Job Description:

Senior Cyber Third-Party Risk Analyst

Collaborate with Innovative 3Mers Around the World

Choosing where to start and grow your career has a major impact on your professional and personal life, so it’s equally important you know that the company that you choose to work at, and its leaders, will support and guide you. With a wide variety of people, global locations, technologies and products, 3M is a place where you can collaborate with other curious, creative 3Mers.

This position provides an opportunity to transition from other private, public, government or military experience to a 3M career.

The Impact You’ll Make in this Role

As a Senior Cyber Third-Party Risk Analyst, you will be responsible for assessing, managing, and mitigating cybersecurity risks associated with third-party vendors and partners. This role involves evaluating the security posture of third parties, ensuring compliance with internal and external cybersecurity standards, and working closely with various stakeholders to enhance the overall security framework. Here, you will make an impact through the following:

• Risk Assessment:
  • Conduct thorough cybersecurity risk assessments of third-party vendors and partners.
  • Collaborate with managed services to conduct cybersecurity risk assessments if a conflict of interest arises.
  • Evaluate the security posture of third parties through questionnaires, interviews, and security audits.
  • Identify potential vulnerabilities and threats posed by third-party relationships.
  • Review the quality of vendor risk assessments conducted by managed services to ensure they meet organizational standards.
  • Support escalations from manage services when risk decisions need to be raised to 3M.
• Vendor Management:
  • Collaborate with procurement and legal teams to ensure cybersecurity requirements are included in vendor contracts.
  • Monitor and review third-party compliance with security policies and standards.
  • Maintain an up-to-date inventory of third-party vendors and their risk profiles.
• Incident Response:
  • Assist in the investigation and response to security incidents involving third-party vendors.
  • Conduct third parties’ cybersecurity risk assessment.
• Reporting and Documentation:
  • Prepare detailed reports on third-party risk assessments and findings.
  • Document and track remediation efforts and follow-up actions.
  • Provide regular updates to senior management on third-party risk status.
• Policy Development:
  • Contribute to the development and maintenance of third-party risk management policies and procedures.
  • Ensure alignment with industry best practices and regulatory requirements.
• Training and Awareness:
  • Conduct training sessions for internal stakeholders on third-party risk management practices.
  • Promote awareness of third-party cybersecurity risks within the organization.
  • Prepare regular reports for senior management and the audit committee on the effectiveness of the IT control environment.
  • Track remediation efforts for control deficiencies and ensure timely resolution.
• Continuous Improvement:
  • Identify opportunities for enhancing the ITGC compliance program and overall IT control environment.
  • Stay current with changes in technology, regulatory requirements, and industry trends to ensure ongoing compliance and control improvement.

Your Skills and Expertise

To set you up for success in this role from day one, 3M requires (at a minimum) the following qualifications:

• Bachelor’s degree or higher (completed and verified prior to start) from an accredited institution.
• Five (5) years of experience in IT audit, IT compliance, or a related field with a focus on TPCRM​ in a private, public, government or military environment.

Additional qualifications that could help you succeed even further in this role include:

• In-depth knowledge and experience in TPCRM programs and application of ITGC.
• Advanced degree or professional certifications (e.g., CISA, CISSP, CRISC) preferred.
• Experience using the Archer GRC tool preferred.
• Cybersecurity Knowledge: In-depth understanding of cybersecurity principles, practices, and frameworks, including risk assessment methodologies and threat management.
• Third-Party Risk Management: Proven experience in managing third-party risk, including conducting and overseeing third-party cybersecurity risk assessments.
• Regulatory Compliance: Familiarity with relevant regulatory requirements and industry standards (e.g., GDPR, CCPA, ISO 27001, NIST) and the ability to ensure compliance.
• Continuous Improvement: Commitment to staying current with the latest cybersecurity trends, threats, and best practices, and continuously improving the organization's risk management processes.

Applicable to US Applicants Only:The expected compensation range for this position is $122,292 - $149,468, which includes base pay plus variable incentive pay, if eligible. This range represents a good faith estimate for this position. The specific compensation offered to a candidate may vary based on factors including, but not limited to, the candidate’s relevant knowledge, training, skills, work location, and/or experience. In addition, this position may be eligible for a range of benefits (e.g., Medical, Dental & Vision, Health Savings Accounts, Health Care & Dependent Care Flexible Spending Accounts, Disability Benefits, Life Insurance, Voluntary Benefits, Paid Absences and Retirement Benefits, etc.). Additional information is available at: https://www.3m.com/3M/en_US/careers-us/working-at-3m/benefits/.Good Faith Posting Date Range 05/06/2025 To 06/05/2025 Or until filledAll US-based 3M full time employees will need to sign an employee agreement as a condition of employment with 3M. This agreement lays out key terms on using 3M Confidential Information and Trade Secrets. It also has provisions discussing conflicts of interest and how inventions are assigned. Employees that are Job Grade 7 or equivalent and above may also have obligations to not compete against 3M or solicit its employees or customers, both during their employment, and for a period after they leave 3M.Learn more about 3M’s creative solutions to the world’s problems at www.3M.com or on Instagram, Facebook, and LinkedIn @3M.Responsibilities of this position include that corporate policies, procedures and security standards are complied with while performing assigned duties.Pay & Benefits Overview: https://www.3m.com/3M/en_US/careers-us/working-at-3m/benefits/3M does not discriminate in hiring or employment on the basis of race, color, sex, national origin, religion, age, disability, veteran status, or any other characteristic protected by applicable law.

Please note: your application may not be considered if you do not provide your education and work history, either by: 1) uploading a resume, or 2) entering the information into the application fields directly.

3M Global Terms of Use and Privacy Statement

Carefully read these Terms of Use before using this website. Your access to and use of this website and application for a job at 3M are conditioned on your acceptance and compliance with these terms.

Please access the linked document by clicking here, select the country where you are applying for employment, and review. Before submitting your application, you will be asked to confirm your agreement with the terms.