Director Information Security
Oro Labs
Company Overview:
ORO Labs is a well-funded B2B startup founded by industry veterans. Our SaaS solution is an AI-based procurement orchestration platform that’s dramatically improving business processes for employees, purchasing personnel, and suppliers, and it’s gaining rapid traction among global multi-nationals. ORO’s smart procurement workflows help organizations increase business agility and transparency, shortening cycle times while seamlessly increasing accuracy and compliance for the enterprise
Role Overview:
The Director - Infosec is a senior leadership role responsible for developing, implementing, and overseeing the overall information security strategy to protect ORO’s data, systems, and technology infrastructure from cyber threats and security risks.
This role will report to the CTO and work closely with the compliance team to support the organization’s security goals, primarily focusing on responding to RFPs, vendor assessments, and customer inquiries related to security practices.
This person will play a vital role in building customer trust by addressing security-related questions and maintaining transparency in security processes.
Key Responsibilities:
- Develop, implement, and enforce information security policies, procedures, and standards aligned with business goals and regulatory requirements
- RFP and Vendor Assessment Management: Lead the response process for RFPs and vendor assessments, ensuring the company’s security posture aligns with customer expectations and requirements
- Lead and manage the organization’s information security program to safeguard confidentiality, integrity, and availability of information assets
- Customer Engagement: Act as the primary point of contact for customer inquiries around security, explaining security processes and addressing customer concerns during the sales and assessment processes
- Collaborate with leadership, IT, legal, compliance, and business units to communicate security risks and influence decision-making
- Apply a policy-driven approach in all engagements, maintaining alignment with industry standards and best practices.
- Collaborate with the compliance team to ensure adherence to security frameworks and regulatory requirements such as ISO 27001 and SOC 2.
- Assist in internal and external security audits, ensuring the organization meets compliance and security standards
- Stay abreast of the latest cybersecurity technologies, and regulatory changes to adapt the security strategy proactively
Skills and Qualifications:
- Experience: At least 14+ years of progressive experience in information security roles, including leadership positions.
- Technical Expertise: Knowledgeable in information security concepts, protocols, and compliance frameworks such as ISO 27001 and SOC 2.
- Excellent communication and stakeholder management skills, capable of influencing executive decision-making
- Experience in risk management, security operations, incident response, and vulnerability management
- Deep knowledge of cybersecurity frameworks, standards, and regulatory requirements.
- Project Management: Skilled in prioritizing and managing multiple projects simultaneously, ensuring timely and organized responses to RFPs and assessments.
- Attention to Detail: Strong attention to detail and commitment to accuracy in all security responses.
Education:
Bachelor’s degree in Information Security, Computer Science, or a related field preferred but not required.