Director Product Security Operations (Remote)
Dexcom, Inc

Chicago, Illinois

Posted in Manufacturing and Production


This job has expired.

Job Info


About Dexcom

Founded in 1999, Dexcom, Inc. (NASDAQ: DXCM), develops and markets Continuous Glucose Monitoring (CGM) systems for ambulatory use by people with diabetes and by healthcare providers for the treatment of people with diabetes. The company is the leader in transforming diabetes care and management by providing CGM technology to help patients and healthcare professionals better manage diabetes. Since the company's inception, Dexcom has focused on better outcomes for patients, caregivers, and clinicians by delivering solutions that are best in class - while empowering the community to take control of diabetes. Dexcom reported expected full-year 2021 revenues of $2.48B, a growth of 27% over 2020. Headquartered in San Diego, California, with additional offices in the Americas, Europe, and Asia Pacific, the company employs over 6,000 people worldwide.

About the Dexcom Product Security Center of Excellence:

Recently formed, the New Markets organization is an expanding, fully-dedicated team focused on creating significant value by driving Dexcom's world-class continuous glucose monitoring (CGM) technology into new applications, such as non-intensive type 2 diabetes, prediabetes, the hospital and managed care facilities, and pregnancy (including gestational diabetes). These important initiatives are entrepreneurial by nature, as they may require novel go-to-market strategies and new technologies. Each member of this team will play a critical role in helping the New Markets organization first explore then realize the significant potential that exists within these exciting new opportunities.

Position Summary:

As a Sr. Leader of the Product Security Team, the Director of Product Security Operations will be leading the Product Security SOC (Security Operations Center), The PSIRT (Product Security Incident Response Team), & The Product Security Governance & Standards Compliance Team which are all part of the Product Security Center of Excellence. The Director of Product Security Operations is responsible for Post Market Product Security and will lead and execute efforts to strengthen and expand the product security operations across Dexcom's product lines and portfolio.

The role will serve as a key member of the product security leadership team, and as an expert advisor to the VP of Product Security Engineering. The candidate will lead the development, implementation, and administration of our product security framework post market ensuring that best practice objectives are achieved for product and data integrity, availability and confidentiality. This role is responsible for the security of all products that have been released to our customers as well as the security of the cloud infrastructure that they run on.

You have an unshakeable foundation in the technical aspects of security, engineering, defect exploitation, and are solution oriented to secure with a bias for action. You are an effective communicator with technical and non-technical people alike and are quickly able to establish credibility and trust. You are comfortable leading and guiding at all levels necessary to achieve objectives. You demonstrate excellent judgement in prioritizing security efforts that mitigate and reduce the appropriate risks. You are driven towards forward progression.

You understand the need to maintain active partnerships and alliances with your business counterparts in order to keep lock-stepped with business direction and prepare the way for successful security integration and alignment with business objectives. You understand when something is not meeting security expectations and act with a sense of urgency and service in order achieve security objectives without sacrificing business objectives. You embrace change and know how to measure success. You believe that security is everyone's responsibility and recognize opportunities for shift-left principles and managing the balance of scalability with centralized efforts.

You will be responsible for orchestrating all the necessary dynamics and processes to make sure your organization successfully links their efforts to the overall security strategy, operating in the most adaptively efficient way possible and is capable of scaling ahead of the demand. You maintain an understanding of where we are, create strategies of where we need to go, drive execution to get there, and can report out on the progress at all levels.

Essential Duties and Responsibilities:

  • The Director of Product Security Operations will lead the following teams; (PSIRT)Incident Response, SOC(Security Operations Center), Governance, & Standards Compliance.
  • Expand, Improve and Lead the Post Market Product Security Team and build it into a world class global product security organization
  • Effectively collaborate with all Dexcom teams with direct accountability to build and oversee the post market cybersecurity strategy, vision, and roadmap with a relentless focus on balancing security with simplification
  • Effectively communicates with and influences key stakeholders across the enterprise, at all levels of the organization

