Key skills
CAIIAMSaaSLeadershipRisk ManagementStrategic PlanningCommunication
About this role
Role Overview
- Build and own OLH’s resilience program from the ground up such as BIA, critical service mapping, crisis playbooks, tabletop exercises, recovery testing, and resilience metrics.
- Build and own the third-party risk management program — designing the multi-domain tiering model, managing concentration and fourth-party risk
- Work cross-functionally with the CTO, EVP of Engineering, and senior technology leadership to ensure uptime commitments are met
- Partner with IT and Engineering to evaluate, implement, and validate resilience and backup technologies — ensuring recovery capabilities are engineered into the platform, not bolted on.
- Lead SaaS governance in partnership with IT, Security, and Engineering — establishing intake controls, usage visibility, and lifecycle management for SaaS applications across the enterprise.
- Partner with IAM on vendor identity governance — ensuring vendor identities, privileged access, and identity lifecycles are managed, reviewed, and terminated appropriately.
- Manage data security and data lifecycle requirements with third parties, ensuring vendors handling OpenLoop data meet access control standards.
- Negotiate and advise on contract security, privacy, and continuity requirements in partnership with Legal and Procurement.
- Serve as a strategic leader beyond your direct programs — contributing working knowledge and executive judgment across Data & AI Governance, Enterprise Risk, Security GRC, and Identity Governance initiatives.
- Present regularly to executive leadership and support board-level reporting on resilience readiness, third-party risk posture, and broader GRC health.
- Plan, facilitate, and run executive-level tabletop exercises and crisis simulations that test organizational readiness towards strong improvements.
- Contribute to GRC strategic planning, OKR development, cross-program integration, and organizational design as a senior member of the GRC leadership team.
- Other duties as assigned.
Requirements
- 10+ years experience building programs at scale within information security, risk management, or operational resilience
- Strong knowledge of vendor risk, including concentration risk, SaaS governance, security, and identity governance.
- Ability to partner cross-functionally with senior technology leaders on uptime, resilience architecture, and RTO/RPO validation.
- Working knowledge of broader security GRC domains, including enterprise risk, compliance, and data/AI governance.
- Experience in regulated industries (e.g., healthcare, fintech) with frameworks such as SOC 2, HITRUST, and HIPAA.
- Executive communication skills with experience presenting to boards, C-suite, regulators, and auditors.
- Demonstrated success operating in fast-paced, high-autonomy environments and influencing cross-functional stakeholders without direct authority.
- Former CISO, Deputy CISO, or VP-level security leadership experience (preferred).
- CBCP, CBCI, CISSP, CRISC, or equivalent certifications (preferred).
- Experience with IPO readiness (preferred).
- Familiarity with DORA, FFIEC, or other operational resilience (preferred).
Benefits
- Medical, Dental, and Vision plans
- Flexible Spending/Health Savings Accounts
- Flexible PTO
- 401(k) + Company Match
- Life Insurance, Pet insurance, and more