Lead Security Analyst

Order.co is a guided B2B marketplace with a mission to simplify buying for businesses. Order.co makes it easy for businesses to place and track purchases across all their vendors control spend and make payments in a single consolidated bill. Tailored insights and purchasing recommendations fuel smarter spending decisions so businesses can easily save time and money on what they need to grow.

Founded in 2016 and headquartered in New York City Order.co oversees nearly half a billion in annualized spend across hundreds of customers like WeWork SoulCycle Lume and High-Level Health. Order.co has raised $50M in funding from industry-leading investors like MIT Stage 2 Capital Rally Ventures 645 Ventures and more. Order.co has been proudly named a 50 to Watch by Spend Matters and a Best Place to Work by BuiltIn and Inc. Magazine.

As the Lead Security Analyst at Order.co you'll guide our organization’s information security strategy and protect our systems networks and data from evolving threats. This role is responsible for continuously improving our security program implementing and maintaining compliance frameworks assessing and reducing risk and supporting business objectives. The ideal candidate will be collaborative pragmatic and able to effectively balance business and security needs.

• Contribute to and execute the organization’s information security strategy and roadmap
• Lead the information security steering committee fostering a culture of security awareness
• Collaborate with leadership to align security initiatives with business goals

• Identify assess and mitigate cybersecurity risks
• Ensure compliance with relevant standards and regulations (SOC 2)
• Lead the implementation of additional compliance frameworks (ISO 27001 GDPR CCPA)
• Conduct regular security audits risk assessments and gap analyses

• Oversee monitoring detection and response to security incidents
• Manage vulnerability assessments penetration testing and remediation efforts
• Ensure secure configuration and operation of IT systems and infrastructure

• Develop implement and enforce security policies procedures and standards
• Maintain incident response disaster recovery and business continuity plans
• Establish and track security metrics and KPIs

• Serve as the subject matter expert on cybersecurity threats technologies and best practices
• Lead the design and implementation of advanced security solutions and architectures
• Provide strategic guidance on security initiatives aligned with business objectives

• Partner with IT engineering legal and sales teams
• Communicate risks and security posture to executive leadership
• Manage relationships with external vendors and security partners

• 5+ years of experience in information security or cybersecurity
• Strong knowledge of security frameworks (SOC 2 ISO 27001 CIS NIST etc.)
• Experience with security tools (SIEM IDS/IPS EDR vulnerability scanners)
• Relevant certifications (CISSP CISM CISA or equivalent)
• Experience with framework management tools (Vanta Drata etc.)

• Strong leadership and influence
• Risk assessment and decision-making
• Incident response and crisis management
• Excellent communication and stakeholder engagement
• Analytical thinking and problem-solving

• A competitive compensation package including base as well as stock options
• Employer-sponsored 401(k) including an employer match
• The opportunity to develop and perform in a fast-paced environment alongside a stellar team
• Flexible time off and remote work policies
• Robust medical dental vision and wellness benefits
• Generous leave policies and support for new and current parents
• The anticipated annual salary range for this role is $140000-$180000. Actual compensation and title will be commensurate with experience qualifications knowledge and skills.

What We Do

Our strength has always been our unique edge: transforming how businesses connect with vendors through our marketplace. We're not just improving workflows - we're redefining how procurement operations accounting and payments come together to drive efficiency and innovation. Every step - requisition approval payment and reconciliation - is curated and automated to make purchasing across all your vendors locations and teams as easy as purchasing for your personal lives. Founded in 2016 and headquartered in New York City Order.co oversees nearly half a billion dollars in annualized spend across hundreds of customers like WeWork SoulCycle and Lume. Order.co has raised $70M+ in funding from industry-leading investors like MIT Stage 2 Capital Rally Ventures 645 Ventures and more. Order.co has been proudly named as a 50 to Watch by Spend Matters and a Best Place to Work by BuiltIn and Inc. Magazine.

Why Work With Us

With our core values as our North star Order.co and its team work tirelessly to foster an inclusive psychologically safe environment where team members are empowered to do their best work. We pride ourselves on solving hard problems in order with humility and most importantly together.

Gallery