Information Security Privacy Specialist (Maplewood, MN)

  • Company: 3M
  • Location: Maplewood, Minnesota
  • Posted: November 07, 2017
  • Reference ID: R00049337
At 3M, we apply science in collaborative ways to improve lives daily. With $30 billion in sales, our 90,000 employees connect with customers all around the world.

3M has a long-standing reputation as a company committed to innovation. We provide the freedom to explore and encourage curiosity and creativity. We gain new insight from diverse thinking, and take risks on new ideas.

Here, you can apply your talent in bold ways that matter.

Job Description:

3M is seeking an experienced Information Security Privacy Specialist to join the Oral Care Division Quality group with the position located in Maplewood, MN

Job Summary:
3M is seeking a senior Information Security Privacy Specialist responsible for the ongoing management of the information security and privacy policies, standards and procedures governing the technical systems and information handling practices of 3M Oral Care systems across the globe. The role establishes handling practices and controls for all types of Personally Identifiable Information. The role will also serve as the designated HIPAA security officer for 3M Oral Care which collects, processes and holds electronic personal health information (ePHI). In this capacity the role is responsible for providing ePHI compliance processes including establishing and measuring security controls. The role maintains confidentiality, integrity and availability for the business.

There is continuing growth in the number of systems and business processes that capture, transmit and store information categorized as 3M Confidential and 3M Regulated due to its PII and ePHI content. Security & compliance requirements often dictate the need for an accountable role that drives and oversees fundamental processes and can serve as a single point of ownership for outside regulatory agencies and customers, when needed.

The portfolio growth of digital products in 3M Oral Care justifies the need for this role that will report into the Oral Care Division Quality group, with a dotted line to the global Information Security, Risk and Compliance organization.

Primary Responsibilities include but are not limited to the following:

Serve as the Information Security Privacy Specialist in the global business of 3M Oral Care
  • Partner with 3M's Information Security, Risk & Compliance group and other stakeholders to establish, guide and monitor privacy information handling practices related to the systems and workflow of 3M Oral Care to ensure security controls are appropriate and operating as intended.
  • Lead the development and maintenance of local and global information security policies, procedures and standards for 3M Oral Care aligned to corporate policies and compliance requirements.
  • Develop and maintain business continuity and disaster recovery protocols
  • Have an in-depth knowledge of all 3M Oral Care digital systems, architectures, and future strategies
  • Conduct information security risk assessments, develop risk remediation plans, and manage risk remediation efforts.
  • Assist the R&D team with developing technical requirements, evaluating vendor solutions, developing architecture and design, and testing of data protection and security solutions
  • Participate in the due diligence process for new and ongoing vendor relationships, including reviews of privacy and security controls and practices. Extend security controls to external service providers.

Lead the security risk management program for the global business of 3M Oral Care which is subject to the HIPAA Privacy, Security and Breach Notification Rules.
  • Partner with 3M's Information Security, Risk & Compliance group and other stakeholders to implement a security control structure for HIPAA requirements using the NIST 800-53 and other control frameworks.
  • Coordinate evidence and responses for internal and external audits.
  • Facilitate local breach responses for ePHI if necessary.
  • Maintain a strong knowledge of the HIPAA Security Rule, global ePHI and Privacy security regulations.
  • Create, manage and maintain applicable security training and awareness for the 3M Oral Care business

Basic Qualifications:
  • Bachelor degree or higher from an accredited institution
  • Minimum of six (6) years of work experience guiding information security systems and programs
  • Experience complying with HIPAA Security Rule, Privacy Regulations and PII protections

Preferred Qualifications:
  • CIPM/CIPP, CISSP or commensurate certifications.
  • Demonstrated organization, facilitation, interpersonal communication, and presentation skills and fostering a collaborative work environment.
  • Information risk assessment experience.
  • Strong technical security skills shaped by hands-on experience with application and OS hardening, vulnerability management and security systems

Location: Maplewood, MN
Travel: May include up to 10% domestic/international travel
Relocation Benefits: Are not authorized for this position

Must be legally authorized to work in country of employment without a sponsorship for employment visa status (e.e. H1B status).

Learn more about 3M's creative solutions to the world's problems at or on Twitter @3M or @3MNewsroom.

3M is an equal opportunity employer. 3M will not discriminate against any applicant for employment on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or veteran status.
Please note: your application may not be considered if you do not provide your education and work history, either by: 1) uploading a resume, or 2) entering the information into the application fields directly.

3M Global Terms of Use and Privacy Statement

Carefully read these Terms of Use before using this website. Your access to and use of this website and application for a job at 3M are conditioned on your acceptance and compliance with these terms.

Please access the linked document by clicking here , select the country where you are applying for employment, and review. Before submitting your application you will be asked to confirm your agreement with the terms.

Share this Job