Sr. Manager, Risk and Compliance

We, at Leggett & Platt Inc., are searching for an experienced Sr. Manager, Risk and Compliance within our Corporate ITteam to help support our business. As a global-diversified manufacturing company, it’s sometimes hard to explain all the different things we do. We like to say, “we’re the biggest company no one has ever heard of.” We are confident you interact with one of our products in your daily life without knowing it. Whether it’s the mattress you sleep on, the car you drive, the plane you fly on, or the furniture you sit on, our high-quality components are there supporting you. If you join our team, your work will ensure people across the world have a little more comfort in their lives.

As a Sr. Manager, Risk and Compliance, you will have the opportunity to stay current on security assessments and risk management as Leggett continually strives to match the right security approaches while meeting business goals, objectives, and regulatory requirements. Your contributions will have a direct impact on the business by enriching customer confidence while protecting information security at Leggett. The team you will lead is engaging, innovative, and encouraging with a common goal of making continuous improvements to compliance while enhancing and supporting business needs.

So, what will you be doing as a Sr. Manager, Risk and Compliance?

Risk Management:

• Develop, grow, and manage risk management program, by institutionalizing policies and procedures that assess, identify, quantify, and track risk
• Manage a global enterprise information security risk registry
• Work with key stakeholders, leadership, business units, and other internal and external constituents to evaluate and manage information security risks.
• Drive an enterprise information security risk management and operational maturity program using industry recognized standards such as NIST, CMMC, ITIL, ISO, etc.
• Manage program to conduct information security assessments of third-party vendors, solutions, partners value added resellers, supply chain providers, and other external entities to track and manage risks associated to the vendors
• Demonstrated ability to qualify & quantify information security risks and provide recommendations and methodology for managing, prioritizing risks, and guiding mitigation efforts
• Manage efforts to perform targeted risk and control assessments of new and existing service providers

Compliance:

• Ensure the company complies with relevant cyber laws, regulations, and industry standards
• Manage Sarbanes Oxley Act compliance (for public company) ensuring IT general controls adherence and compliance
• Monitor changes in regulations
• Lead efforts to coordinate and complete information security assessments, to include third party vendors, which may include identifying, compiling, and analyzing assessment inputs and/or the execution and documentation of the risk or controls assessment in accordance with the defined approach
• Drive the creation and operation of IT general controls, program processes, procedures, and workflows
• Lead gaps analysis against regulatory expectations or industry standards.
• Track compliance processes such as remediation plans, exception/variance handling, audit requests, and recurring audit reviews to ensure timely completion

Reporting:

• Generate reports, presentations, documents, and other collateral to present assessment updates to senior leadership

Audit:

• Coordinate with Internal Audit and external audits to track and address findings working with SMEs across IT and the business
• Lead efforts to validate, identify remediation actions, and monitor gaps identified through security risk and controls assessments

To be successful in this role, you’ll need:

• Minimum of 5-7 years of experience in risk management and compliance, with at least 3 years in a managerial role
• Strong knowledge of regulatory requirements and industry standards
• Excellent analytical, communication, and leadership skills
• Ability to work collaboratively and influence stakeholders at all levels
• Strong knowledge of IT systems or Compliance field
• Working knowledge of standards and frameworks such as SOX, PCI, CMMC, IATF, GDPR, NIST CSF, HIPAA, ISO, etc.
• Experienced with compliance reviews, identifying findings, and developing remediations
• Bachelor’s Degree or equivalent experience required
• Clear analytical/quantitative skills
• Effective interpersonal skills with the ability to relate to all levels of management
• Excellent written and oral communication, organizational, problem solving, and decision-making skills
• Proven track record to motivate partners and key stakeholders to mitigate and reduce security risks
• Possess a high standard of ethics and operate with integrity and professionalism
• Ability to thrive in an environment of change and manage multiple tasks and responsibilities simultaneously
• Ability to work well in a team environment or independently
• Ability to drive results with minimal oversight
• Limited Travel to global sites and partner with key business unit stakeholders

Things we consider a plus:

• Previous experience working in a global environment and knowledge of international compliance
• Understanding of information security risks and compliance as it relates to OT systems
• Professional certifications such as Certified Risk Manager (CRM), Certified Compliance and Ethics Professional (CCEP), or equivalent

What to Do Next

Now that you’ve had a chance to learn more about us, what are you waiting for! Apply today and allow us the opportunity to learn more about you and the value you can bring to our team. Once you apply, be sure to create a profile, and sign up for job alerts, so you can be the first to know when new opportunities become available.

Our Values

Our values speak to our shared beliefs, and describe how we approach working together.

· Put People First reflects our commitment to safety and care of each other, learning and development, and creating an inclusive environment of mutual respect, empathy and belonging.

· Do the Right Thing focuses us on acting with honesty and integrity, delivering the results the right way, taking pride in our work, and speaking the truth – good or bad.

· Do Great Work…Together occurs when we engage without hierarchy, collaborate as a team, embrace challenges, and work for the good of all of us.

· Take Ownership and Raise the Bar demonstrates our responsibility to add value and make a difference, challenge the status quo and biases to make things better, foster innovative and creative solutions to drive impact, and explore new perspectives and embrace change.

Our Commitment to You

We're actively taking steps to make sure our culture is inclusive and that our processes and practices promote equity for all. Leggett & Platt is comprised of people of all abilities, gender identities and expressions, ages, ethnicities, sexual orientations, veteran status, and more. Join us!

We welcome and encourage applications if you meet the minimum qualifications. Even if you do not meet the preferred qualifications, we’d love the opportunity to consider you.

Equal Employment Opportunity/Veterans/Disability Employer

For more information about how we handle your personal data in connection with our recruiting processes, please refer to the Recruiting Privacy Notice on the “Privacy Notice” tab located at http://privacy.leggett.com