Company Profile:

Established in 2020 and headquartered in California, ORO Labs is a SaaS based procurement startup that

makes procurement easy and efficient for all employees. We dramatically improve traditional

procurement operations by taming the chaotic enterprise spending on business-critical purchases and

supplier engagements. We have worked on a streamlined workflow which manages critical tasks like

procurement, supplier fraud prevention, invoicing, and more. Our solution helps a number of Fortune

200 companies meet their business goals. We have a global team based across the US, Europe and India

Overview:

The Information Security Specialist will report to the CTO and work closely with the compliance team to support the organization’s security goals, primarily focusing on responding to RFPs, vendor assessments, and customer inquiries related to security practices.

This role ensures the company’s security posture is clearly communicated in sales processes and annual vendor assessments.

The Information Security Specialist will play a vital role in building customer trust by addressing security-related questions and maintaining transparency in security processes.

Key Responsibilities:

• RFP and Vendor Assessment Management: Lead the response process for RFPs and vendor assessments, ensuring the company’s security posture aligns with customer expectations and requirements.
• Customer Engagement: Act as the primary point of contact for customer inquiries around security, explaining security processes and addressing customer concerns during the sales and assessment processes.
• Policy and Process-Driven Approach: Apply a policy-driven approach in all engagements, maintaining alignment with industry standards and best practices.
• Compliance Support: Collaborate with the compliance team to ensure adherence to security frameworks and regulatory requirements such as ISO 27001 and SOC 2.
• Audit Support: Assist in internal and external security audits, ensuring the organization meets compliance and security standards.

Skills and Qualifications:

• Experience: 5+ years in information security, with direct experience managing RFPs and completing vendor security questionnaires.
• Technical Expertise: Knowledgeable in information security concepts, protocols, and compliance frameworks such as ISO 27001 and SOC 2.
• Communication Skills: Able to clearly articulate technical security information to non-technical stakeholders and customers.
• Project Management: Skilled in prioritizing and managing multiple projects simultaneously, ensuring timely and organized responses to RFPs and assessments.
• Attention to Detail: Strong attention to detail and commitment to accuracy in all security responses.

Education:

Bachelor’s degree in Information Security, Computer Science, or a related field preferred but not required.