Cybersecurity Service And Change Management Lead

Cybersecurity Service and Change Management Lead

Choosing where to start and grow your career has a major impact on your professional and personal life, so it's equally important you know that the company that you choose to work at, and its leaders, will support and guide you. With a wide variety of people, global locations, technologies and products, 3M is a place where you can collaborate with other curious, creative 3Mers.

This position provides an opportunity to transition from other private, public, government or military experience to a 3M career.

The Impact You'll Make in this Role

At 3M, you will drive service and change management excellence within the Cybersecurity organization. As the Cybersecurity Service and Change Management Lead, you will design, implement, and continuously improve the Cybersecurity service catalog, service management processes, and change management framework to ensure efficient, compliant, and controlled delivery of cybersecurity initiatives. You will serve as the primary liaison between Cybersecurity and Enterprise IT Change Management, enabling transparency, quality, and minimal business disruption. Here, you will make an impact by:

Cybersecurity service catalog development and maintenance

• Develop and maintain the Cybersecurity service catalog.
• Establish and maintain process for catalog changes, including review, and approval, versioning and changelog.
• Coordinate service owners to update and maintain service management tools in alignment with service catalogue to enable accurate request routing, reporting, and portfolio visibility.
• Publish and socialize the catalog to improve discoverability and adoption; capture feedback for continuous improvement.

Service management artifacts and process flows

• Coordinate Cybersecurity teams to develop, maintain, and update key service management artifacts and process flows.
• Advise and support on service management artifacts as needed, aligning with ITIL practices and audit/compliance requirements.
• Facilitate process-mapping and optimization workshops across Cybersecurity functions.
• Ensure document quality, version control, and centralized accessibility; drive standardization across teams.

Cybersecurity Change Management Process Design and Improvement

• Design, document, and continuously improve the Cybersecurity change management process aligned to ITIL/ISO 27001/NIST CSF and the IT change management process.
• Define approval workflows, SLAs, quality gates, and evidence requirements.
• Align Cybersecurity change requests to defined IT change categories and risk tiers.
• Ensure alignment to enterprise IT change calendar, blackout/maintenance windows, and change freeze protocols.
• Enforce pre-implementation requirements (testing, rollback/back-out plans, segregation of duties, peer reviews, impact analysis).

Change Advisory Board (CAB) Facilitation

• Plan, facilitate, and chair Cybersecurity CAB meetings (Tiers 1–3) to ensure quorum, risk review, approval, and timely decision-making.
• Maintain agendas, minutes, action items, and audit-ready records for all change approval activities.
• Coordinate emergency change processes and ensure controlled handling, with proper post-implementation review and documentation.

Tier 4 (High-Risk/Strategic) Changes

• Understand and enforce criteria for Tier 4 Cybersecurity changes.
• Drive risk assessment, impact analysis and executive-level approvals for Tier 4 changes; ensure cross-functional sign-offs.
• Orchestrate readiness reviews, test plans, back-out strategies, and stakeholder communications for Tier 4 changes.
• Present and champion Cybersecurity changes at the Tier 4 IT CAB.

Change Request Review and Enforcement

• Review change requests for completeness, risk rating, operational impact, and required artifacts (test evidence, rollback plan, approver list).
• Enforce process requirements, SLAs, and quality standards; reject or remediate inadequate change requests.
• Monitor adherence to segregation of duties, least privilege, and production access controls during change execution.
• Lead post-implementation reviews (PIRs) and root-cause analysis of failed changes.

IT Change Management Alignment

• Act as Cybersecurity POC for enterprise IT Change Management.
• Harmonize change processes across Cybersecurity domains.
• Drive alignment with IT definitions for standard/normal/emergency changes and integrate with IT release management, incident, and problem management.

Your Skills and Expertise

To set you up for success in this role from day one, 3M requires (at a minimum) the following qualifications:

• Bachelor's degree in Information Systems, Cybersecurity, Computer Science, Business or technology field (completed and verified prior to start)
• Seven (7) years of experience in Cybersecurity, IT Service Management, or Change/Release Management in a private, public, government or military environment

Additional qualifications that could help you succeed even further in this role include:

• Deep knowledge of ITIL Change Enablement, Service Management, NIST CSF, and ISO/IEC 27001 frameworks
• Experience managing enterprise change and service management processes including CAB leadership and service catalog development
• Proficiency with enterprise change, workflow, and GRC tools
• Strong understanding of cybersecurity domains such as IAM, network/cloud security, SIEM/SOAR, and vulnerability management
• Proven ability to assess risk, manage stakeholder communication, and coordinate complex, high-impact changes across global teams
• ITIL 4 Managing Professional or Change Enablement certification
• Cybersecurity certification such as CISSP or CISM
• PMP, PRINCE2, or Prosci certification (nice to have)

Work location:

• This role follows an on-site working model, requiring the employee to work at least four days a week at the 3M Center in Maplewood, MN.
• Travel: May include up to 5% domestic
• Relocation: May be authorized

Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status).