Sr. Manager, Risk and Compliance

Press Tab to Move to Skip to Content Link

Select how often (in days) to receive an alert:

We, at Leggett & Platt Inc., are searching for an experienced Sr. Manager, Risk and Compliance within our Corporate IT team to help support our business. As a global-diversified manufacturing company, it’s sometimes hard to explain all the different things we do. We like to say, “we’re the biggest company no one has ever heard of.” We are confident you interact with one of our products in your daily life without knowing it. Whether it’s the mattress you sleep on, the car you drive, the plane you fly on, or the furniture you sit on, our high-quality components are there supporting you. If you join our team, your work will ensure people across the world have a little more comfort in their lives.

As a Sr. Manager, Risk and Compliance, you will have the opportunity to stay current on security assessments and risk management as Leggett continually strives to match the right security approaches while meeting business goals, objectives, and regulatory requirements. Your contributions will have a direct impact on the business by enriching customer confidence while protecting information security at Leggett. The team you will lead is engaging, innovative, and encouraging with a common goal of making continuous improvements to compliance while supporting business needs.

1. Develop, grow, and manage risk management program, by institutionalizing policies and procedures that assess, identify, quantify, and track risk
2. Manage a global enterprise information security risk registry
3. Work with key stakeholders, leadership, business units, and other internal and external constituents to evaluate and manage information security risks
4. Drive an enterprise information security risk management and operational maturity program using industry recognized standards such as NIST, CMMC, ITIL, ISO, etc.
5. Manage program to conduct information security assessments of third-party vendors, solutions, partners, value-added resellers, supply chain providers, and other external entities to track and manage risks associated to the vendors
6. Demonstrated ability to qualify & quantify information security risks and provide recommendations and methodology for managing, prioritizing risks, and guiding mitigation efforts
7. Manage efforts to perform targeted risk and control assessments of new and existing service providers

1. Ensure the company complies with relevant cyber laws, regulations, and industry standards
2. Manage Sarbanes Oxley Act compliance (for public company) ensuring IT general controls adherence and compliance
3. Monitor changes in regulations
4. Lead efforts to coordinate and complete information security assessments, including third-party vendors, identifying, compiling, and analyzing assessment inputs and/or executing and documenting risk or controls assessments in accordance with the defined approach
5. Drive the creation and operation of IT general controls, program processes, procedures, and workflows
6. Lead gaps analysis against regulatory expectations or industry standards
7. Track compliance processes such as remediation plans, exception/variance handling, audit requests, and recurring audit reviews to ensure timely completion

• Generate reports, presentations, documents, and other collateral to present assessment updates to senior leadership

• Coordinate with Internal Audit and external audits to track and address findings working with SMEs across IT and the business
• Lead efforts to validate, identify remediation actions, and monitor gaps identified through security risk and controls assessments

• Minimum of 5-7 years of experience in risk management and compliance, with at least 3 years in a managerial role
• Strong knowledge of regulatory requirements and industry standards
• Excellent analytical, communication, and leadership skills
• Ability to work collaboratively and influence stakeholders at all levels
• Strong knowledge of IT systems or Compliance field
• Working knowledge of standards and frameworks such as SOX, PCI, CMMC, IATF, GDPR, NIST CSF, HIPAA, ISO, etc.
• Experience with compliance reviews, identifying findings, and developing remediations
• Bachelor’s Degree or equivalent experience required
• Effective interpersonal skills to relate to all levels of management
• Excellent written and oral communication, organizational, problem-solving, and decision-making skills
• Proven ability to motivate partners and stakeholders to mitigate security risks
• High standard of ethics, operating with integrity and professionalism
• Ability to thrive in a changing environment and manage multiple tasks
• Ability to work independently or in a team
• Ability to drive results with minimal oversight
• Limited travel to global sites and ability to partner with key stakeholders
Preferred qualifications:
• Experience in a global environment and knowledge of international compliance
• Understanding of information security risks relating to OT systems
• Professional certifications such as CRM, CCEP, or equivalent

What to do next: Apply today to join our team and bring your value to us. Create a profile, sign up for job alerts, and stay informed about new opportunities.

Our Values:

· Put People First: Commitment to safety, care, learning, and inclusion.

· Do the Right Thing: Acting with honesty, integrity, and pride.

· Do Great Work…Together: Collaboration, engagement, and embracing challenges.

· Take Ownership and Raise the Bar: Adding value, making improvements, fostering innovation, and embracing change.

Our commitment to you:

We promote an inclusive culture and equitable practices. Join us regardless of abilities, gender, age, ethnicity, orientation, veteran status, or more.

We encourage applications from all qualified individuals. Even if you do not meet all preferred qualifications, we consider your application.

Equal Opportunity Employer. For assistance applying, contact us via email.