Sr IT Compliance Analyst

The Company

Dexcom Corporation (NASDAQ DXCM) is a pioneer and global leader in continuous glucose monitoring (CGM). Dexcom began as a small company with a big dream: To forever change how diabetes is managed. To unlock information and insights that drive better health outcomes. Here we are 25 years later, having pioneered an industry. And we're just getting started. We are broadening our vision beyond diabetes to empower people to take control of health. That means personalized, actionable insights aimed at solving important health challenges. To continue what we've started: Improving human health.

We are driven by thousands of ambitious, passionate people worldwide who are willing to fight like warriors to earn the trust of our customers by listening, serving with integrity, thinking big, and being dependable. We've already changed millions of lives and we're ready to change millions more. Our future ambition is to become a leading consumer health technology company while continuing to develop solutions for serious health conditions. We'll get there by constantly reinventing unique biosensing-technology experiences. Though we've come a long way from our small company days, our dreams are bigger than ever. The opportunity to improve health on a global scale stands before us.

Meet the team:
Senior IT Compliance Analyst, will support the Dexcom IT Compliance team, in collection, review, and management of all evidence associated with and required by Security, Regulatory and Business compliance frameworks. Will lead all activities associated with the preparation and execution of Sarbannes-Oxley (SOX) audits; ISO 27001 Security Assessments and Payment Card Industry (PCI) self-assessments. Analyst will support and manage process improvement efforts in association with all compliance frameworks.
 

This position reports, functionally, to the Sr Manager, IT Compliance.

Where you come in

• You will manage IT Compliance requirements to support our needs as a distributed company. Triage and manage priorities of IT Compliance activities

• You will collaborate with all functions of the company to ensure IT Compliance needs are addressed

• You will provide Program-level reporting across teams outside of IT Compliance.  

• You will identify and maintain the requirements for the IT department to achieve compliance and privacy standards including SOX, PCI, ISO 27001 and other standards, while anticipating internal and external audit requirements.

• You will coordinate evidence collection and support audits of internal computer systems processes and management.

• You keep abreast of changing regulatory requirements and appropriately adjust the scope of the IT Compliance program to accommodate these changes.

• You will prioritize improvements and conduct compliance projects to reduce risk and improve regulatory compliance

What makes you successful:

• Your 1-2 years of risk and compliance experience performing any of the following assessments: ISO 27001, PCI-DSS, SOX, GDPR, or HIPAA.

• Your experience in managing policy exceptions, including working directly with the teams to document exceptions, and identify compensating controls and remediation action plans.

• Your experience communicating effectively across business and technical boundaries in order to offer recommendations as an expert with best practices.

• Your ability to work independently without detailed guidance.

• Your proficiency in writing executive-level reports and technical documentation

• Your ability to effectively communicate with all levels of staff and management

• Your detail oriented and organized; ability to multitask

• Your knowledge and understanding of audit standards and practices, and control frameworks

• Your proven experience with internal and external audits

• Your 3+ years direct experience in compliance, information security, IT audit, and/or risk management.

• Your bachelor's degree or equivalent practical experience; BS in Computer Science, Information Security, or related field is preferred.

• Your familiarity with security compliance frameworks, controls, and best practices: AICPA Trust Principles (SSAE 18 - SOC 2 and 3), ISO 27000 series, PCI DSS, SANS CIS Critical Security Controls, SOX, GDPR, CCPA, and regulations governing personally identifiable information (PII), or other regulatory compliance frameworks desired

What you’ll get:

• A front row seat to life changing CGM technology. Learn about our brave #dexcomwarriors community.

• A full and comprehensive benefits program.

• Growth opportunities on a global scale.

• Access to career development through in-house learning programs and/or qualified tuition reimbursement.

• An exciting and innovative, industry-leading organization committed to our employees, customers, and the communities we serve.

#LI-Hybrid

To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.