Job Description: Director IT Compliance Management Collaborate with Innovative 3Mers Around the World Choosing where to start and grow your career has a major impact on your professional and personal life, so it’s equally important you know that the company that you choose to work at, and its leaders, will support and guide you. With a diversity of people, global locations, technologies and products, 3M is a place where you can collaborate with other curious, creative 3Mers. This position provides an opportunity to transition from other private, public, government or military experience to a 3M career. The Impact You’ll Make in this Role The Director of IT Compliance is responsible for both the strategic development and operational execution of the organization’s IT/Cyber Compliance Management Program. The Director of IT/Cyber Compliance Management is responsible for overseeing the IT compliance strategy and ensuring that the organization’s IT infrastructure, policies, and practices comply with regulatory requirements, industry standards, and internal policies. This role involves managing compliance programs, ensuring audit readiness, and implementing best practices across the IT function. The Director of IT/Cyber Compliance works closely with internal audit, legal, and internal security teams and IT to align IT activities with the organization’s compliance goals. Here, you will make an impact by: Compliance Program Leadership: + Develop, implement, and manage the organization’s IT/Cyber compliance program to ensure alignment with applicable laws, regulations, and industry standards (e.g., GDPR, ISO, PCI-DSS, SWIFT, SOX, ISO 27001, TISAX, NIST CSF, CMMC, NIS2, COBIT). + Establish a governance structure to manage IT compliance across IT departments and ensure that policies and procedures are effectively communicated and enforced. + Ensure IT compliance requirements are embedded into business and IT processes Regulatory and Legal Compliance: + Stay current with changes in regulations and industry standards related to IT, cybersecurity, and data privacy (e.g., TISAX, GDPR, SOX, PCI-DSS, etc.). + Ensure the organization’s IT systems and processes meet regulatory requirements, including implementing new regulations as they arise. + Lead the preparation for and management of external and internal IT audits to ensure compliance with relevant standards and certifications. Policy Development and Enforcement: + Work with IT/Cyber policy management teams to develop, review, and update IT policies and procedures to ensure compliance with regulatory and legal requirements. + Enforce IT compliance policies and standards across the organization, ensuring that all employees adhere to established requirements. Audit and Monitoring: + Partner with internal IT audits, working closely with internal and external auditors to ensure readiness for audits related to regulatory compliance (e.g., SOX, TISAX, PCI, ISO, NIST CSF, CMMC, etc.). + Ensure ongoing monitoring and auditing of IT controls, systems, and processes to verify compliance with policies and regulations. + Respond to Client Cybersecurity Inquiries + Develop and track compliance metrics, preparing reports and dashboards for senior leadership. + Drive continuous improvement by identifying compliance gaps and implementing corrective actions. Continuous Improvement: + Stay current with industry trends and regulatory changes, emerging technologies, and best practices in IT/Cyber compliance. + Identify opportunities for process improvements and implement changes to enhance the effectiveness of IT/Cyber compliance program. Your Skills and Expertise: To set you up for success in this role from day one, 3M requires (at a minimum) the following qualifications: + Bachelor’s degree or higher (completed and verified prior to start) + Ten (10) years of experience in Cybersecurity in a private, public, government or military environment + Five (5) years of management and/or supervisor experience + CISSP certification or one of the following certifications such as CISA, CISM, CGEIT, ISO 27001 Lead Auditor/Lead Implementer, PCI DSS QSA + Multiple certifications from the list above are preferred Additional qualifications that could help you succeed even further in this role include: + Master’s degree in computer engineering, computer systems or information technology field from an accredited institution + Minimum of 8-10 years of experience in cybersecurity/risk management, with at least 5 years in a leadership role focused on IT/Cyber Compliance Management. + Strong knowledge of cybersecurity frameworks and standards (e.g., NIST CSF, ISO 27001, COBIT, TISAX, PCI, NIS2, SOX). + Other technology certifications e.g., ITIL, COBIT. + Excellent communication, negotiation, and relationship-building skills. + Strong analytical and problem-solving skills + Ability to work collaboratively with internal teams and external vendors. Work location: Work Your Way Eligible (hybrid) – Minneapolis & Austin Travel: In-Office Tuesday/Wednesday/Thursday Relocation Assistance: Yes Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status). Supporting Your Well-being 3M offers many programs to help you live your best life – both physically and financially. To ensure competitive pay and benefits, 3M regularly benchmarks with other companies that are comparable in size and scope. Chat with Max For assistance with searching through our current job openings or for more information about all things 3M, visit Max, our virtual recruiting assistant on 3M.com/careers. Applicable to US Applicants Only:The expected compensation range for this position is $222,044 - $271,387, which includes base pay plus variable incentive pay, if eligible. This range represents a good faith estimate for this position. The specific compensation offered to a candidate may vary based on factors including, but not limited to, the candidate’s relevant knowledge, training, skills, work location, and/or experience. In addition, this position may be eligible for a range of benefits (e.g., Medical, Dental & Vision, Health Savings Accounts, Health Care & Dependent Care Flexible Spending Accounts, Disability Benefits, Life Insurance, Voluntary Benefits, Paid Absences and Retirement Benefits, etc.). Additional information is available at: https://www.3m.com/3M/en\_US/careers-us/working-at-3m/benefits/. Good Faith Posting Date Range 02/12/2025 To 03/14/2025 Or until filled All US-based 3M full time employees will need to sign an employee agreement as a condition of employment with 3M. This agreement lays out key terms on using 3M Confidential Information and Trade Secrets. It also has provisions discussing conflicts of interest and how inventions are assigned. Employees that are Job Grade 7 or equivalent and above may also have obligations to not compete against 3M or solicit its employees or customers, both during their employment, and for a period after they leave 3M. Learn more about 3M’s creative solutions to the world’s problems at www.3M.com or on Instagram, Facebook, and LinkedIn @3M. Responsibilities of this position include that corporate policies, procedures and security standards are complied with while performing assigned duties. Pay & Benefits Overview: https://www.3m.com/3M/en\_US/careers-us/working-at-3m/benefits/ 3M is an equal opportunity employer. 3M will not discriminate against any applicant for employment on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or veteran status. Please note: your application may not be considered if you do not provide your education and work history, either by: 1) uploading a resume, or 2) entering the information into the application fields directly. 3M Global Terms of Use and Privacy Statement Carefully read these Terms of Use before using this website. Your access to and use of this website and application for a job at 3M are conditioned on your acceptance and compliance with these terms. Please access the linked document by clicking here (http://multimedia.3m.com/mws/media/1274940O/3m-jobs-country-data-privacy-statements-external.pdf) , select the country where you are applying for employment, and review. Before submitting your application, you will be asked to confirm your agreement with the terms.