Sr Staff Technical Program Manager

Dexcom•San Diego, CA

23h•Remote

About The Position

The Company Dexcom Corporation (NASDAQ DXCM) is a pioneer and global leader in continuous glucose monitoring (CGM). Dexcom began as a small company with a big dream: To forever change how diabetes is managed. To unlock information and insights that drive better health outcomes. Here we are 25 years later, having pioneered an industry. And we're just getting started. We are broadening our vision beyond diabetes to empower people to take control of health. That means personalized, actionable insights aimed at solving important health challenges. To continue what we've started: Improving human health. We are driven by thousands of ambitious, passionate people worldwide who are willing to fight like warriors to earn the trust of our customers by listening, serving with integrity, thinking big, and being dependable. We've already changed millions of lives and we're ready to change millions more. Our future ambition is to become a leading consumer health technology company while continuing to develop solutions for serious health conditions. We'll get there by constantly reinventing unique biosensing-technology experiences. Though we've come a long way from our small company days, our dreams are bigger than ever. The opportunity to improve health on a global scale stands before us. Meet the team: Dexcom’s Governance, Risk, and Compliance (GRC) team sits at the intersection of security, technology, and business, ensuring we meet and exceed regulatory, customer, and internal control expectations across a rapidly evolving landscape. As a Senior Staff Technical Program Manager, you will be a key strategic partner to Security and GRC leadership, shaping how we design, implement, and scale our security and compliance programs across the organization. In this role, you will apply your diverse skillset to the organization’s GRC, InfoSec, and IT goals and own the “how” behind our most critical security and compliance initiatives—driving cross-functional alignment, orchestrating complex multi-framework programs (e.g., ISO 27001, NIST, HIPAA, GDPR, CCPA, PCI, SOC 2, NIST, PCI, etc.), and building the operating mechanisms that allow us to maintain a strong security posture while enabling fast-paced innovation. You will lead security and compliance initiatives that directly impact customer trust, market access, and regulatory readiness and partner with senior security, technology, and business leaders who influence how the company manages security, risk, and compliance using data, narratives, and roadmaps, while mentoring other program managers and helping to mature our GRC function into world-class capability.

Requirements

You must have experience in security, compliance, or technical program management roles, with at least several years focused on GRC or security compliance programs.
You must have a proven track record leading enterprise-grade implementations of multiple frameworks such as ISO 27001, SOC 2, NIST CSF/800-53/800-171, PCI, or similar.
You must have experience driving an organization through ISO 27001:2022 certification and subsequent surveillance/recertification audits (or equivalent complex audits).
You must have a deep understanding of risk management practices, including risk assessment methodologies, control design, remediation planning, and reporting to senior stakeholders.
You must have exceptional technical fluency in security controls, modern cloud and SaaS architecture, and common enterprise technologies, enabling credible conversations with engineers and architects.
You must have a proven track record of exceptional program management skills: roadmap development, dependency management, stakeholder alignment, issue/risk management, and executive communication.
You have experience in both implementing and operating GRC tools/platforms and automating evidence collection, control monitoring, and workflow orchestration.
You must have excellent written and verbal communication skills, including the ability to create compelling executive narratives, decision documents, and status reports.
You operate autonomously and must thrive in ambiguous, fast-paced environments, prioritize competing demands, and drive outcomes across multiple parallel initiatives.
Typically requires a Bachelor’s degree in a technical discipline, and a minimum of 13+ years related experience or a Master’s degree and 8+ years equivalent industry experience or a PhD and 5+ years of experience.
Professional certifications such as CISA, CISM, CRISC, CISSP, ISO 27001 Lead Implementer/Lead Auditor, or comparable credentials preferred

Nice To Haves

Master’s degree in information security, computer science, engineering, business, or a related field, or equivalent experience.
Experience with ITIL, COBIT, or similar IT governance and service management frameworks.
Background in high-growth technology, SaaS, AI, or cloud service environments with demanding customer and regulatory requirements.

Responsibilities

You will lead end-to-end planning and execution of complex, multi-year GRC programs across frameworks such as ISO 27001/27701, SOC 2, NIST CSF/800-53/800-171, PCI, and other relevant standards.
You will architect and maintain a unified control framework that maps requirements across multiple regulations and standards, enabling scalable, reusable control implementation.
You will own the roadmap and operating cadence for key GRC initiatives, including certification cycles, SME and Lead assurance efforts, risk management, and audit readiness.
You will drive cross-functional alignment among IT, InfoSec, R&D, Legal, Privacy, HR, Facilities and Security business stakeholders.
You will ensure controls are embedded into systems, processes, and services, risks are mitigated, compliance evidence and artifacts are collected and aligned to controls and prepare SMEs/Leads for audits and assessments.
You will lead and provide oversight for internal and external audit planning, evidence collection, walkthroughs, interviews, remediation tracking, corrective action, and continuous improvement activities.
You will design and improve processes for risk identification, assessment, treatment, and reporting, including risk review facilitation and executive-level risk dashboards.
You will define and monitor meaningful KPIs for security and compliance programs; communicate status, risks, and trade-offs to senior leadership in a clear, data-driven way.
You will lead process improvement and automation initiatives that reduce manual effort in evidence collection, control monitoring, and reporting, leveraging GRC tooling, AI, and workflow automation.
You will lead, mentor and coach other program and project managers on the GRC team helping to uplift delivery practices and execution quality across the organization.

Benefits

A front row seat to life changing CGM technology.
Learn about our brave #dexcomwarriors community.
A full and comprehensive benefits program.
Growth opportunities on a global scale.
Access to career development through in-house learning programs and/or qualified tuition reimbursement.
An exciting and innovative, industry-leading organization committed to our employees, customers, and the communities we serve.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume