GRC Technical Program Manager
Dexcom, Inc

Meet the team:
Dexcom's Governance, Risk and Control (GRC) team, part of its Information Security unit, is either located in San Diego HQ or remotely around the globe. Our backgrounds are rich in regulatory compliance, IT and security-related audits, risk assessments, and industry security and privacy certifications (i.e., ISO 27001, FedRAMP, CMMC, SOC2, HIPAA, GDPR, CCPA, etc.), exceptional project management prowess, and enterprise-wide GCR-related activities, such as policy development, security awareness training and communications, and phishing campaigns. With our various backgrounds and talents, we help the organization achieve favorable business outcomes while improving its security posture and reducing risk across the business. We're part of IT but are closely connected and partner with R&D, HR, Privacy, Facilities, and Legal & Compliance.

The Staff Technical Program Manager in Dexcom's Information Security (InfoSec) GRC unit will manage and support concurrent projects to achieve favorable business outcomes while improving the security posture and reducing risk across the business. You will apply your diverse skillset to the organization's GRC, InfoSec, and IT goals. If you excel at building and maintaining effective relationships across business units, are an accomplished communicator and driver for InfoSec interests, and can execute the art of influencing partners to achieve security, risk, and control program objectives., you may be the candidate we're looking for!

Where you come in:
• You will support the enterprise Infosec program by meeting Infosec objectives, developing and documenting program artifacts, tracking metrics and KPIs, and developing reports, communication plans and policies.
• You will serve on numerous cross-functional teams to drive successful outcomes, ensure compliance with all regulations and laws, and represent the Infosec team.
• You will work with diverse control and system owners to mitigate risks across the organization, collect control evidence and artifacts, and prepare them for the organization's security-related certifications, audits, and assessments.
• You will develop, implement, mature, and manage the organization's compliance for information security controls (i.e., ISO 27001, HIPPA, SOC 2, FedRAMP, CMMC, HIPAA, PCI, etc.).
• You will map, align, and educate others about the frameworks embedded in Dexcom's unified control framework.
• You will effectively communicate, document, and escalate projects and tasks (using OneTrust, ServiceNow, Smartsheets, etc.) as well as provide timely communications about the status of remediation efforts, control gaps, and noncompliance resolution to the team, management, and across partner units.
• You will provide written responses to questionnaires about Dexcom's IT and InfoSec security controls, policies, and compliance profile.
• You will support the planning, procuring, budgeting, and licensing activities of the InfoSec team.

What makes you successful:
• You must have an understanding and experience in auditing principles and experience auditing at least two of the following frameworks: COSO, ISO 27001, SOC2 Type1/2, FedRAMP, CMMC, HIPPA, PCI, or NIST.
• You must be an expert in building effective relationships through rapport, trust, diplomacy, and tact; advanced collaboration skills, and a proven track record of persuading and influencing others to achieve Infosec program objectives.
• You must have the ability to translate complex information security topics and threats into easily understood terms that can be incorporated into business requirements.
• You must have experience managing information security risk management programs including performing risk assessments on new vendors/ tools/systems, conducting self-assessments, creating and monitoring the effectiveness of security controls, and supporting third party risk management activities from the Infosec perspective.
• You must have advanced organizational, planning and time management abilities and exceptional verbal and written skills.
• Having significant experience with information security processes, concepts, principles, and methodologies.
• Having significant experience developing security policy, standards, and processes.
• Having experience and expertise in managing user awareness, training programs, and phishing campaigns.
• Having experience using OneTrust (setting up assessments, managing attributes, risks, and asset/vendor libraries), Smartsheets, and ServiceNow.
• You should have project or program management certification (PMP, etc.)

What you'll get:
• A front row seat to life changing CGM technology. Learn about our brave #dexcomwarriors community.
• A full and comprehensive benefits program.
• Growth opportunities on a global scale.
• Access to career development through in-house learning programs and/or qualified tuition reimbursement.
• An exciting and innovative, industry-leading organization committed to our employees, customers, and the communities we serve.

#LI-AP1

#LI-REMOTE

Experience and Education

• Typically requires a Bachelors degree in a technical discipline, and a minimum of 8-12 years related experience or Masters degree and 5-7 years equivalent industry experience or a PhD and 2-4 years of experience.

Please note: The information contained herein is not intended to be an all-inclusive list of the duties and responsibilities of the job, nor are they intended to be an all-inclusive list of the skills and abilities required to do the job. Management may, at its discretion, assign or reassign duties and responsibilities to this job at any time. The duties and responsibilities in this job description may be subject to change at any time due to reasonable accommodation or other reasons. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Dexcom's AAP may be viewed upon request by contacting Talent Acquisition at talentacquisition@dexcom.com.

If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact Dexcom Talent Acquisition at talentacquisition@dexcom.com.

View the OFCCP's Pay Transparency Non Discrimination Provision at this link.

UnitedHealthcare creates and publishes the Machine-Readable Files on behalf of Dexcom. To link to the Machine-Readable Files, please click on the URL provided: https://transparency-in-coverage.uhc.com/.

To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.

This job has expired.