Job Title
Director of Third-Party Cyber Risk Management
The Impact You'll Make in this Role
The Director of Third-Party Cyber Risk Management is responsible for both the strategic development and operational execution of the organization’s third-party cyber risk management program. This role ensures that all third-party relationships comply with regulatory requirements, align with corporate cyber policies, and meet the organization’s risk management standards. The Director will design and implement the third-party risk management framework while leading a team of professionals to assess, monitor, and mitigate risks associated with vendors, suppliers, and other third parties. Here, you will make an impact by:
Program Development and Management:
- Design and implement a comprehensive third-party cyber risk management program.
- Develop and enforce policies and procedures for assessing and managing third-party risks.
- Continuously improve the program based on evolving threats and regulatory requirements.
Risk Assessment and Mitigation:
- Conduct thorough risk assessments of third-party vendors, including initial due diligence and ongoing monitoring.
- Identify potential vulnerabilities and recommend mitigation strategies.
- Collaborate with third parties to address and remediate identified risks.
Vendor Relationships:
- Build and maintain strong relationships with key third-party vendors and partners.
- Ensure that third-party contracts include appropriate cybersecurity requirements and standards.
- Work with legal and procurement teams to negotiate cybersecurity terms in contracts.
Incident Management:
- Support the response to cyber incidents involving third-party vendors.
Reporting and Communication:
- Provide regular updates to senior management on the status of the third-party cyber risk management program.
- Prepare and present reports on third-party risk assessments and mitigation efforts.
- Communicate effectively with internal teams and third-party vendors regarding cyber risk expectations and requirements.
Regulatory Compliance:
- Ensure that the third-party cyber risk management program complies with relevant regulations and industry standards (e.g., GDPR, CCPA, NIST, ISO 27001).
- Stay current on regulatory changes and update the program as needed.
Your Skills and Expertise:
To set you up for success in this role from day one, 3M requires (at a minimum) the following qualifications:
- Bachelor’s degree or higher (completed and verified prior to start) from an accredited institution
- Ten (10) years of experience in Cybersecurity in a private, public, government or military environment
- Five (5) years of management and/or supervisory experience
- CISSP certification
Additional qualifications that could help you succeed even further in this role include:
- Master’s degree in computer engineering, computer systems or information technology field from an accredited institution
- Minimum of 8-10 years of experience in cybersecurity/risk management, with at least 5 years in a leadership role focused on third-party risk management.
- Strong knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS).
- Additional certifications such as SANS, ISACA (CGEIT, CISA, CISM, CRISC) and other technology certifications.
- Excellent communication, negotiation, andrelationship-buildingskills.
- Ability to work collaboratively with internal teams and external vendors.
Work location:
- Work Your Way Eligible (Employee choice to work remote, on site, or hybrid)
Please access the linked document by clicking select the country where you are applying for employment, and review. Before submitting your application, you will be asked to confirm your agreement with the terms.