Director, IT Security Privacy
Armstrong Flooring, Inc., United States

Our Director, IT Security amp; Privacy position is responsible for providing enterprise-wide leadership to establish and maintain a comprehensive Information Security program and oversee data privacy for Armstrong Flooring. You will develop, implement and maintain security policies and procedures, workforce and department training, annual and on-going risk assessments, oversee our investigation and remediation of security-related incidents and compliance breaches, and ensure the organization is compliant with regulatory requirements related to information technology. You will also need to stay current on regulatory concerns impacting enterprise risk and security trends and best practices. This role reports directly to the Senior Vice President, Chief Information Officer.

Location: 2500 Columbia Avenue, Lancaster, PA 17604 temporarily 100% remote due to COVID
New Location Coming Summer 2021: 1770 Hempstead Road, Lancaster, PA 17601. Catch a sneak preview here!

How you’ll contribute to the team:

• Establish a Cybersecurity Governance program with the following objectives:
  • Ensure that the organization's risk posture, with respect to information security, is within the defined risk tolerance.
  • Ensure alignment of information security policies, principles and personal accountabilities with both business objectives and other relevant policies.
  • Provide input on proposed significant information security projects and to provide feedback on their success and realized benefits.
  • Provide Information Security awareness, education, and training to employees to ensure an understanding of their role in protecting organizational data and systems
• Establish and lead a Privacy program related to the collection, storage and usage of data and information that aligns with corporate expectations.
• Execute the IT Security Program to protect Armstrong Flooring data and critical information technology resources from a wide range of threats in order to ensure business continuity, minimize the business risk, and maximize return on investments and business opportunities.
• Develop and enhance an up-to-date information security management framework based on the NIST Cybersecurity Framework. Identifying and proposing projects/initiatives on an annual basis to improve the organizations security posture.
  • Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
  • Develop and maintain information security process metrics to demonstrate the effectiveness of the controls put in place. Track key performance indicators to drive ongoing improvements in service delivery
• Complete security assessments for new and existing applications and services that will integrate into the IT systems and/or provide services for the organization
• Maintain existing and define new information security policies as required
• Oversight and management of the Vulnerability Management Program for devices and applications that support the business
• Manage and contain information security incidents and events to protect organization assets, intellectual property, regulated data and the company's reputation.
  • Coordinate the development and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas
• Create a risk-based process for the assessment and mitigation of any information security risk in your ecosystem consisting of supply chain partners, vendors, consumers and any other third parties
• Regularly evaluate industry trends, changes, innovations, and maturity to recommend and plan the introduction of new technologies. Stay abreast of technological developments to provide business partners with best in class economics for necessary infrastructure
• Budget, track and allocate IT security costs to align with strategic objectives and improve cost transparency for business stakeholders.
  • Provide guidance, input, and management of direct and indirect budget spending
• Collaborate with multiple technology architecture and engineering teams to tie technology investments and process improvement to the business experience of services
• Oversee the selection testing, deployment, and maintenance of security hardware and software products as well as outsourced arrangements
• Lead and coach IT delivery resources to manage project scope and issues, to result in successful project implementations and program delivery
• Manage the organizations IT security staff and consultants/contractors that support the IT S

Job Rewards and Benefits