At 3M, we apply science in collaborative ways to improve lives daily. With $30 billion in sales, our 90,000 employees connect with customers all around the world.
3M has a long-standing reputation as a company committed to innovation. We provide the freedom to explore and encourage curiosity and creativity. We gain new insight from diverse thinking, and take risks on new ideas.
Here, you can apply your talent in bold ways that matter.Job Description:3M is seeking an experienced Information Security Privacy Specialist to join the Oral Care Division Quality group with the position located in Maplewood, MNJob Summary
3M is seeking a senior Information Security Privacy Specialist responsible for the ongoing management of the information security and privacy policies, standards and procedures governing the technical systems and information handling practices of 3M Oral Care systems across the globe. The role establishes handling practices and controls for all types of Personally Identifiable Information. The role will also serve as the designated HIPAA security officer for 3M Oral Care which collects, processes and holds electronic personal health information (ePHI). In this capacity the role is responsible for providing ePHI compliance processes including establishing and measuring security controls. The role maintains confidentiality, integrity and availability for the business.
There is continuing growth in the number of systems and business processes that capture, transmit and store information categorized as 3M Confidential and 3M Regulated due to its PII and ePHI content. Security & compliance requirements often dictate the need for an accountable role that drives and oversees fundamental processes and can serve as a single point of ownership for outside regulatory agencies and customers, when needed.
The portfolio growth of digital products in 3M Oral Care justifies the need for this role that will report into the Oral Care Division Quality group, with a dotted line to the global Information Security, Risk and Compliance organization.Primary Responsibilities
include but are not limited to the following:
Serve as the Information Security Privacy Specialist in the global business of 3M Oral Care
- Partner with 3M's Information Security, Risk & Compliance group and other stakeholders to establish, guide and monitor privacy information handling practices related to the systems and workflow of 3M Oral Care to ensure security controls are appropriate and operating as intended.
- Lead the development and maintenance of local and global information security policies, procedures and standards for 3M Oral Care aligned to corporate policies and compliance requirements.
- Develop and maintain business continuity and disaster recovery protocols
- Have an in-depth knowledge of all 3M Oral Care digital systems, architectures, and future strategies
- Conduct information security risk assessments, develop risk remediation plans, and manage risk remediation efforts.
- Assist the R&D team with developing technical requirements, evaluating vendor solutions, developing architecture and design, and testing of data protection and security solutions
- Participate in the due diligence process for new and ongoing vendor relationships, including reviews of privacy and security controls and practices. Extend security controls to external service providers.
Lead the security risk management program for the global business of 3M Oral Care which is subject to the HIPAA Privacy, Security and Breach Notification Rules.
- Partner with 3M's Information Security, Risk & Compliance group and other stakeholders to implement a security control structure for HIPAA requirements using the NIST 800-53 and other control frameworks.
- Coordinate evidence and responses for internal and external audits.
- Facilitate local breach responses for ePHI if necessary.
- Maintain a strong knowledge of the HIPAA Security Rule, global ePHI and Privacy security regulations.
- Create, manage and maintain applicable security training and awareness for the 3M Oral Care business
- Bachelor degree or higher from an accredited institution
- Minimum of six (6) years of work experience guiding information security systems and programs
- Experience complying with HIPAA Security Rule, Privacy Regulations and PII protections
- CIPM/CIPP, CISSP or commensurate certifications.
- Demonstrated organization, facilitation, interpersonal communication, and presentation skills and fostering a collaborative work environment.
- Information risk assessment experience.
- Strong technical security skills shaped by hands-on experience with application and OS hardening, vulnerability management and security systems
May include up to 10% domestic/international travelRelocation Benefits:
Are not authorized for this position
Must be legally authorized to work in country of employment without a sponsorship for employment visa status (e.e. H1B status).
Learn more about 3M's creative solutions to the world's problems at www.3M.com or on Twitter @3M or @3MNewsroom.
Please access the linked document by clicking here , select the country where you are applying for employment, and review. Before submitting your application you will be asked to confirm your agreement with the terms.