Position Title: Cybersecurity and Information Security Manager
Location: Miami, Florida (In-Office)
Reports To: Director of Technology
Position Type: Permanent - Full-Time
POSITION OVERVIEW
This role serves as the company's primary cybersecurity resource, responsible for securing duPont Registry's systems, data, websites, and third-party platforms. The Cybersecurity & Information Security Manager balances business enablement with security oversight, managing everything from endpoint protection and incident response to vendor assessments and user awareness training.
The ideal candidate is self-sufficient, technically curious, and comfortable wearing multiple hats. They will perform both operational security tasks and higher-level program design in a fast-paced, entrepreneurial environment. They are also comfortable communicating and managing at the technical, configuration levels while providing key insight to executive boards through targeted high-level reporting.
KEY RESPONSIBILITIES
Security Operations & Infrastructure
- Perform daily monitoring of security logs, alerts, and reports from firewalls, EDR, SIEM, and cloud environments.
- Manage endpoint, network, and email security solutions; ensure systems are patched, updated, and compliant.
- Oversee security of cloud and hosted services (AWS, Azure, Google Workspace, Microsoft 365, etc.).
- Respond to and manage security incidents, data breaches, and vulnerabilities in coordination with IT vendors.
- Perform internal security assessments, penetration testing coordination, and vulnerability scans.
Governance, Risk & Compliance
- Develop, maintain, and implement cybersecurity policies and procedures aligned with modern frameworks (NIST CSF, CIS Controls).
- Assist with risk assessments and vendor evaluations, especially for technology partners and marketing platforms.
- Support compliance efforts related to privacy and payment requirements (CCPA, GDPR, PCI-DSS).
- Maintain documentation for audits and leadership reporting.
Awareness & Training
- Conduct regular employee security awareness and phishing simulation campaigns.
- Promote a culture of cybersecurity across departments with practical, business-friendly approaches.
Strategic Support & Reporting
- Provide regular reports to the CFO and leadership on cybersecurity posture, incidents, and key risks.
- Participate in budgeting and planning for cybersecurity tools and services.
- Stay current on emerging threats and technologies to continuously enhance the company's defenses.
QUALIFICATIONS
- Bachelor's degree in Information Security, Information Technology, Computer Science, or related field (or equivalent experience).
- At least seven years of experience in IT security, cybersecurity operations, or systems administration.
- Hands-on experience with key technologies: firewalls, endpoint protection, cloud security, Google cloud, Microsoft 365, and SIEM.
- Working knowledge of network security principles, web application security, and vulnerability management.
- Solid understanding of risk-based decision-making and practical security implementation in small/medium business environments.
- Preferred: Security-related certifications such as Security+, CEH, GSEC, CISSP, or CISM.
- Exposure to ecommerce, media, or marketing technology environments.
- Experience implementing or managing security standards such as NIST, CIS Controls, or ISO 27001.
