Cybersecurity Service and Change Management Lead at 3M

Job Description:

Cybersecurity Service and Change Management Lead

Collaborate with Innovative 3Mers Around the World

Choosing where to start and grow your career has a major impact on your professional and personal life, so it’s equally important you know that the company that you choose to work at, and its leaders, will support and guide you. With a wide variety of people, global locations, technologies and products, 3M is a place where you can collaborate with other curious, creative 3Mers.

This position provides an opportunity to transition from other private, public, government or military experience to a 3M career.The Impact You’ll Make in this Role

At 3M, you will drive service and change management excellence within the Cybersecurity organization. As the Cybersecurity Service and Change Management Lead, you will design, implement, and continuously improve the Cybersecurity service catalog, service management processes, and change management framework to ensure efficient, compliant, and controlled delivery of cybersecurity initiatives. You will serve as the primary liaison between Cybersecurity and Enterprise IT Change Management, enabling transparency, quality, and minimal business disruption. Here, you will make an impact by:

Cybersecurity service catalog development and maintenance

• Develop and maintain the Cybersecurity service catalog.
• Establish and maintain process for catalog changes, including review, and approval, versioning and changelog.
• Coordinate service owners to update and maintain service management tools in alignment with service catalogue to enable accurate request routing, reporting, and portfolio visibility.
• Publish and socialize the catalog to improve discoverability and adoption; capture feedback for continuous improvement.

Service management artifacts and process flows

• Coordinate Cybersecurity teams to develop, maintain, and update key service management artifacts and process flows.
• Advise and support on service management artifacts as needed, aligning with ITIL practices and audit/compliance requirements.
• Facilitate process-mapping and optimization workshops across Cybersecurity functions.
• Ensure document quality, version control, and centralized accessibility; drive standardization across teams.

Cybersecurity Change Management Process Design and Improvement

• Design, document, and continuously improve the Cybersecurity change management process aligned to ITIL/ISO 27001/NIST CSF and the IT change management process.
• Define approval workflows, SLAs, quality gates, and evidence requirements.
• Align Cybersecurity change requests to defined IT change categories and risk tiers.
• Ensure alignment to enterprise IT change calendar, blackout/maintenance windows, and change freeze protocols.
• Enforce pre-implementation requirements (testing, rollback/back-out plans, segregation of duties, peer reviews, impact analysis).

Change Advisory Board (CAB) Facilitation

• Plan, facilitate, and chair Cybersecurity CAB meetings (Tiers 1–3) to ensure quorum, risk review, approval, and timely decision-making.
• Maintain agendas, minutes, action items, and audit-ready records for all change approval activities.
• Coordinate emergency change processes and ensure controlled handling, with proper post-implementation review and documentation.

Tier 4 (High-Risk/Strategic) Changes

• Understand and enforce criteria for Tier 4 Cybersecurity changes.
• Drive risk assessment, impact analysis and executive-level approvals for Tier 4 changes; ensure cross-functional sign-offs.
• Orchestrate readiness reviews, test plans, back-out strategies, and stakeholder communications for Tier 4 changes.
• Present and champion Cybersecurity changes at the Tier 4 IT CAB.

Change Request Review and Enforcement:

• Review change requests for completeness, risk rating, operational impact, and required artifacts (test evidence, rollback plan, approver list).
• Enforce process requirements, SLAs, and quality standards; reject or remediate inadequate change requests.
• Monitor adherence to segregation of duties, least privilege, and production access controls during change execution.
• Lead post-implementation reviews (PIRs) and root-cause analysis of failed changes.

IT Change Management Alignment:

• Act as Cybersecurity POC for enterprise IT Change Management.
• Harmonize change processes across Cybersecurity domains.
• Drive alignment with IT definitions for standard/normal/emergency changes and integrate with IT release management, incident, and problem management.

Your Skills and Expertise:

To set you up for success in this role from day one, 3M requires (at a minimum) the following qualifications:

• Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, Business or technology field (completed and verified prior to start)
• Seven (7) years of experience in Cybersecurity, IT Service Management, or Change/Release Management in a private, public, government or military environment

Additional qualifications that could help you succeed even further in this role include:

• Deep knowledge of ITIL Change Enablement, Service Management, NIST CSF, and ISO/IEC 27001 frameworks
• Experience managing enterprise change and service management processes including CAB leadership and service catalog development
• Proficiency with enterprise change, workflow, and GRC tools
• Strong understanding of cybersecurity domains such as IAM, network/cloud security, SIEM/SOAR, and vulnerability management
• Proven ability to assess risk, manage stakeholder communication, and coordinate complex, high-impact changes across global teams
• ITIL 4 Managing Professional or Change Enablement certification
• Cybersecurity certification such as CISSP or CISM
• PMP, PRINCE2, or Prosci certification (nice to have)

Work location:

• Work location: This role follows an on-site working model, requiring the employee to work at least four days a week at the 3M Center in Maplewood, MN.
• Travel: May include upto 5% domestic
• Relocation: May be authorized Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status).Supporting Your Well-being

3M offers many programs to help you live your best life – both physically and financially. To ensure competitive pay and benefits, 3M regularly benchmarks with other companies that are comparable in size and scope.

Chat with Max

For assistance with searching through our current job openings or for more information about all things 3M, visit Max, our virtual recruiting assistant on 3M.com/careers.

Applicable to US Applicants Only:The expected compensation range for this position is $164,612 - $201,193, which includes base pay plus variable incentive pay, if eligible. This range represents a good faith estimate for this position. The specific compensation offered to a candidate may vary based on factors including, but not limited to, the candidate’s relevant knowledge, training, skills, work location, and/or experience. In addition, this position may be eligible for a range of benefits (e.g., Medical, Dental & Vision, Health Savings Accounts, Health Care & Dependent Care Flexible Spending Accounts, Disability Benefits, Life Insurance, Voluntary Benefits, Paid Absences and Retirement Benefits, etc.). Additional information is available at: https://www.3m.com/3M/en_US/careers-us/working-at-3m/benefits/.

All US-based 3M full time employees will need to sign an employee agreement as a condition of employment with 3M. This agreement lays out key terms on using 3M Confidential Information and Trade Secrets. It also has provisions discussing conflicts of interest and how inventions are assigned. Employees that are Job Grade 7 or equivalent and above may also have obligations to not compete against 3M or solicit its employees or customers, both during their employment, and for a period after they leave 3M.

Learn more about 3M’s creative solutions to the world’s problems at www.3M.com or on Instagram, Facebook, and LinkedIn @3M.

Responsibilities of this position include that corporate policies, procedures and security standards are complied with while performing assigned duties.

Safety is a core value at 3M. All employees are expected to contribute to a strong Environmental Health and Safety (EHS) culture by following safety policies, identifying hazards, and engaging in continuous improvement.

Pay & Benefits Overview: https://www.3m.com/3M/en_US/careers-us/working-at-3m/benefits/

3M does not discriminate in hiring or employment on the basis of race, color, sex, national origin, religion, age, disability, veteran status, or any other characteristic protected by applicable law.

Please note: your application may not be considered if you do not provide your education and work history, either by: 1) uploading a resume, or 2) entering the information into the application fields directly.3M Global Terms of Use and Privacy Statement

Carefully read these Terms of Use before using this website. Your access to and use of this website and application for a job at 3M are conditioned on your acceptance and compliance with these terms.

Please click on the following links and select the country where you are applying for employment to review the applicable Terms of Use (link here) and Privacy Policy (link here). Before submitting your application, you will be asked to confirm your agreement with the terms.