MRO Corporation is hiring: Information Security Advisor in Norristown

As an Information Security Advisor, you will help lead our security initiatives and provide expert guidance on security standards, practices, and policies. This role requires a strong understanding of the Information Security concepts, strategic thinking, and the ability to mentor junior members of the Information Security team and collaborate across multiple teams and external partners.If you are passionate about safeguarding sensitive information and driving continuous improvement in Information Security practices, we encourage you to apply.

TASKS AND RESPONSIBILITIES:

• Ability to champion significant Information Security projects, ensuring alignment with industry standards and practices.
• Serve as the lead for the creation and implementation of internal cybersecurity policies and procedures, ensuring robust information protection.
• Train members of the Information Security Team on information security tools, technologies and concepts.
• Lead and coordinate with third-party vendors and consultants to ensure effective implementation of security measures.
• Proactively monitor and identify vulnerabilities within our systems, informing relevant teams to facilitate risk management and resolution efforts.
• Participate in vulnerability scanning across the organization's network, systems, and applications, ensuring timely identification and remediation of security risks.
• Act as the primary contact for information security initiatives and provide thought leadership across multiple disciplines, influencing best practices within the technology and security community.
• Recognized as the go-to person for complex cybersecurity assignments, providing guidance and support to internal teams and stakeholders.

SKILLS|EXPERIENCE:

• Bachelor's Degree in computer science or related discipline
• Strong understanding of cybersecurity standards, practices, and policies.
• Understanding of compliance frameworks such as HITRUST and hands on implementation experience of SOC2.
• Hands on experience with SIEM technologies (eg: Splunk, Rapid7, CS Next-Gen SIEM)
• Experience with endpoint protection tools (e.g. encryption, AV, EDR)
• Hands on experience of security tools implementation including initial setup, configuration and managing daily operations.
• Experience with Windows, Linux, and MacOS architectures
• Knowledge of on-premise virtualization (VMware) and multiple cloud platforms (eg: Azure, GCP, AWS)
• Understanding of network concepts and protocols, including monitoring logs for anomalous activity.
• Proven experience in leading projects and managing vendor relationships.
• Excellent communication skills, with the ability to assertively address Information Security challenges.
• Familiarity with risk analysis and mitigation methodology, security policy and procedure development, incident response and handling, security training and awareness.
• Hands on knowledge of incident response (InvestigationForensic)
• Understanding of OWASP top 10 principles of application security
• Hands on experience on reviewing and analyzing IIS and/or Kubernetes logs for threat investigation.

PREFERRED:

• Security related certifications (e.g., CISSP, CISM, or equivalent).
• Scripting and automation capabilities via tools like: Python, Bash, Powershell, API
• Active engagement in Information Security communities, keeping apprised of the latest tools, technologies, and threats.