3M Company
Director of Cyber and Technology Risk Oversight
3M Company, Maplewood, Minnesota, United States
Director of Cyber and Technology Risk Oversight
The
Director of Cyber and Technology Risk Oversight
is a senior leadership position responsible for strategically managing and governing 3M’s cyber and technology risk environment. The role leads a team of cyber risk professionals and provides executive oversight to managed service providers that conduct cyber risk assessments, third‑party reviews and emerging technology risk analyses. Key responsibilities include setting the strategic vision, establishing risk tolerance thresholds and ensuring consistent execution of risk processes across the enterprise.
Responsibilities
Develop and implement a comprehensive cyber and technology risk management strategy aligned with organizational goals.
Set strategic vision and establish risk tolerance thresholds.
Provide oversight of the identification, assessment and prioritization of cyber and technology risks.
Direct the development and execution of risk mitigation plans.
Manage and mentor a team of cyber risk management professionals and foster a culture of risk awareness.
Ensure compliance with relevant industry standards, regulations and best practices through risk assessments.
Oversee the execution of risk processes consistently across the enterprise.
Provide executive oversight of managed service providers responsible for assessments and third‑party reviews.
Oversee operational risk functions, including cyber/IT risk registers and finding management.
Manage cyber risk components of M&A and divestiture activities.
Communicate risk management strategies and outcomes to executive leadership and stakeholders and prepare and present risk reports and dashboards.
Qualifications
Bachelor’s degree or higher (completed and verified prior to start).
Ten (10) years of experience in cybersecurity in a private, public, government, or military environment.
Five (5) years of management and/or supervisory experience.
CISSP certification.
Master’s degree in computer engineering, computer systems or information technology from an accredited institution (additional qualification).
One of the following certifications: SANS OR ISACA CGEIT, CISA, CISM, ISO 31000 CRISC, ISO 27001 Lead Auditor.
Excellent communication, negotiation and relationship‑building skills.
Strong analytical and problem‑solving skills.
Ability to work collaboratively with internal teams and external vendors.
Deep understanding of cyber risk frameworks and methodologies (NIST CSF/RMF, ISO 27001/27005, COBIT, etc.).
Experience overseeing third‑party cyber risk processes.
Familiarity with GRC tools and risk tracking platforms (e.g., ServiceNow, Archer, OneTrust).
Experience working with managed service providers or co‑sourced risk execution models.
Strong leadership presence and communication skills across technical and business stakeholders.
Location & Work Arrangement Remote – This position permits remote work for candidates located more than 50 miles from 3M Global Headquarters in St. Paul, MN. Employees located within a commutable distance to 3M Global Headquarters must work on‑site at least four days per week. Candidates in Minneapolis or Austin must work on‑site at least four days a week.
Travel Up to 15% travel.
Compensation Expected compensation range: $228,040 – $278,715, which includes base pay plus variable incentive pay, if eligible. Benefits include medical, dental, vision, health savings accounts, dependent care flexible spending accounts, disability benefits, life insurance, voluntary benefits, paid absences and retirement benefits.
Benefits Overview 3M offers many programs to support employees’ well‑being and competitive pay and benefits. Benefits details are available through 3M’s benefits portal.
EEO Statement 3M does not discriminate in hiring or employment on the basis of race, color, sex, national origin, religion, age, disability, veteran status, or any other characteristic protected by applicable law. 3M provides equal opportunity and affirmative action for all employees and applicants.
#J-18808-Ljbffr
Director of Cyber and Technology Risk Oversight
is a senior leadership position responsible for strategically managing and governing 3M’s cyber and technology risk environment. The role leads a team of cyber risk professionals and provides executive oversight to managed service providers that conduct cyber risk assessments, third‑party reviews and emerging technology risk analyses. Key responsibilities include setting the strategic vision, establishing risk tolerance thresholds and ensuring consistent execution of risk processes across the enterprise.
Responsibilities
Develop and implement a comprehensive cyber and technology risk management strategy aligned with organizational goals.
Set strategic vision and establish risk tolerance thresholds.
Provide oversight of the identification, assessment and prioritization of cyber and technology risks.
Direct the development and execution of risk mitigation plans.
Manage and mentor a team of cyber risk management professionals and foster a culture of risk awareness.
Ensure compliance with relevant industry standards, regulations and best practices through risk assessments.
Oversee the execution of risk processes consistently across the enterprise.
Provide executive oversight of managed service providers responsible for assessments and third‑party reviews.
Oversee operational risk functions, including cyber/IT risk registers and finding management.
Manage cyber risk components of M&A and divestiture activities.
Communicate risk management strategies and outcomes to executive leadership and stakeholders and prepare and present risk reports and dashboards.
Qualifications
Bachelor’s degree or higher (completed and verified prior to start).
Ten (10) years of experience in cybersecurity in a private, public, government, or military environment.
Five (5) years of management and/or supervisory experience.
CISSP certification.
Master’s degree in computer engineering, computer systems or information technology from an accredited institution (additional qualification).
One of the following certifications: SANS OR ISACA CGEIT, CISA, CISM, ISO 31000 CRISC, ISO 27001 Lead Auditor.
Excellent communication, negotiation and relationship‑building skills.
Strong analytical and problem‑solving skills.
Ability to work collaboratively with internal teams and external vendors.
Deep understanding of cyber risk frameworks and methodologies (NIST CSF/RMF, ISO 27001/27005, COBIT, etc.).
Experience overseeing third‑party cyber risk processes.
Familiarity with GRC tools and risk tracking platforms (e.g., ServiceNow, Archer, OneTrust).
Experience working with managed service providers or co‑sourced risk execution models.
Strong leadership presence and communication skills across technical and business stakeholders.
Location & Work Arrangement Remote – This position permits remote work for candidates located more than 50 miles from 3M Global Headquarters in St. Paul, MN. Employees located within a commutable distance to 3M Global Headquarters must work on‑site at least four days per week. Candidates in Minneapolis or Austin must work on‑site at least four days a week.
Travel Up to 15% travel.
Compensation Expected compensation range: $228,040 – $278,715, which includes base pay plus variable incentive pay, if eligible. Benefits include medical, dental, vision, health savings accounts, dependent care flexible spending accounts, disability benefits, life insurance, voluntary benefits, paid absences and retirement benefits.
Benefits Overview 3M offers many programs to support employees’ well‑being and competitive pay and benefits. Benefits details are available through 3M’s benefits portal.
EEO Statement 3M does not discriminate in hiring or employment on the basis of race, color, sex, national origin, religion, age, disability, veteran status, or any other characteristic protected by applicable law. 3M provides equal opportunity and affirmative action for all employees and applicants.
#J-18808-Ljbffr