Cybersecurity Service and Change Management Lead

Cybersecurity Service and Change Management Lead

Overview

3M seeks a Cybersecurity Service and Change Management Lead to drive service and change management excellence within the Cybersecurity organization. The role involves designing, implementing, and continuously improving the cybersecurity service catalog, service management processes, and change management framework.

Responsibilities include:

• Develop and maintain the cybersecurity service catalog, including versioning, changelog, and approvals.
• Coordinate service owners to ensure service management tools reflect the catalog for accurate request routing and reporting.
• Publish and socialize the catalog to improve discoverability, adoption, and continuous improvement.
• Develop, maintain, and update key service management artifacts and process flows, aligning with ITIL practices and audit/compliance requirements.
• Facilitate process‑mapping and optimization workshops across Cybersecurity functions.
• Document, maintain, and continuously improve the cybersecurity change management process in alignment with ITIL/ISO 27001/NIST CSF and enterprise IT change management.
• Define approval workflows, SLAs, quality gates, and evidence requirements for change requests.
• Ensure change requests align with IT change categories, risk tiers, and the enterprise IT change calendar.
• Plan, facilitate, and chair Cybersecurity CAB meetings (tiers 1‑3), maintain agendas, minutes, and audit‑ready records.
• Coordinate emergency change processes and post‑implementation reviews.
• Enforce segregation of duties, least privilege, and production access controls during change execution.
• Lead change request reviews, enforce process requirements, recommend improvements, and streamline approvals for Tier 4 (high‑risk/strategic) changes.
• Act as cybersecurity point of contact for enterprise IT change management and harmonize processes across domains.

• Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, Business, or a related technology field.
• Seven (7) years of experience in Cybersecurity, IT Service Management, or Change/Release Management in a private, public, government, or military environment.
• Deep knowledge of ITIL Change Enablement, Service Management, NIST CSF, and ISO/IEC 27001 frameworks.
• Experience managing enterprise change and service management processes, including CAB leadership and service catalog development.
• Proficiency with enterprise change, workflow, and GRC tools.
• Strong understanding of cybersecurity domains such as IAM, network/cloud security, SIEM/SOAR, and vulnerability management.
• Proven ability to assess risk, manage stakeholder communication, and coordinate complex, high‑impact changes across global teams.
• ITIL 4 Managing Professional or Change Enablement certification (preferred).
• Cybersecurity certifications such as CISSP or CISM (preferred).
• PMP, PRINCE2, or Prosci certifications are a plus.

• On‑site model requiring at least four days per week at the 3M Center in Maplewood, MN.
• Domestic travel up to 5% may be required.
• Relocation may be authorized.

Must be legally authorized to work in the country of employment without sponsorship for an employment visa status (e.g., H1B).

3M does not discriminate on the basis of race, color, sex, national origin, religion, age, disability, veteran status, or any other characteristic protected by law.

The expected compensation range for this position is $164,612 - $201,193, which includes base pay plus variable incentive pay if eligible. Additional benefits include medical, dental, vision, health savings accounts, dependent care flexible spending accounts, disability benefits, life insurance, voluntary benefits, paid absences, and retirement benefits.