Cybersecurity Service and Change Management Lead

About The Position

Requirements

• Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, Business or technology field (completed and verified prior to start)
• Seven (7) years of experience in Cybersecurity, IT Service Management, or Change/Release Management in a private, public, government or military environment

Nice To Haves

• Deep knowledge of ITIL Change Enablement, Service Management, NIST CSF, and ISO/IEC 27001 frameworks
• Experience managing enterprise change and service management processes including CAB leadership and service catalog development
• Proficiency with enterprise change, workflow, and GRC tools
• Strong understanding of cybersecurity domains such as IAM, network/cloud security, SIEM/SOAR, and vulnerability management
• Proven ability to assess risk, manage stakeholder communication, and coordinate complex, high-impact changes across global teams
• ITIL 4 Managing Professional or Change Enablement certification
• Cybersecurity certification such as CISSP or CISM
• PMP, PRINCE2, or Prosci certification

Responsibilities

• Develop and maintain the Cybersecurity service catalog. Establish and maintain process for catalog changes, including review, and approval, versioning and changelog.
• Coordinate service owners to update and maintain service management tools in alignment with service catalogue to enable accurate request routing, reporting, and portfolio visibility.
• Publish and socialize the catalog to improve discoverability and adoption; capture feedback for continuous improvement.
• Coordinate Cybersecurity teams to develop, maintain, and update key service management artifacts and process flows.
• Advise and support on service management artifacts as needed, aligning with ITIL practices and audit/compliance requirements.
• Facilitate process-mapping and optimization workshops across Cybersecurity functions.
• Ensure document quality, version control, and centralized accessibility; drive standardization across teams.
• Design, document, and continuously improve the Cybersecurity change management process aligned to ITIL/ISO 27001/NIST CSF and the IT change management process.
• Define approval workflows, SLAs, quality gates, and evidence requirements.
• Align Cybersecurity change requests to defined IT change categories and risk tiers.
• Ensure alignment to enterprise IT change calendar, blackout/maintenance windows, and change freeze protocols.
• Enforce pre-implementation requirements (testing, rollback/back-out plans, segregation of duties, peer reviews, impact analysis).
• Plan, facilitate, and chair Cybersecurity CAB meetings (Tiers 1–3) to ensure quorum, risk review, approval, and timely decision-making.
• Maintain agendas, minutes, action items, and audit-ready records for all change approval activities.
• Coordinate emergency change processes and ensure controlled handling, with proper post-implementation review and documentation.
• Understand and enforce criteria for Tier 4 Cybersecurity changes.
• Drive risk assessment, impact analysis and executive-level approvals for Tier 4 changes; ensure cross-functional sign-offs.
• Orchestrate readiness reviews, test plans, back-out strategies, and stakeholder communications for Tier 4 changes.
• Present and champion Cybersecurity changes at the Tier 4 IT CAB.
• Review change requests for completeness, risk rating, operational impact, and required artifacts (test evidence, rollback plan, approver list).
• Enforce process requirements, SLAs, and quality standards; reject or remediate inadequate change requests.
• Monitor adherence to segregation of duties, least privilege, and production access controls during change execution.
• Lead post-implementation reviews (PIRs) and root-cause analysis of failed changes.
• Act as Cybersecurity POC for enterprise IT Change Management.
• Harmonize change processes across Cybersecurity domains.
• Drive alignment with IT definitions for standard/normal/emergency changes and integrate with IT release management, incident, and problem management.
• Responsibilities of this position include that corporate policies, procedures and security standards are complied with while performing assigned duties.
• Safety is a core value at 3M. All employees are expected to contribute to a strong Environmental Health and Safety (EHS) culture by following safety policies, identifying hazards, and engaging in continuous improvement.

Benefits

• Medical, Dental & Vision
• Health Savings Accounts
• Health Care & Dependent Care Flexible Spending Accounts
• Disability Benefits
• Life Insurance
• Voluntary Benefits
• Paid Absences
• Retirement Benefits