3M

Director Third Party Cyber Risk Management


PayCompetitive
LocationRemote
Employment typeFull-Time

This job is now closed

  • Job Description

      Req#: R01137439

      Job Description:

      Job Title

      Director of Third-Party Cyber Risk Management

      Collaborate with Innovative 3Mers Around the World

      Choosing where to start and grow your career has a major impact on your professional and personal life, so it’s equally important you know that the company that you choose to work at, and its leaders, will support and guide you. With a diversity of people, global locations, technologies and products, 3M is a place where you can collaborate with other curious, creative 3Mers.

      This position provides an opportunity to transition from other private, public, government or military experience to a 3M career.

      The Impact You'll Make in this Role

      The Director of Third-Party Cyber Risk Management is responsible for both the strategic development and operational execution of the organization’s third-party cyber risk management program. This role ensures that all third-party relationships comply with regulatory requirements, align with corporate cyber policies, and meet the organization’s risk management standards. The Director will design and implement the third-party risk management framework while leading a team of professionals to assess, monitor, and mitigate risks associated with vendors, suppliers, and other third parties. Here, you will make an impact by:

      Program Development and Management:

      • Design and implement a comprehensive third-party cyber risk management program.
      • Develop and enforce policies and procedures for assessing and managing third-party risks.
      • Continuously improve the program based on evolving threats and regulatory requirements.

      Risk Assessment and Mitigation:

      • Conduct thorough risk assessments of third-party vendors, including initial due diligence and ongoing monitoring.
      • Identify potential vulnerabilities and recommend mitigation strategies.
      • Collaborate with third parties to address and remediate identified risks.

      Vendor Relationships:

      • Build and maintain strong relationships with key third-party vendors and partners.
      • Ensure that third-party contracts include appropriate cybersecurity requirements and standards.
      • Work with legal and procurement teams to negotiate cybersecurity terms in contracts.

      Incident Management:

      • Support the response to cyber incidents involving third-party vendors.

      Reporting and Communication:

      • Provide regular updates to senior management on the status of the third-party cyber risk management program.
      • Prepare and present reports on third-party risk assessments and mitigation efforts.
      • Communicate effectively with internal teams and third-party vendors regarding cyber risk expectations and requirements.

      Regulatory Compliance:

      • Ensure that the third-party cyber risk management program complies with relevant regulations and industry standards (e.g., GDPR, CCPA, NIST, ISO 27001).
      • Stay current on regulatory changes and update the program as needed.

      Your Skills and Expertise:

      To set you up for success in this role from day one, 3M requires (at a minimum) the following qualifications:

      • Bachelor’s degree or higher (completed and verified prior to start) from an accredited institution
      • Ten (10) years of experience in Cybersecurity in a private, public, government or military environment
      • Five (5) years of management and/or supervisory experience
      • CISSP certification

      Additional qualifications that could help you succeed even further in this role include:

      • Master’s degree in computer engineering, computer systems or information technology field from an accredited institution
      • Minimum of 8-10 years of experience in cybersecurity/risk management, with at least 5 years in a leadership role focused on third-party risk management.
      • Strong knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS).
      • Additional certifications such as SANS, ISACA (CGEIT, CISA, CISM, CRISC) and other technology certifications.
      • Excellent communication, negotiation, and relationship-building skills.
      • Ability to work collaboratively with internal teams and external vendors.

      Work location:

      • Work Your Way Eligible (Employee choice to work remote, on site, or hybrid)

      Travel: May include up to 5% domestic

      Relocation Assistance: N/A

      Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status).

      Supporting Your Well-being

      3M offers many programs to help you live your best life – both physically and financially. To ensure competitive pay and benefits, 3M regularly benchmarks with other companies that are comparable in size and scope.

      Chat with Max

      For assistance with searching through our current job openings or for more information about all things 3M, visit Max, our virtual recruiting assistant on 3M.com/careers.

      Applicable to US Applicants Only:The expected compensation range for this position is $222,044 - $271,387, which includes base pay plus variable incentive pay, if eligible. This range represents a good faith estimate for this position. The specific compensation offered to a candidate may vary based on factors including, but not limited to, the candidate’s relevant knowledge, training, skills, work location, and/or experience. In addition, this position may be eligible for a range of benefits (e.g., Medical, Dental & Vision, Health Savings Accounts, Health Care & Dependent Care Flexible Spending Accounts, Disability Benefits, Life Insurance, Voluntary Benefits, Paid Absences and Retirement Benefits, etc.). Additional information is available at: https://www.3m.com/3M/en_US/careers-us/working-at-3m/benefits/.

      Learn more about 3M’s creative solutions to the world’s problems at www.3M.com or on Twitter @3M.

      Responsibilities of this position include that corporate policies, procedures and security standards are complied with while performing assigned duties.

      Our approach to flexibility is called Work Your Way, which puts employees first and drives well-being in ways that enable 3M’s business and performance goals. You have flexibility in where and when work gets done. It all depends on where and when you can do your best work.

      Pay & Benefits Overview: https://www.3m.com/3M/en_US/careers-us/working-at-3m/benefits/

      3M is an equal opportunity employer. 3M will not discriminate against any applicant for employment on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or veteran status.

      Please note: your application may not be considered if you do not provide your education and work history, either by: 1) uploading a resume, or 2) entering the information into the application fields directly.

      3M Global Terms of Use and Privacy Statement


      Carefully read these Terms of Use before using this website. Your access to and use of this website and application for a job at 3M are conditioned on your acceptance and compliance with these terms.

      Please access the linked document by clicking here , select the country where you are applying for employment, and review. Before submitting your application, you will be asked to confirm your agreement with the terms.

  • About the company

      3M applies science and innovation to make a real impact by igniting progress and inspiring innovation in lives and communities across the globe