3M Director IT/Cyber Policy & Governance Management 

United States, Minnesota 

634122239

Job Description:

Director IT/Cyber Policy & Governance Management

The Impact You’ll Make in this Role

The Director of IT/Cyber Policy & Governance Management is responsible for both the strategic development and operational execution of the organization’s IT/Cyber Policy & Governance Management Program. The Director of IT/Cyber Policy & Governance Management provides strategic leadership over the creation, implementation, and oversight of IT policies and governance frameworks. that the IT Policy Group is responsible for. This role ensures IT policies are aligned with business objectives, regulatory requirements, and best practices for IT governance. A critical aspect of this role includes managing the policy exceptions process, ensuring all deviations from standard policies are documented, reviewed, and approved in a controlled manner and support the negotiation of client and supplier contracts to ensure adherence to 3Ms cybersecurity requirement. This role will lead Client Inquiry Process for Cybersecurity Requirements the contracting process Here, you will make an impact by:

Program Development and Management:

• Policy Development and Implementation:
  • Develop, review, and update IT/Cyber policies, standards, and procedures to ensure they align with industry standards and organizational goals.
  • Ensure that IT policies are well-documented, communicated, and enforced across the organization.
  • Ensure all cybersecurity policies align with industry regulations (e.g., GDPR, ISO 27001, SOC 2, PCI-DSS), frameworks (e.g., NIST CSF, COBIT), and best practices.
  • Collaborate with key stakeholders across IT, legal, HR, and business units to ensure policies meet business needs and regulatory requirements and address new policy creation through an IT Policy Board.
• Governance Frameworks:
  • Design and establish IT/Cyber governance frameworks that incorporate best practices and support the organization's strategic objectives.
  • Ensure that governance frameworks are effectively implemented and maintained.

• Policy Exceptions/Issue Management:

• Develop and manage a process for handling policy exceptions, including the evaluation, approval, and documentation of exceptions.
• Work with stakeholders to assess the impact of policy exceptions and ensure that appropriate risk mitigation measures are in place

• Stakeholder Collaboration:
  • Work closely with business units, IT/Cyber teams, and senior management to ensure IT/Cyber policies and governance frameworks align with business objectives.
  • Facilitate communication and collaboration between IT/Cyber and other departments to ensure a cohesive approach to IT governance through IT Policy Board.
  • Respond to Client Cybersecurity Inquiries
  • Collaborate and support Legal and Procurement teams to integrate 3M’s cybersecurity requirements into contract terms and conditions for client and supplier contracts
• Performance Monitoring and Reporting:
  • Develop and monitor key performance indicators (KPIs) to measure the effectiveness of IT/Cyber policy governance.
  • Prepare and present regular reports on IT/Cyber policy adherence, governance activities, efforts to senior management.
• Continuous Improvement:
  • Stay current with industry trends and regulatory changes, emerging technologies, and best practices in IT/Cyber policy governance.
  • Identify opportunities for process improvements and implement changes to enhance the effectiveness of IT/Cyber policy governance.

Your Skills and Expertise:

To set you up for success in this role from day one, 3M requires (at a minimum) the following qualifications:

• Bachelor’s degree or higher (completed and verified prior to start)
• Ten (10) years of experience in Cybersecurity in a private, public, government or military environment
• Five (5) years of management and/or supervisor experience
• CISSP certification or one of the following certifications such as SANS, ISACA (CGEIT, CISA, CISM, ISO 31000 CRISC, ISO 27001 Lead Auditor)
• Multiple certifications from the list above are preferred

Additional qualifications that could help you succeed even further in this role include:

• Master’s degree in computer engineering, computer systems or information technology field from an accredited institution
• Minimum of 8-10 years of experience in cybersecurity/risk management, with at least 5 years in a leadership role focused on IT/Cyber Policy Management.
• Strong knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS).
• Other technology certifications e.g., ITIL, COBIT.
• Excellent communication, negotiation, andrelationship-buildingskills.
• Strong analytical and problem-solving skills
• Ability to work collaboratively with internal teams and external vendors.

Work Your Way Eligible (hybrid) – Minneapolis & Austin

Travel: In-OfficeTuesday/Wednesday/Thursday

Please note: your application may not be considered if you do not provide your education and work history, either by: 1) uploading a resume, or 2) entering the information into the application fields directly.

Please access the linked document by clicking select the country where you are applying for employment, and review. Before submitting your application, you will be asked to confirm your agreement with the terms.