About mSupply TM
mSupply is North America’s leading distributor of OEM repair parts and equipment, serving professionals in the appliance, HVAC, plumbing, commercial kitchen, and pool/spa industries. Headquartered in St. Louis, MO, mSupply is a multi-billion-dollar enterprise offering an extensive product range, industry expertise, and seamless service. With more than 2,000 associates across the U.S. and Canada, mSupply’s family of brands delivers with speed, reliability, and precision through its branches, distribution centers, and extensive fleet of delivery vehicles. Shipped orders reach 93% of U.S. customers via next-day ground delivery and 100% within two days. For more information, visit mSupply.com.
Job Summary
The Cybersecurity Manager is a hands-on operational leader responsible for executing and continuously improving the organization's security program under the direction of the VP of IT Security. This role supports a large national HVAC and appliance parts provider with several thousand employees, more than 100 locations, multiple ERP platforms, complex enterprise and branch networks, warehouse and distribution operations, e-commerce and internal application environments, and a broad mix of infrastructure, service desk, and development teams. The Manager leads two Security Analysts, coordinates as a peer with the Senior Security Analyst, and works alongside the Security Administrator on deployments and operational support. This role requires strong technical execution, experience operating in large distributed environments, and the ability to partner closely with infrastructure, ERP, service desk, and development stakeholders to reduce risk without disrupting business operations.
Job Duties & Responsibilities
Lead daily alert triage, threat monitoring, and incident response across endpoint, server, network, cloud, and branch environments spanning corporate, warehouse, distribution, and field locations
Manage EDR/MDR and SIEM operations across a large distributed enterprise; serve as the primary operational contact for MSSPs and ensure coverage for branch offices, core infrastructure, and critical business systems
Own the incident response process — contain, investigate, remediate, and document security events; coordinate cross-functional response with infrastructure, network, service desk, ERP, and application teams, and conduct post-incident reviews with clear remediation plans
Oversee security monitoring and response for identity, remote access, privileged access, and email security platforms; coordinate with the Security Administrator and service desk teams on escalations, recurring issues, and operational support processes
Direct and develop two Security Analysts — set priorities, manage workload, conduct performance reviews, and serve as the escalation point for investigations, operational decisions, and security engineering support
Execute and maintain PCI DSS controls within the defined scope, including environments supporting payment processing, branch operations, and customer-facing systems; coordinate evidence gathering and support annual assessment activities
Support ISO 27001 control execution, documentation, and operational readiness across a complex enterprise environment with multiple business systems, infrastructure platforms, and support teams
Conduct and oversee vulnerability scanning across servers, endpoints, network devices, externally exposed assets, and critical internal platforms; drive remediation to closure in coordination with infrastructure, network, desktop, ERP, and application owners
Manage logistics, remediation tracking, and validation activities for external penetration tests, internal security assessments, and targeted reviews of critical applications, remote access paths, and segmented networks
Administer and optimize core security tools including EDR, SIEM, vulnerability scanning, email security, and access control solutions within the enterprise architecture defined by the VP
Partner with infrastructure and network teams on firewall rule reviews, network segmentation, secure configuration baselines, site connectivity protections, and hardening of critical infrastructure supporting branches, warehouses, and shared services
Participate in security reviews for new technology initiatives, ERP changes, infrastructure upgrades, software development efforts, vendor onboarding, and significant system integrations; ensure security requirements are identified early and escalated when needed
Work with application development and ERP teams to improve secure development, vulnerability remediation, access controls, logging, and change management practices for internally managed and third-party platforms
Prepare security metrics, operational status reports, incident summaries, and risk trend reporting for the VP and broader IT leadership, with reporting that reflects operational realities across a large multi-site enterprise
Maintain day-to-day working relationships with security vendors, MSSPs, and assessment providers; track service quality, issue resolution, and operational follow-through, escalating strategic or commercial concerns to the VP
Support cyber insurance activities, security questionnaires, audits, and customer or partner assurance requests by coordinating documentation and responses across security, infrastructure, network, and business application teams
Collaborate with IT, legal, HR, operations, and business leaders on day-to-day security matters, balancing security requirements with uptime, branch support, order processing, distribution operations, and customer service priorities
Qualifications
Education & Experience
- Bachelor's degree in Cybersecurity, IT, or related field — or equivalent experience
Experience supporting cybersecurity operations in a large, distributed enterprise environment with multiple locations, diverse infrastructure, and broad IT stakeholder groups
Experience working across infrastructure, network, service desk, ERP, and application development teams to drive remediation and operational security improvements
Technical Skills
- EDR/MDR platforms — SentinelOne, CrowdStrike, Arctic Wolf, or similar
Identity and access management — Okta required; strong experience with SSO, MFA, RBAC, privileged access, and remote access controls
Strong network security fundamentals including segmentation, firewalls, site connectivity, and branch office security
Cloud and SaaS security basics — Microsoft 365, Azure, AWS, and common enterprise business applications
Experience securing or supporting complex business application environments such as ERP platforms, internally developed applications, e-commerce systems, and third-party hosted solutions
Certifications (Preferred)
- CISSP, CISM, Security+, or equivalent certification strongly preferred
- ISO 27001 Lead Implementer or Lead Auditor, PCI ISA, or CISA is a plus
Physical Demands & Work Environment
This position may require over 40 hours per week and includes regular physical activity such as:
- This position is primarily remote based with occasional travel to office locations as needed
- On-call availability may be required during security incidents or critical system events
- This is a full-time, exempt position; hours may vary based on operational needs
What We Offer:
We prioritize your well-being from day one with a comprehensive benefits package that includes:
- Medical, dental, vision, and prescription coverage effective immediately
- 401(k) plan with company contributions
- Life insurance and short- and long-term disability coverage
- HSA/FSA options and an Employee Assistance Program (EAP)
- Paid time off, including vacation, holidays, and personal days
- Weekly pay, employee discounts, and more
Equal Employment Opportunity & Pre-Employment Requirements
mSupply is an Equal Opportunity Employer. We make employment decisions without regard to sex, age, race, color, creed, religion, national origin, citizenship or immigration status, sexual orientation, gender identity or expression, disability, genetic information, marital status, veteran or military status, or any other status protected by applicable federal, state, or local law.
We are committed to providing reasonable accommodations for qualified individuals with disabilities and to applicants with sincerely held religious beliefs, in accordance with applicable law. To request a reasonable accommodation, please contact
[email protected].
Final offers of employment may be contingent upon completion of job-related pre-employment checks and screenings permitted by law for the position. For roles that require operation of a company vehicle, a Motor Vehicle Record (MVR) check may also be conducted to determine insurability. This employer participates in E-Verify to confirm employment eligibility in the United States. #mSupply