Dir., Cybersecurity Governance, Risk, and Compliance

GROW WITH US:

Tandem Diabetes Care creates new possibilities for people living with diabetes, their loved ones, and their healthcare providers through a positively different experience. We’d love for you to team up with us to “innovate every day,” put “people first,” and take the “no-shortcuts” approach that has propelled us to become a leader in the diabetes technology industry.

STAY AWESOME:

Tandem Diabetes Care is proud to manufacture and sell the Tandem Mobi system and t:slim X2 insulin pump with Control  -IQ technology — an advanced predictive algorithm that automates insulin delivery. But we’re so much more than that. Our company’s human-centered approach to design, development, and support delivers innovative products and services for people who use insulin. Because many of our own team members live with type 1 diabetes, or have a loved one impacted by diabetes, the work is personal, and we are committed to the cause. Learn more at https://www.tandemdiabetes.com/

A DAY IN THE LIFE:

The Director, Cybersecurity Governance, Risk, and Compliance (GRC) is a leadership role within the cybersecurity organization, responsible for establishing and maintaining the enterprise cybersecurity GRC program. This role ensures that the organization's cybersecurity practices are aligned with business objectives, compliant with applicable laws and regulations, and resilient against evolving cyber threats. The Director will lead a team of GRC professionals and collaborate closely with stakeholders across the organization to develop, implement, and monitor cybersecurity policies, standards, and procedures. This role is also responsible for the enterprise cybersecurity risk management program, cybersecurity awareness and training programs, and driving the organization towards achieving relevant cybersecurity certifications.

YOU’RE AWESOME AT:

• Develop, implement, and oversee the enterprise cybersecurity GRC strategy and roadmap, aligning it with the overall business strategy and risk appetite.
• Establish and maintain a comprehensive cybersecurity governance framework, including policies, standards, procedures, and guidelines, ensuring they are communicated effectively across the organization.
• Lead the development and execution of the enterprise cybersecurity risk management program, including risk identification, assessment, mitigation, monitoring, and reporting. Identify and manage information security risks through comprehensive risk assessment methodologies, industry frameworks, and compliance requirements.
• Implement risk mitigation strategies and controls, collaborating with relevant teams to ensure effective risk reduction.
• Ensure compliance with relevant internal cybersecurity policies and external laws, regulations, and industry standards applicable to medical device manufacturers, such as FDA cybersecurity guidance, HIPAA, GDPR, ISO 27001, NIST Cybersecurity Framework, and others as required.
• Oversee internal and external cybersecurity audits and assessments, manage remediation efforts, and report on compliance status to executive leadership.
• Lead the development and management of the cybersecurity third-party risk management program.
• Develop and deliver a comprehensive cybersecurity awareness and training program to educate employees on cybersecurity risks, policies, and best practices.
• Lead the organization's efforts to achieve and maintain relevant cybersecurity certifications, such as ISO 27001, HITRUST, or SOC 2.
• Provide GRC expertise and support during cybersecurity incident response activities.

EXTRA AWESOME:

• Bachelor's degree (Master's preferred) in Cybersecurity, Information Technology, Computer Science, or a related field.
• Professional certifications, such as CISSP, CISM, CISA, CRISC, or equivalent.
• Additional relevant certifications (e.g., ISO 27001 Lead Auditor, HITRUST CCSFP).
• 10+ years of experience in cybersecurity, with at least 5+ years in a GRC leadership role.
• Experience in the medical device or healthcare industry is highly desirable.
• Experience with GRC tools and technologies.
• Experience presenting to executive leadership and boards of directors.
• Knowledge of medical device security and regulatory requirements.
• Deep understanding of cybersecurity GRC principles, frameworks, and best practices.
• Strong knowledge of relevant laws, regulations, and industry standards (e.g., FDA cybersecurity guidance, HIPAA, GDPR, ISO 27001, NIST Cybersecurity Framework).
• Proven experience in developing and implementing cybersecurity policies, standards, and procedures.
• Expertise in cybersecurity risk management methodologies and tools.
• Experience in managing internal and external cybersecurity audits.
• Excellent leadership, communication, and interpersonal skills.
• Ability to translate complex cybersecurity concepts into business terms.

WHAT’S IN IT FOR YOU?

In addition to innovative technology, we have a culture that fosters the idea that the happiest people are the most productive people. Not only do we hire forward-thinking achievers to join our workforce; we reward, develop, and retain them too. Just one of the many reasons of how we #StayAwesome! To learn more about our culture and benefits please visit https://www.tandemdiabetes.com/careers.

BE YOU, WITH US!

We are firmly committed to being an equal opportunity employer and maintaining a diverse and inclusive environment. We value and embrace that every single one of us brings value to the table. But sometimes we forget that when we don’t meet 100% of a job description’s criteria – maybe you’re feeling that way right now? We encourage you to apply anyway. Because we want you to be you, with us.

COMPENSATION & BENEFITS:

The starting base pay range for this position is $185,000 - $225,000 annually. Base pay will vary based on job-related knowledge, skills, experience and may also fluctuate depending on candidate’s location and the overall job market. In addition to base pay, Tandem offers a competitive compensation package that includes bonus, equity, and a robust benefits package.

Tandem offers health care benefits such as medical, dental, vision available your first day, as well as health savings accounts and flexible saving accounts.  You’ll also receive 11 paid holidays per year, unlimited PTO and you will have access to a 401k plan with company match as well as an Employee Stock Purchase plan.  Learn more about Tandem’s benefits here!

WHY YOU’LL LOVE WORKING HERE:

At Tandem, we believe joy fuels excellence. That's why we've built a workplace that celebrates your achievements and supports your well-being. Our team thrives on pushing boundaries and fostering growth, all while maintaining a spirit of fun and camaraderie.  This is just one of the ways we stay awesome! Explore the benefits and reasons to love Tandem at https://www.tandemdiabetes.com/careers.  Make a move that matters. Join Tandem Diabetes Care, where we're turning challenges into triumphs every day and where your talents will help shape a healthier, happier tomorrow.

YOU SHOULD KNOW:

Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable state and local Fair Chance laws and regulations. A conditional offer of employment from Tandem is contingent upon successful completion of a thorough screening process comprised of a drug test (excluding Marijuana) and background check, which includes a review of criminal history information, to ensure our team continues to be a safe and innovative environment for all.

Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

The position will be posted until a final candidate is selected for the requisition or the requisition has a sufficient number of applications.

REFERRALS:

We love a good referral! If you know someone who would be a great fit for this position, please share!

If you are applying for this job and live in California, please read Tandem’s CCPA Notice: https://www.tandemdiabetes.com/careers/california-consumer-privacy-act-notice-for-job-applicants.

 #LI-Hybrid #LI-DW1