameworks embedded in Dexcom's unified control framework.
• You will effectively communicate, document, and escalate projects and tasks (using OneTrust, ServiceNow, Smartsheets, etc.) as well as provide timely communications about the status of remediation efforts, control gaps, and noncompliance resolution to the team, management, and across partner units.
• You will provide written responses to questionnaires about Dexcom's IT and InfoSec security controls, policies, and compliance profile.
• You will support the planning, procuring, budgeting, and licensing activities of the InfoSec team.
What makes you successful:
• You must have an understanding and experience in auditing principles and experience auditing at least two of the following frameworks: COSO, ISO 27001, SOC2 Type1/2, FedRAMP, CMMC, HIPPA, PCI, or NIST.
• You must be an expert in building effective relationships through rapport, trust, diplomacy, and tact; advanced collaboration skills, and a proven track record of persuading and influencing others to achieve Infosec program objectives.
• You must have the ability to translate complex information security topics and threats into easily understood terms that can be incorporated into business requirements.
• You must have experience managing information security risk management programs including performing risk assessments on new vendors/ tools/systems, conducting self-assessments, creating and monitoring the effectiveness of security controls, and supporting third party risk management activities from the Infosec perspective.
• You must have advanced organizational, planning and time management abilities and exceptional verbal and written skills.
• Having significant experience with information security processes, concepts, principles, and methodologies.
• Having significant experience developing security policy, standards, and processes.
• Having experience and expertise in managing user awareness, training programs, and phishing campaigns.
• Having experience using OneTrust (setting up assessments, managing attributes, risks, and asset/vendor libraries), Smartsheets, and ServiceNow.
• You should have project or program management certification (PMP, etc.)
What you'll get:
• A front row seat to life changing CGM technology. Learn about our brave #dexcomwarriors community.
• A full and comprehensive benefits program.
• Growth opportunities on a global scale.
• Access to career development through in-house learning programs and/or qualified tuition reimbursement.
• An exciting and innovative, industry-leading organization committed to our employees, customers, and the communities we serve.
#LI-AP1
#LI-REMOTE
Experience and Education
Subscribe to job alerts and upload your resume!
*By registering with our site, you agree to our
Terms and Privacy Policy.
|
|
|