What youll be doing:
The Director, Cyber Security will establish a world-class information security capability at a growing company. A member of a successful and forward-looking IT leadership team that is central to propelling Tandem into the next phase of growth by leveraging data, analytics and data science. This role will create and lead the implementation of a contemporary and robust information security program at a rapidly growing company. This leader is responsible for establishing and maintaining the enterprise vision, strategy, architecture, and a multi-year roadmap that ensures the companys information assets are adequately protected. A key element of this role is communicating security at a strategic level to executive management, the Audit and Compliance Board, and the Board of Directors and evangelizing security across the business to drive adoption of security best practices. The Director, Cyber Security will manage a small team of dedicated resources and a larger team of matrixed resources, with the charter to instill a fanatical security-first approach.
Who we are:
Here at Tandem, Diabetes is all we do and we are dedicated to making the lives of people with diabetes better and better, through relentless innovation. In Tandem means together, and we strive to embody that in every aspect of our business. We believe that working in tandem, not in isolation, is the best way to continually exceed expectations.
Weve have been named one of the fastest growing insulin pump companies in the U.S! Why? Designed, assembled and supported from our San Diego, CA headquarters, Tandem has created the simple-to-use t:slim X2 Insulin Pump, which is the smallest pump available, the only color touch-screen insulin pump capable of remote feature updates, and the first CGM-enabled pump approved to let users make treatment decisions without pricking their finger.
Read more about our company & culture here: and see what our customers are saying here: #tsliminthewild
What you need for this position:
PRIMARY DUTIES & RESPONSIBILITIES:
Develops and implements a strategic, long-term information security strategy and roadmap to ensure that Tandems information assets are adequately monitored and protected.
Works with senior leaders across the business to assess and communicate acceptable levels of risk.
Identifies, evaluates and reports on information security risks, practices and projects to the Executive Committee and the Board of Directors, and provide subject matter expertise on security standards and best practices (e.g. HIPAA, GDPR, CCPA, SOX, PCI, etc.).
Develops, mentors, and manages a high performing staff of information security professionals.
Initiates and chairs the information security steering committee.
Develops Tandems understanding of security beyond a compliance-only view.
Leads the development of up-to-date information security governance, policies, procedures, standards and guidelines, and oversee their approval, dissemination, and maintenance.
Ensures that the security management program is in compliance with applicable laws, regulations, and contractual requirements.
Acts as the champion for the enterprise information security program and foster a security-aware culture.
Oversees the evaluation, selection and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.
Partners with enterprise architects, infrastructure, product and applications teams to ensure that technologies are developed and maintained according to security policies and guidelines.
Manage regular intrusion detection and vulnerability reporting, internal and external IT audit groups reviews, and the coordination of all required fixes.
Develops business metrics to measure the effectiveness of the security management program and increase the maturity of the program over time.
Monitors the industry and external environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
Liaises with law enforcement and other advisory bodies as necessary to ensure that the organization maintains a strong security posture.
Oversees incident response planning and the investigation of security breaches, and assists with any associated disciplinary, public relations and legal matters.
Oversees and leads the creation, communication and implementation of a process for managing data loss, fraud, vendor risk and other third-party risk.
Leads due diligence and post integration activities related to information security for all M activity.
Supports the short-term planning for the department including headcount, budgeting, training, and systems requirements.
Ensures department staff is properly trained, per designated training plan, before assuming job responsibilities.
Develops and manages schedules and performance requirements of staff.
Ensures compliance with company policies, including Privacy/HIPAA, and other legal and regulatory requirements.
Other responsibilities as assigned.
Knowledge, skills & abilities: A proven track record in developing information security policies, procedures, training programs, and successful execution.
Extensive knowledge of business risk, risk assessment and risk-based decision making.
Able to communicate security and risk-related concepts to both technical and non-technical audiences (in business terms), including board level.
A natural influencer and coalition builder; passionate about building high performing teams.
Ability to inspire and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals; an innovative leader, problem solver and consultant.
Ability to evangelize IT security to make it a critical part of business operations; build trust and respect for the security function.
Excellent written and verbal communication, interpersonal and collaborative skills.
Experienced with contract and vendor negotiations.
Ability to effectively prioritize and execute tasks in high-pressure situations.
Knowledge of security, risk and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO, CIS and ITIL.
Understanding of cloud, SaaS, and IoT architectures, and their implications on information security strategy.
Technical acumen including but not limited to: OSI, IT infrastructure, cloud, application development languages, tools and frameworks, database technologies, web technologies, next gen mobile, network architecture, enterprise architecture, and directory services.
Security technology acumen and experience including but not limited to: firewall, intrusion detection, cyber-attack tools and defenses, encryption, certificate authority, web filtering, anti-malware, anti-phishing, identity and access management, multi factor authentication.
Minimum certifications/educational level: BS in computer science, engineering, or a related field; (graduate degree preferr