Founded in 1999, Dexcom, Inc. provides continuous glucose monitoring technology to help patients and their clinicians better manage diabetes. Since our inception, we have focused on better outcomes for patients, caregivers, and clinicians by delivering solutions for people with diabetes - while empowering our community to take control of diabetes.
The Dexcom IT Department is expanding its cybersecurity program and onboarding a Senior Manager Cybersecurity to manage and lead an Operational Technology (OT) security team. The position will work closely with IT, Infosec and Manufacturing (Ops) leadership to establish an OT security program, build out the OT security team and supporting processes, services and technology stack, and supervise a team of OT specialists. This role will also provide direct support and serve as the cybersecurity lead on the IT MASCOT team, which will provide IT/OT systems to support the rapid scaling of Dexcom's manufacturing and automation capabilities.
The OT security team will be responsible for securing a hybrid IT/OT computing environment that directly supports Dexcom's manufacturing and operations functions across multiple manufacturing plants and facilities. The OT security function will design, implement, and manage OT security technology such as network/endpoint security, vulnerability scanning, and intrusion detection systems. The team will conduct security assessments, implement security controls, develop threat detection and response capabilities, conduct incident response and forensics activities, establish security policies and standards and supportaudit/compliance/certification activities.
Essential Duties and Responsibilities:
- Establishes and manages an OT security program consisting of goals, objectives, metrics, and reporting that is aligned to industry frameworks such as NIST CSF and IEC 62443.
- Manages, coaches, and develops staff, identifies, and manages technical learning activities, establishes team and individual performance goals and manages team performance.
- Evaluates, implements, and manages OT security services and systems.
- Performs risk management activities to ensure proper risk levels are achieved.
- Routinely assesses current OT security practices and recommends/implements improvements.
- Manages the OT threat detection and response program, maintains threat detection capabilities, responds to and reports on OT security incidents, investigates root causes and oversees the implementation of corrective actions and controls.
- Manages the OT vulnerability management systems, ensuring recurring scanning and reporting of system vulnerabilities, prioritizes remediation activities based on level of risk and ensures that remediation occurs within SLAs.
- Aligns practices, supports audits and ensures compliance with relevant laws and standards, including ISO 27001, AICPA SOC 2, and NIST CSF.
- Manages small to medium projects associated with OT security infrastructure and operations.
- Typically requires a Bachelor's degree with 13+ years of industry experience. 5-8 years of previous people management experience.
- Strong project management skills and ability to drive results across cross-functional teams.
- Practical understanding of program performance management, metrics, KPIs, and KRIs.
- Demonstrated success in collaborating with peers/partners or in teams without direct authority.
- Proficiency in communicating technical concepts both verbally and in written documentation.
- Experience managing, coaching, and developing cybersecurity engineers and analysts.
- Knowledge of securing manufacturing, OT, IOT and industrial control systems (ICS) environments, familiarity with the Purdue Model or ISA-95 model and related concepts.
- 2+ years of experience managing an OT security team.
- Experience managing security technologies including the following: network security, segmentation, firewalls, network access control (NAC), DMZs, endpoint security, patch management, application whitelisting, network and system hardening, intrusion detection and prevention systems, asset discovery and vulnerability management systems.
- Experience managing and securing Windows, Linux, and SCADA systems.
- Security certification such as CISSP, CISM, SANS/GIAC, GCIP, GICSP, GRID, etc.