Find More Than 10K+
United Kingdom Jobs

About Dexcom

Dexcom empowers people to take control of diabetes through innovative continuous glucose monitoring (CGM) systems. Headquartered in San Diego, California, Dexcom has emerged as a leader of diabetes care technology.

We invite you to become a part of a fast growing, purpose driven team in our newly established business centre in Vilnius!

IT Department is seeking a Cybersecurity Analyst, on the GRC Information Security team, to support information security compliance, certification, audit, and risk management activities. The Cybersecurity Analyst will coordinate certification, compliance, and audit activities, including evidence gathering, preparing control owners for interviews, remediation of findings resulting from audits, risk assessments, penetration testing, vulnerability management and compliance/certification activities. The position will contribute to security control design, development, assessment, and testing. The Cybersecurity Analyst will help the organization to track, mitigate, and prioritize security control gaps and vulnerabilities, determine effective risk mitigation strategies and drive remediation activities using OneTrust’s GRC tool.

Essential Duties and Responsibilities:

• Confirm and assess severity, propose mitigations, and track remediation of findings resulting with control owners from penetration testing, vulnerability management and compliance/certification activities.
• Participate and support certification, compliance, and audit activities.
• Evidence gathering and remediation of findings resulting from risk assessments, penetration testing, vulnerability management and compliance/certification, collaboratively establish risk treatment plans with stakeholders, and track and drive risk mitigation and remediation activities.
• Manage security policy exceptions requests where deficiencies identified cannot be remediated.
• Standards framework alignment and controls mappings (ISO 27001, FedRAMP, SOX, PCI, etc.).
• Manage and implement security risk assessments using OneTrust on new tools, applications, or systems.
• Produce risk and vulnerability management metrics and reports showing performance trends.
Support InfoSec awareness training and anti-phishing activities.

Required Qualifications/Experience:

• Significant experience with information security processes, concepts, principles, and methodologies.
• Experience managing information security risk management programs including performing risk assessments on new vendors/ tools/systems, conducting self-assessments, creating and monitoring the effectiveness of security controls, and supporting third party risk management activities from the Infosec perspective.
• Experience in auditing principles and frameworks such as COSO, ISO 27001, SOC2 Type1/2, FedRAMP, CCMC, and/or NIST.
• Understanding of infosec frameworks and certifications such as NIST CSF, SOC 2 Type 1/2, ISO 27001, FedRAMP, CMMC, PCI DSS, and HIPAA.
• Expert in building effective relationships through rapport, trust, diplomacy, and tact.
• Expert in persuading and influencing others to achieve Infosec program objectives.
• Ability to translate complex information security topics and threats into easily understood terms that can be incorporated into business requirements.
• Expertise in managing user awareness, training programs, and phishing campaigns.
• Significant experience in security policy and standards development.
• Advanced collaboration skills and ability to produce desired results to achieve goals and objectives.
Advanced organizational, planning and time management skills.

Please note:

The information contained herein is not intended to be an all-inclusive list of the duties and responsibilities of the job, nor are they intended to be an all-inclusive list of the skills and abilities required to do the job. Management may, at its discretion, assign or reassign duties and responsibilities to this job at any time. The duties and responsibilities in this job description may be subject to change at any time due to reasonable accommodation or other reasons.

To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.

*The final offer will depend on your qualifications, competencies, and professional experience.

Sounds like you? Apply