We, at Leggett and Platt Inc., are searching for an experienced IT Risk Analyst III within our IT Governance, Risk, and Complianceteam to help support ourbusiness. As a global-diversified manufacturing company, its sometimes hard to explain all the different things we do. We like to say, were the biggest company no one has ever heard of. We are confident you interact with one of our products in your daily life without knowing it. Whether its the mattress you sleep on, the car you drive, the plane you fly on, or the furniture you sit on, our high-quality components are there supporting you. If you join our team, your work will ensure people across the world have a little more comfort in their lives.As an IT Risk Analyst, you will have the opportunity to help a global manufacturing company manage security risks across the organization through identification, evaluation, tracking, remediation, acceptance, and more. Your contributions will have a direct impact on the business by enriching confidence to Leggett shareholders, customers, and vendors with our information security program. The team you will be working with is engaging, innovative, and encouraging individuals with a goal of continuous improvements to compliance while enhancing and supporting business needs, and values your input on evaluations, impacts analysis, mitigations, and recommendations.So, what will you be doing as a IT Risk Analyst III?
Manage a global enterprise information security risk registry.
Act as a subject matter expert in enterprise information security risk analysis and management
[Identify and document information security risks across the global enterprise including business units, information technology, and operational technology.]{#Hlk104362511}
Evaluate identified information security risks using both qualitative and quantitative risk scoring activities.
Use metrics, documentation, interviews, and other artifacts to make recommendations and drive risk mitigation tactics and efforts.
[Generate reports, presentations, documents, and other collateral to present risk content to senior leadership.]{#Hlk104390602}
[Work with key stakeholders, leadership, business units, and other internal and external constituents to evaluate and manage information security risks.]{#Hlk104390641}
Track progress on risk remediation efforts and provide appropriate reporting to constituents and senior leadership.
Assist in the development, review, and update of appropriate information security policies, standards, procedures, and guidelines using generally recognized security concepts tailored to meet the requirements of the organization.
Coordinate risk management activities including exception handling, control reviews, risk prioritization, risk reporting, mitigation, compensating controls, documentation, etc.
Participate in risk management exercises to evaluate processes, vendors, services, and technology solutions against industry standards, frameworks, corporate policies, and regulatory compliance standards.
Engage with IT and business leaders to refresh, test, and validate disaster recovery and business continuity plans.
Drive an enterprise information security risk management and operational maturity program using industry recognized standards such as NIST, CMMC, ITIL, ISO, etc.
Conduct information security assessments of third-party vendors, solutions, partners value added resellers, supply chain providers, and other external entities to track and manage risks associated to the vendors.
Monitor 3rd party entities for potential information security risk events and ensure vendors comply with an annual risk assessment.
To be successful in this role, youll need:
3-5+ years working in information security and risk management
Bachelors Degree or equivalent experience required.
Strong knowledge of IT systems, risk analysis, or Compliance field
Know edge of and experience with known information security risk and maturity models such as CVSS, Mitre, FAIR, CMMC, C2M2, etc.
Demonstrated ability to qualify and quantify information security risks and provide recommendations and methodology for managing, prioritizing risks, and guiding mitigation efforts.
Experience in designing, conducting, responding to, analyzing, and managing internal and external risk assessments.
Clear analytical/quantitative skills with an ability to be creative and think outside the box to manage complex situations.
Effective interpersonal skills with the ability to relate to all levels of management.
Excellent written and oral communication, organizational, problem solving, and decision-making skills.
Proven track record to motivate partners and key stakeholders to mitigate and reduce security risks.
Possess a high standard of ethics and operate with integrity and professionalism.
Ability to thrive in an environment of change and manage multiple tasks and responsibilities simultaneously.
Ability to drive results with minimal oversight.
Strong skills in Microsoft Office / O365 technologies (Excel, Word, SharePoint, Forms, etc)
Working knowledge of standards and frameworks such as NIST CSF, HIPAA, ISO, etc.
Things we consider a plus:
General knowledge of SOX, PCI, GDPR, ITIL and other IT industry standards
Strong understanding of information security regulatory requirements and best practices.
Experience with Microsoft Power Platform (Power BI, Power Automate, Power Apps)
Prior experience working for an industrial manufacturing company.
Travel to global sites and partner with key business unit stakeholders
What to Do NextNow that youve had a chance to learn more about us, what are you waiting for! Apply today and allow us the opportunity to learn more about you and the value you can bring to our team. Once you apply, be sure to create a profile, and sign up for job alerts, so you can be the first to know when new opportunities become available.Our ValuesOur values speak to our shared beliefs and describe how we approach working together.
Put People First reflects our commitment to safety and care of each other, learning and development, and creating an inclusive environment of mutual respect, empathy and belonging.
Do the Right Thing focuses us on acting with honesty and integrity, delivering the results the right way, taking pride in our work, and speaking the truth - good or bad.
Do Great WorkTogether occurs when we engage without hierarchy, collaborate as a team, embrace challenges, and work for the good of all of us.
Take Ownership and Raise the Bar demonstrates our responsibility to add value and make a difference, challenge the status quo and biases to make things better, foster innovative and creative solutions to drive impact, and explore new perspectives and embrace change.
Our Commitment to YouWe're actively taking steps to make sure our culture is inclusive and that our processes and practices promote equity for all. Leggett and Platt is comprised of people of all abilities, gender identities and expressions, ages, ethnicities, sexual orientations, veteran status, and more. Join us!We welcome and encourage applications if you meet the minimum qualifications. Even if you do not meet the preferred qualifications, wed love the opportunity to consider you.Equal Employment Opportunity/Affirmative Action/Veteran/Disability EmployerFor more information about how we handle your pers