Required Qualifications:
  • 5 or more years of successful experience as a Sr. Manager or Director of Security.
  • Strong management skills with the ability to build and lead cohesive and productive teams.
  • Strong interpersonal skills with the ability to communicate with all levels of management through diplomacy and tact.
  • Excellent oral and written communication skills.
  • International travel required approximately 25%
  • Deep technical expertise and thought leadership to design, implement and accelerate the adoption of the best security operations practices
  • Ensure the R&D department maintains knowledge of security industry innovations, trends, and best practices
  • Role models and mentors, helping to coach and strengthen the security team skills and delivery
  • Seamlessly switch from driving deep into technology with engineers to driving high-level, strategic discussions with non-technical leaders.
  • Someone who loves security and who works stay aware of new threats and advances in security. Not afraid to question the existing way if a better way exists.
  • Must display a keen sense of business value proposition and have the ability to properly prioritize and re-prioritize based on the current threat and risk landscape
  • Must have and experience and expertise in securing public cloud infrastructure
  • Must thrive in working in a fast-paced environment, and challenging the status quo when needed to ensure that our products and infrastructure stay safe
  • Experience leading security operations teams and incident response teams
  • The (PSIRT) team drives product security incident response by leading identification and response to internally and externally discovered product security vulnerabilities, including technical analysis, driving remediation by product teams, and publishing security advisories as needed to communicate mitigation instructions to customers
  • The SOC teams are spread across the globe and operates 24/7 so experience leading building and leading distributed SOC teams is key. Broad experience with cloud security tools and services needed to monitor, protect and defend public cloud infrastructure 24/7 is also important
  • Requires strong security experience, excellent communication skills, and mature leadership and management abilities
  • Responsible for guiding the improvement of the program over time, through implementing and refining processes, procedures, tools, and guidelines
  • Assessing the initial impact of security vulnerabilities to the organization's product portfolio
  • Offering leadership and guidance regarding vulnerability response and potential risk to the business
  • Expert at communicating with stakeholders, both internal and external, including 3rd party upstream and downstream partners
  • Generating and presenting useful recurring metrics to report on SOC/PSIRT/Standards Compliance status
  • Engaging with the PSIRT community through FIRST.org SIGs, MITRE CVE Program, and other relevant community partners
  • Assigning and populating CVEs, CVSS scoring, etc. as needed and working to ensure vulnerabilities are remediated within their SLAs
  • Evangelizing Coordinated Vulnerability Disclosure (CVD), negotiating with suppliers and security researchers, and publishing communication of a fix or mitigation via Security Advisories
  • Monitoring and proactively engaging with various external sources for security vulnerabilities
  • Partnering with our Education, Awareness, and Training function to provide ongoing training and support of development teams in the areas of tools, responsiveness, and processes
  • Developing and maintaining documentation on PSIRT processes and practices
  • Self-Lead and Exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills
  • Teamwork, leading and following, including the ability to drive projects and initiatives in multiple departments
  • Sense of urgency - the ability to priority what really matters for the business and for your team amongst different competing priorities
  • Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
  • The ability to be an enterprise security subject matter expert who can explain technical topics to those without a technical background
  • Must have and experience and expertise in securing public cloud infrastructure
  • Experience operating custom PKI solution and HSMs
  • Experienced with US and Global Security Standards and Regulations related to Secure Software Development, Cloud Security and Product Security

Preferred Qualifications:
  • 7 successive years as a security manager and director
  • Experience in supply chain security
  • Partnering with our Education, Awareness, and Training function to provide ongoing training and support of development teams in the areas of tools, responsiveness, and processes
  • Experience leading global governance, standards and compliance efforts since the medical industry Dexcom is in is highly regulated.
  • Experience with running a bug bounty program and interfacing with the external security community will be an added plus
  • Experience in the Medical Industry

Experience and Education Requirements:
  • Bachelor's Degree in CyberSecurity or relevant subject OR equivalent certifications and experience
  • 5+ years cybersecurity management experience
  • 7+ years total cybersecurity experience
  • 2+ years product security experience

Travel Required:

10-25%

Functional Description

Manages the product security team responsible for the development and implementation of security specifications for new products (including systems, applications and/or other solutions) and enhancements to existing products. Determines the technical guidelines and features of the security architecture framework in product development. Identifies areas of security risk and makes recommendations to reduce those risks. Directs the activities of the cybersecurity function across product engineering groups. Evaluates product security strategies and requirements, identifies integration issues and prepares cost estimates. Oversees the analysis of product security engineering tasks and prepares security specifications and recommendations. Works with project managers, marketing, sales, and users to define product security requirements and identify necessary modifications. Selects, develops and evaluates personnel to ensure the efficient operation of the function.

Functional/Business Knowledge

  • Viewed as a subject matter expert within specific area.
  • Reviews objectives to determine success of operation. Involved in developing, modifying and executing company policies that affect immediate operations and may also have company-wide effect.
  • Understands relevant business strategies and impact on the functional area.

Scope

  • Participates in establishing strategic plans and objectives.
  • Provides high-level guidance and support to employees and other managers.
  • Regularly interacts with executives and/or external parties on matters effecting the function.
  • Oversees policies and procedures for immediate function.
  • Recognized as a functional leader within the organization.

Judgement

  • Works on abstract issues where analysis of situations or data requires an in-depth knowledge of the company.
  • Participates in corporate development of methods, techniques and evaluation criteria for projects, programs, and people.
  • Erroneous decisions will have a serious impact on the overall success of functional or company operations.

Management

  • Able to operate in complex global environment.
  • Manages the activities of a functional area and/or external service providers.
  • People management responsibilities include hiring / terminations, performance reviews, career development coaching and compensation decisions.

Experience and Education

  • Typically requires a Bachelors degree with 15+ years of industry experience.
  • 9+ years of successful management experience in relevant industry.
  • 7+ years total cybersecurity experience
  • 2+ years product security experience

#LI-BA1

#LI-Remote

If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact Dexcom Talent Acquisition at talentacquisition@dexcom.com.

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Dexcom's AAP may be viewed upon request by contacting Talent Acquisition at talentacquisition@dexcom.com.

View the OFCCP's Pay Transparency Non Discrimination Provision at this link. UnitedHealthcare creates and publishes the Machine-Readable Files on behalf of Dexcom. To link to the Machine-Readable Files, please click on the URL provided: https://transparency-in-coverage.uhc.com/.

To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.


This job has expired.

More Manufacturing and Production jobs


Invenergy LLC
Denver, Colorado
Posted about 2 hours ago

Celgard, LLC
Charlotte, North Carolina
Posted about 1 hour ago

DuBois Chemicals
Sharonville, Ohio
Posted 35 minutes ago

Get Hired Faster

Subscribe to job alerts and upload your resume!

*By registering with our site, you agree to our
Terms and Privacy Policy.