Senior IT Compliance Analyst  

About Dexcom:
Dexcom, Inc. empowers people to take control of diabetes through innovative continuous glucose monitoring (CGM) systems. Headquartered in San Diego, California, Dexcom has emerged as a leader of diabetes care technology. By listening to the needs of users, caregivers, and providers, Dexcom simplifies and improves diabetes management around the world.

Summary:
Senior IT Compliance Analyst, will support the Dexcom IT Compliance team, in collection, review, and management of all evidence associated with and required by Security, Regulatory and Business compliance frameworks. Will lead all activities associated with the preparation and execution of Sarbannes-Oxley (SOX) audits; ISO 27001 Security Assessments and Payment Card Industry (PCI) self-assessments. Analyst will support and manage process improvement efforts in association with all compliance frameworks.

This position reports, functionally, to the Sr Manager, IT Compliance. The following is a brief description of responsibilities to be performed.

Essential Duties and Responsibilities:
- Manage IT Compliance requirements to support our needs as a distributed company. - - Triage and manage priorities of IT Compliance activities
- Collaborate with all functions of the company to ensure IT Compliance needs are addressed
- Provide Program-level reporting across teams outside of IT Compliance.
- Identify and maintain the requirements for the IT department to achieve compliance and privacy standards including SOX, PCI, ISO 27001 and other standards, while anticipating internal and external audit requirements.
- Coordinate evidence collection and support audits of internal computer systems processes and management.
- Keep abreast of changing regulatory requirements and appropriately adjust the scope of the IT Compliance program to accommodate these changes.
- Prioritize improvements and conduct compliance projects to reduce risk and improve regulatory compliance

Required Qualifications:
- 1-2 years of risk and compliance experience performing any of the following assessments: ISO 27001, PCI-DSS, SOX, GDPR, or HIPAA.
- Experience in managing policy exceptions, including working directly with the teams to document exceptions, and identify compensating controls and remediation action plans.
- Experience communicating effectively across business and technical boundaries in order to offer recommendations as an expert with best practices.
- Ability to work independently without detailed guidance.
- Proficiency in writing executive-level reports and technical documentation
- Able to effectively communicate with all levels of staff and management
- Detail oriented and organized; ability to multitask
- Knowledge and understanding of audit standards and practices, and control frameworks
- Proven experience with internal and external audits

Experience and Education Requirements:
- 3+ years direct experience in compliance, information security, IT audit, and/or risk management.
- Bachelor's degree or equivalent practical experience; BS in Computer Science, Information Security, or related field is preferred.
- Familiarity with security compliance frameworks, controls, and best practices: AICPA Trust Principles (SSAE 18 - SOC 2 and 3), ISO 27000 series, PCI DSS, SANS CIS Critical Security Controls, SOX, GDPR, CCPA, and regulations governing personally identifiable information (PII), or other regulatory compliance frameworks desired

To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.