Information Security Specialist (RFPs and Vendor Assessments) At ORO Labs, we’re reshaping the future of procurement. Founded in California in 2020, we’re a fast-growing SaaS startup making procurement intuitive, integrated, and intelligent. Our platform supports Fortune 200 clients across North America and Europe, and we are now excited to be expanding our operations to serve leading enterprises across Australia. We help them streamline purchasing, mitigate supplier risk, and improve compliance—all while unlocking value from their existing tech investments. With teams across the U.S., Europe, and India, and now expanding into Australia, we thrive on collaboration, agility, and innovation. Overview: The Information Security Specialist will report to the CTO and work closely with the compliance team to support the organization’s security goals, primarily focusing on responding to RFPs, vendor assessments, and customer inquiries related to security practices. This role ensures the company’s security posture is clearly communicated in sales processes and annual vendor assessments. The Information Security Specialist will play a vital role in building customer trust by addressing security-related questions and maintaining transparency in security processes. Key Responsibilities: RFP and Vendor Assessment Management: Lead the response process for RFPs and vendor assessments, ensuring the company’s security posture aligns with customer expectations and requirements. Customer Engagement: Act as the primary point of contact for customer inquiries around security, explaining security processes and addressing customer concerns during the sales and assessment processes. Policy and Process-Driven Approach: Apply a policy-driven approach in all engagements, maintaining alignment with industry standards and best practices. Compliance Support: Collaborate with the compliance team to ensure adherence to security frameworks and regulatory requirements such as ISO 27001 and SOC 2. Audit Support: Assist in internal and external security audits, ensuring the organization meets compliance and security standards. Skills and Qualifications: Experience: 5+ years in information security, with direct experience managing RFPs and completing vendor security questionnaires. Technical Expertise: Knowledgeable in information security concepts, protocols, and compliance frameworks such as ISO 27001 and SOC 2. Communication Skills: Able to clearly articulate technical security information to non-technical stakeholders and customers. Project Management: Skilled in prioritizing and managing multiple projects simultaneously, ensuring timely and organized responses to RFPs and assessments. Attention to Detail: Strong attention to detail and commitment to accuracy in all security responses. Education: Bachelor’s degree in Information Security, Computer Science, or a related field preferred but not