Cyber Incident Lead

Job Description : Cyber Incident Lead

Collaborate with Innovative 3Mers Around the World

Choosing where to start and grow your career has a major impact on your professional and personal life, so it’s equally important you know that the company that you choose to work at, and its leaders, will support and guide you. With a variety of people, global locations, technologies and products, 3M is a place where you can collaborate with other curious, creative 3Mers.

This position provides an opportunity to transition from other private, public, government or military experience to a 3M career.

The Impact You Will Make in this Role :

The Cyber Incident Lead will drive and coordinate our organization's cybersecurity incident response initiatives and is responsible for implementing a continuous testing strategy and conducting full-scale cyber exercises to identify and address inefficiencies and gaps in incident management. Based on these tests and exercises, the Cyber Incident Lead will design remediation plans with impacted groups to enhance their readiness and capabilities. This role will centralize the command center, streamline communication, and facilitate cross-functional collaboration among teams such as IAM, Infrastructure, and Network, ensuring comprehensive management of cyber incidents.

Key Responsibilities :

Lead and coordinate cross-functional response teams during cybersecurity incidents, ensuring timely decision-making and clear communication.

Design, facilitate, and lead cyber tabletop exercises to test and enhance organizational preparedness, coordination, and decision-making under simulated attack scenarios.

Develop and maintain the organization’s cyber incident response strategy, playbooks, and escalation protocols.

Conduct regular incident response exercises and simulations to ensure readiness across technical and business teams.

Mentor and guide incident response personnel, fostering a culture of preparedness, accountability, and continuous improvement. ​

Direct the technical investigation of security incidents, including root cause analysis, impact assessment, and containment strategies.

Coordinate and oversee the documentation of activities, analysis, and remediation actions for cybersecurity incidents.

Ensure incident documentation is thorough, accurate, and aligned with regulatory and legal requirements.

Continuously evaluate and improve incident response tools, processes, and capabilities based on lessons learned and threat landscape evolution. ​

Serve as the primary liaison between technical teams, executive leadership, legal, communications, and external stakeholders during incidents.

Communicate incident status, risks, and business impact clearly and effectively to both technical and non-technical audiences.

Partner with IT, OT, and business units to ensure incident response coverage across all environments.

Ensure compliance with internal policies, industry standards, and regulatory requirements related to incident response and breach notification.

Lead post-incident reviews and drive remediation efforts to strengthen the organization’s cyber resilience.

Your Skills and Expertise :

To set you up for success in this role from day one, 3M requires (at a minimum) the following qualifications :

Bachelor’s degree in Cybersecurity, Information Assurance, or a related field completed and verified prior to start from an accredited institution

8+ years of experience in cybersecurity, with 3+ years in a senior incident response or leadership role

Additional qualifications that could help you succeed even further in this role include :

Master’s degree preferred

Proven experience leading major incident response efforts, including ransomware, insider threats, and supply chain attacks

Deep knowledge of digital forensics, malware analysis, and incident containment strategies

Familiarity with legal and regulatory requirements for breach notification and evidence handling

Strong leadership and crisis management skills, with the ability to coordinate across technical, legal, and executive teams

Excellent verbal and written communication skills, including executive-level reporting and stakeholder engagement

Certifications such as CISM, CISSP, GCFA, or C-CISO are highly desirable​

Work location : On site at least 4 days a week in Minneapolis, MN

Travel : up to 15%

Relocation Assistance : is authorized

Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status).

Supporting Your Well-being

3M offers many programs to help you live your best life – both physically and financially. To ensure competitive pay and benefits, 3M regularly benchmarks with other companies that are comparable in size and scope.