Director, Cybersecurity Risk Management

Thank you for your interest in working for our Company. Recruiting the right talent is crucial to our goals. On April 1, 2024, 3M Healthcare underwent a corporate spin-off leading to the creation of a new company named Solventum. We are still in the process of updating our Careers Page and applicant documents, which currently have 3M branding. Please bear with us. In the interim, our Privacy Policy here: https://www.solventum.com/en-us/home/legal/website-privacy-statement/applicant-privacy/ continues to apply to any personal information you submit, and the 3M-branded positions listed on our Careers Page are for Solventum positions. As it was with 3M, at Solventum all qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Job Description:

Director, Cybersecurity Risk Managemen

At Solventum, we enable better, smarter, safer healthcare to improve lives. As a new company with a long legacy of creating breakthrough solutions for our customers’ toughest challenges, we pioneer game-changing innovations at the intersection of health, material and data science that change patients' lives for the better while enabling healthcare professionals to perform at their best. Because people, and their wellbeing, are at the heart of every scientific advancement we pursue.

We partner closely with the brightest minds in healthcare to ensure that every solution we create melds the latest technology with compassion and empathy. Because at Solventum, we never stop solving for you.

The Impact You’ll Make in this Role

As Director, Cybersecurity Risk Management, you will lead the overall information security risk management program and strategy, providing skilled leadership to build high-performing team(s), and engaging IT and Business leaders across a wide spectrum of projects.  Your collaborative approach and exceptional communication skills will play a significant role in your success, as you engage and support colleagues inside and outside the organization.  As part of this new Healthcare spinoff, you will have the opportunity to create an industry best-practice program that serves as a strategic enabler for the business.   

Responsibilities

• Drive cybersecurity risk management taxonomy and framework/ methodology including implementing an Enterprise Control Framework (ECF) utilizing NIST/HITRUST controls that align with Enterprise Risk Management (ERM) objectives.

• Lead a team that performs risk assessments, and identify, mitigate, and track to closure risks across the enterprise, providing actionable data and recommended solutions to organization leadership.

• Define standardized risk assessment and exception handling processes, including defining what constitutes an exception and the criteria for managing them.

• Develop and execute gold-standard information security governance strategy and program. Drive culture of transparency, integrity, and accountability.

• Focus efforts to support cyber- and business resilience, ensuring the organization is well-prepared to counter risks to continuity of operations.

• Develop the appropriate security checkpoints against software and infrastructure development lifecycles, shifting effort to prevent rework and build security by design into every project.

• Establish a robust Findings & Remediation program that identifies trends in newly discovered risks, provides actionable reporting, identifies root cause, and works collaboratively to reduce inherent risk and technical debt.

• Use expertise to scale programs up and down to meet the current regulatory environment and the risk appetite of the organization.

• Establish and maintain robust data security governance, including creation, classification, retention, retrieval, and disposal of records.

• Monitor regulatory changes and industry standards.

• Coordinate the transfer of information into or out of the firm in compliance with organizational policies. When necessary, ensure the proper execution of destruction orders.

• Implement supporting protocols and processes to ensure statutory, regulatory, ethical and privacy requirements are met for the management of physical and electronic information.

• Support data governance efforts across the organization, including but not limited to data classification, data retention and disposal, data sharing, records management, archiving data, and data privacy. 

Your Skills and Expertise 

To set you up for success in this role from day one, Solventum requires (at a minimum) the following qualifications:

• Bachelor’s Degree or higher from an accredited institution 12 years of experience in Information Technology/Information Security.

OR

• High School Diploma/GED or higher from a (completed and verified prior to start) and 16 years of experience in Information Technology/Information Security.

• Extensive background in Governance, Risk & Compliance, with particular focus on Risk Management in Healthcare or other highly regulated industry.

• Experience building and optimizing best practice Enterprise Risk Management, Third Party Risk Management, Risk Quantification, as well as Data Governance and Artificial Intelligence (AI).

• Supporting certifications and coursework demonstrating continual learning.  CISSP strongly preferred, or equivalent experience across a broad spectrum of Information Security disciplines

• Ten (10) years of experience building and leading global IT, digital and/or cybersecurity programs in a private, public, government or military environment

• Minimum five (5+) years leading Information Security Governance programs

• Experience working with Risk, Security and/or Audit frameworks (SOX, HiTrust, SOC2, PCI, ISO 27001/2, NIST CFS / 800-53, FedRAMP, StateRAMP, and EIC 62443, etc.

Additional qualifications that could help you succeed even further in this role include:

• Master's Degree in Computer Science, Information Security or related field from an accredited institution

• Successful track record of leading organizations through external audits and assessments.  Experience writing and communicating directly with regulators and external auditors, responding appropriately to external inquiries while protecting the organization.

• In-depth knowledge of legal and regulatory requirements, including data protection laws (e.g., GDPR, CCPA) and legal hold obligations.

• Supporting certifications such as CRISC, CISM

• Experience leading Business Continuity Planning and/or Cyber Resilience teams.

• Successful track record developing and leading information governance programs, policies, procedures, and best practices.

• Experience advising on a range of cyber risk management activities and information security industry best practices

Work location:

• Remote USA

Travel: May include up to 5% domestic/international]

Relocation Assistance: May be authorized

 

Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status).

 

Supporting Your Well-being 

Solventum offers many programs to help you live your best life – both physically and financially. To ensure competitive pay and benefits, Solventum regularly benchmarks with other companies that are comparable in size and scope. 

Applicable to US Applicants Only:The expected compensation range for this position is $222,044 - $271,387, which includes base pay plus variable incentive pay, if eligible. This range represents a good faith estimate for this position. The specific compensation offered to a candidate may vary based on factors including, but not limited to, the candidate’s relevant knowledge, training, skills, work location, and/or experience. In addition, this position may be eligible for a range of benefits (e.g., Medical, Dental & Vision, Health Savings Accounts, Health Care & Dependent Care Flexible Spending Accounts, Disability Benefits, Life Insurance, Voluntary Benefits, Paid Absences and Retirement Benefits, etc.). Additional information is available at: https://www.solventum.com/en-us/home/our-company/careers/#Total-Rewards

Responsibilities of this position include that corporate policies, procedures and security standards are complied with while performing assigned duties.

Solventum is committed to maintaining the highest standards of integrity and professionalism in our recruitment process.  Applicants must remain alert to fraudulent job postings and recruitment schemes that falsely claim to represent Solventum and seek to exploit job seekers.

Please note that all email communications from Solventum regarding job opportunities with the company will be from an email with a domain of @solventum.com. Be wary of unsolicited emails or messages regarding Solventum job opportunities from emails with other email domains.

Please note, Solventum does not expect candidates in this position to perform work in the unincorporated areas of Los Angeles County.

Solventum is an equal opportunity employer.  Solventum  will not discriminate against any applicant for employment on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or veteran status.

Please note: your application may not be considered if you do not provide your education and work history, either by: 1) uploading a resume, or 2) entering the information into the application fields directly.

Solventum Global Terms of Use and Privacy Statement

Carefully read these Terms of Use before using this website. Your access to and use of this website and application for a job at Solventum are conditioned on your acceptance and compliance with these terms.

Please access the linked document by clicking here, select the country where you are applying for employment, and review. Before submitting your application you will be asked to confirm your agreement with the
terms.