Cybersecurity Manager

Position Summary

The Cybersecurity Manager will lead the development, implementation, and continuous improvement of Vessco Water’s enterprise cybersecurity program. This role ensures the security, confidentiality, integrity, and availability of company systems and data across a diverse, multi‑entity environment. The manager translates strategic goals into actionable programs and controls, coordinates with technical teams and external partners to execute a multi‑year cybersecurity roadmap, and oversees compliance with internal policies and external standards (NIST CSF, CMMC, and related frameworks).

They chair the Cybersecurity Risk Committee and partner with Finance, Legal, and HR to align priorities, investments, and reporting with enterprise risk and business goals.

• Develop, ratify, and operationalize the enterprise cybersecurity roadmap based on findings from ongoing gap assessments.
• Define and track KPIs/KRIs that measure risk reduction, maturity, and alignment to business objectives.
• Partner with the VP of IT Infrastructure & Operations to integrate cybersecurity into infrastructure design, IT operations, and M&A onboarding processes.
• Provide quarterly cybersecurity briefings to executive leadership, including progress on initiatives, risk posture, and investment recommendations.
• Maintain alignment with the organization’s broader IT strategy, digital transformation goals, and private‑equity value creation plan.

• Chair and manage the Cybersecurity Risk Committee, including preparation of agendas, materials, and action tracking.
• Develop and enforce enterprise security policies, standards, and controls, aligned with NIST CSF and other applicable frameworks.
• Oversee ongoing risk assessments, vulnerability management, and compliance initiatives (e.g., CMMC readiness, SOC 2, or other frameworks as applicable).
• Coordinate incident response planning, tabletop exercises, and post‑incident reviews.
• Support Legal and HR on data privacy, acceptable use, and regulatory compliance (e.g., data retention, vendor risk management, and employee awareness).

• Partner with network and systems engineers to design and implement secure architectures and configurations across servers, networks, endpoints, and cloud environments (Microsoft 365/Azure, AWS, etc.).
• Lead the selection, implementation, and optimization of security tools and services, such as:
• Endpoint Detection & Response (EDR)
• Security Information & Event Management (SIEM)
• Identity and Access Management (IAM/MFA)
• Privileged Account Management (PAM)
• Vulnerability management and patching
• Data loss prevention (DLP) and email security
• Backup/recovery and business continuity systems
• Manage external MSSP/SOC partners to ensure effective 24/7 monitoring, escalation, and remediation.
• Collaborate on security architecture reviews for new systems, integrations, and acquisitions.

• Partner with HR and Communications to enhance security awareness and training across all business units (e.g., phishing simulations, KnowBe4 campaigns).
• Develop playbooks, FAQs, and user‑friendly communications to embed cybersecurity into daily operations.
• Serve as a visible advocate for cybersecurity across the enterprise, helping leaders and employees understand their role in protecting the organization.

• Bachelor’s degree in Information Security, Computer Science, or related field (Master’s preferred).
• 7+ years of experience in cybersecurity, including at least 3 years in a management or lead role.
• Demonstrated success leading security programs in multi‑entity or distributed organizations (experience in manufacturing, distribution, or industrial sectors preferred).
• Strong knowledge of security frameworks (NIST CSF, CIS Controls, ISO 27001, CMMC).
• Experience managing external partners (MSSP, penetration testing firms, compliance assessors, etc.).
• Hands‑on familiarity with common enterprise technologies (Microsoft 365, Azure, Active Directory, firewalls, network segmentation, vulnerability management, etc.).

• CISSP, CISM, or CISA.
• CompTIA Security+…