Sr Analyst, Cybersecurity Strategy & Risk - Risk Management (remote) in Marysville, OH at ScottsMiracle-Gro

Date Posted: 6/9/2022

Job Snapshot

Job Description

Here at Scotts Miracle-Gro there is no such thing as a typical day.  Our culture is constantly energized by new and exciting growth opportunities and at a rapid pace.  Every Associate plays an important role in providing innovative solutions for today’s gardeners and growers and contributing new ideas to improve operations. In our company you need grit, it is what we were founded on over 150 years ago and is what keeps us growing. Regardless of your level in the organization there is a platform for your voice to be heard and the ability to influence change. Family, community and hard working values are weaved into all that we do. Come grow with us, where we develop and nurture the next generation of leaders. ​

Job Overview:

We are looking for a Sr Analyst, Cybersecurity Strategy & Risk (remote) who will join our Information & Cyber Security team in a remote capacity, with some travel to our world headquarters, US and International facilities, etc required as needed.  The Scotts Miracle-Gro (“SMG”) world headquarters is in Marysville, a suburb of Columbus, OH.  Not familiar with Columbus? Visit Columbus Region to learn more!

The Scotts Miracle-Gro Company recognizes that our continued long-term success depends on executing not only our strategy, but also protecting our brands, our assets, and our data.  The confidentiality, integrity and availability of Scotts’ information assets and IT resources, as well as the adherence to laws and contractual obligations regarding information processing, is critical to the mission of the Company.  To support that mission, the company continues to invest significant capital and resources to improve our information security capabilities.  The Sr Analyst, Cybersecurity Strategy & Risk (remote) is a key member of the Information & Cyber Security team responsible for developing and implementing these long-term Information Security strategies for the Company.

This position and the Information & Cyber Security team play a key role in protecting our assets from events that may have a negative impact to the Company and its shareholders.  We are looking for high-performing and high-potential candidates who can make a significant and immediate contribution to our team.

What you’ll do in this role:

  • Drives execution and management of enterprise security strategy aligned with technology governance and control frameworks such as NIST CSF, COBIT, PCI, ITIL, SOX and ISO 27001/2 with focus on People, Processes, and Technology.

  • Performs focused information risk assessments of existing or new services and technologies, along with business counterparts.

  • Proactively identify privacy and data security risks in processes and systems and propose broad risk mitigation strategies across the risk management portfolio.

  • Manage the ongoing tracking of risk register items, conduct updates to risk register status and follow up of overdue items.

  • Identifies and facilitates implementation of appropriate controls to effectively manage information risks as needed.

  • Communicates risk assessment findings to team owners and custodians of information risk “business partners,” or information governance teams and information security teams.

  • Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.

  • Manage efforts around data discovery, data classification and data loss prevention.

  • Support gathering data for Key Performance Indicators (KPI), metrics, risk assessments, data security, internal and external assessments of control effectiveness, and issue remediation & exception management

  • Drives continuous improvement for risk and control reporting to ensure compliance with new and/or changing policies, standards and guidelines

  • Maintains up-to-date knowledge and understanding of applicable compliance drivers (PCI, CCPA, SOX, etc.) in order to adjust and improve internal controls as well as provide guidance to the business where necessary

  • Develops and maintains documentation to ensure consistent, reliable, and repeatable processes

What you’ll need to be successful:

  • Bachelor's Degree (BA/BS) from 4-year college or university. Major in Computer Science, Computer Applications or Management Information Systems preferred; or the equivalent combination of training, education, or experience

  • 3+ years experience in IT risk management, IT internal audit, compliance or cybersecurity required

  • Professional certification such as CRISC, CISA, CGEIT, CISM or similar preferred

  • Familiar with assessment frameworks/standards (i.e. NIST, ISO/27000 Series, BITS SIG/SAS-70/SSAE-16, COBIT/SOX IT Control Testing, PCI-DSS)

  • Proficient in risk assessment and analysis methodologies

  • Proficient in generally accepted change, problem and incident management principles (e.g. ITIL)

  • Proactive and self-motivated with ability to work both independently and as part of a team at all levels and across departments

  • Strong analytical, problem solving and conceptual skills to identify and deliver high performing solutions

  • Strong verbal and written communication skills, with an ability to express complex technical concepts in understandable business terms. 

Non-Technical skills:

  • Problem Solving & Analysis

  • Business Acumen

  • Communication & Leadership

  • Relationship Building

  • Creativity & Innovation

  • Influence & Organizational Savvy

  • Planning & Organizing 

What we do for you (just to list a few cool ones):

  • Offer extremely competitive benefits including Health, Dental and Vision coverage.

  • 401K match (up to 7.5%). No waiting period on vesting or match.

  • Discounted stock purchasing program (15% discount).

  • 13 paid holidays and a generous vacation policy.

  • Fitness Club Reimbursement ($350) ]

  • Nutrition reimbursement program (up to $200 per associate and per spouse)

  • Our commitment to diversity and inclusion includes employee resource groups: Scotts Women’s Network, Scotts Black Employee Network, Scotts Veterans Network, GroPride Network, Scotts Associates for a Greener Earth (SAGE), TREE (Together Respecting, Empowering, and Encouraging Families) and Scotts Young Professionals

Here at ScottsMiracle-Gro, we believe providing an enriching and engaging employee experience is what sets us apart from other organizations. We recognize our employees are so much more than just their job title so we offer programs and benefits that support them in all aspects of their lives. Wondering how we do it? Below is a glimpse of our highlight reel…

  • Our Live Total Health program provides you with options to align to your personal needs.  Selections range from medical, dental and vision coverage for you, your spouse/domestic partner and dependents to an outstanding wellness reimbursement program to an unbelievable 401K match (up to 7.5%) as well as a 15% discount on company stock and much more

  • We know our talent is our most precious asset and your unique development contributes to our organization’s success now and in the future.  Career growth at our company is not always a ladder.  It’s much more like a rock climbing adventure.  Grow through exploration and experiences rather than a predictable linear path.

  • We value the importance of family. We provide access to Maven Family Planning and up to $30,000 to accommodate for adoption, fertility and surrogacy.

  • Be part of something bigger by joining one of our Employee Resource Groups focusing on diversity and inclusion, family, education and sustainability: Scotts Women’s Network, Scotts Black Employees’ Network, Scotts Veterans’ Network, Scotts Young Professionals, Scotts Pride Network (GroPride), Scotts Associates for a Greener Earth (SAGE), Scotts Family TREE and our Associate Boards.

  • Join a company with a strong belief in giving back to the communities where we live and work.  We have a shared passion for service and volunteerism and believe participating in community service benefits our communities and strengthens our team. 

Not interested in this role? Stay up to date on future opportunities by joining our ScottsMiracle-Gro and Hawthorne Gardening talent communities.

Scotts is an EEO Employer, dedicated to a culturally diverse, drug free workplace.

EEO/AA Employer/Minority/Female/Disability/Veteran/Sexual Orientation/Gender Identity

Notification to Agencies:

Please note that the Scotts Miracle-Gro company does not accept unsolicited resumes from recruiters or employment agencies. In the absence of a signed Master Service Agreement, and specific approval to submit resumes to an approved requisition, the Scotts Miracle-Gro company will not consider or approve payment regarding recruiter fees or referral compensations.