Lead Security Analyst

Order.co is a guided B2B marketplace with a mission to simplify buying for businesses. Order.co makes it easy for businesses to place and track purchases across all their vendors, control spend, and make payments in a single, consolidated bill. Tailored insights and purchasing recommendations fuel smarter spending decisions so businesses can easily save time and money on what they need to grow.

Founded in 2016 and headquartered in New York City, Order.co oversees nearly half a billion in annualized spend across hundreds of customers like WeWork, SoulCycle, Lume, and High-Level Health. Order.co has raised $50M in funding from industry-leading investors like MIT, Stage 2 Capital, Rally Ventures, 645 Ventures, and more. Order.co has been proudly named a 50 to Watch by Spend Matters and a Best Place to Work by BuiltIn and Inc. Magazine.

### Job Description

As the Lead Security Analyst at Order.co, you'll guide our organization’s information security strategy and protect our systems, networks, and data from evolving threats. This role is responsible for continuously improving our security program, implementing and maintaining compliance frameworks, assessing and reducing risk, and supporting business objectives. The ideal candidate will be collaborative, pragmatic and able to effectively balance business and security needs.

### Role Expectations

#### Security Strategy & Leadership

• Contribute to and execute the organization’s information security strategy and roadmap
• Lead the information security steering committee, fostering a culture of security awareness
• Collaborate with leadership to align security initiatives with business goals

#### Risk Management & Compliance

• Identify, assess, and mitigate cybersecurity risks
• Ensure compliance with relevant standards and regulations (SOC 2)
• Lead the implementation of additional compliance frameworks (ISO 27001, GDPR, CCPA)
• Conduct regular security audits, risk assessments, and gap analyses

#### Security Operations

• Oversee monitoring, detection, and response to security incidents
• Manage vulnerability assessments, penetration testing, and remediation efforts
• Ensure secure configuration and operation of IT systems and infrastructure

#### Policy & Governance

• Develop, implement, and enforce security policies, procedures, and standards
• Maintain incident response, disaster recovery, and business continuity plans
• Establish and track security metrics and KPIs

#### Technical Leadership

• Serve as the subject matter expert on cybersecurity threats, technologies, and best practices
• Lead the design and implementation of advanced security solutions and architectures
• Provide strategic guidance on security initiatives aligned with business objectives

#### Stakeholder Collaboration

• Partner with IT, engineering, legal, and sales teams
• Communicate risks and security posture to executive leadership
• Manage relationships with external vendors and security partners

### Required Qualifications

• 5+ years of experience in information security or cybersecurity
• Strong knowledge of security frameworks (SOC 2, ISO 27001, CIS, NIST, etc.)
• Experience with security tools (SIEM, IDS/IPS, EDR, vulnerability scanners)
• Relevant certifications (CISSP, CISM, CISA, or equivalent)
• Experience with framework management tools (Vanta, Drata, etc.)

### Key Skills

• Strong leadership and influence
• Risk assessment and decision-making
• Incident response and crisis management
• Excellent communication and stakeholder engagement
• Analytical thinking and problem-solving

### What You’ll Receive

• A competitive compensation package including base as well as stock options
• Employer-sponsored 401(k) including an employer match
• The opportunity to develop and perform in a fast-paced environment alongside a stellar team
• Flexible time off and remote work policies
• Robust medical, dental, vision, and wellness benefits
• Generous leave policies and support for new and current parents
• The anticipated annual salary range for this role is $140,000-$180,000. Actual compensation and title will be commensurate with experience, qualifications, knowledge, and skills.