Director Information Security - ASM / VM

OpenLoop was co-founded by CEO, Dr. Jon Lensing, and COO, Christian Williams, with the vision to bring healing anywhere. Our tele-health support solutions are thoughtfully designed to streamline and simplify go-to-market care delivery for companies offering meaningful virtual support to patients across an expansive array of specialties, in all 50 states.

We have a relatively flat organizational structure here at OpenLoop. Everyone is encouraged to bring ideas to the table and make things happen. This fits in well with our core values of Autonomy, Competence and Belonging, as we want everyone to feel empowered and supported to do their best work.

About the Role

OpenLoop is looking for a Director Information Security, ASM / VM to join our team remotely or at our HQ in Des Moines, IA.  In this role, you will be responsible for identifying, tracking and verifying the remediation of vulnerabilities, misconfigurations, and risks across internal and external applications and systems. This leader will possess both business and technical acumen with a strong understanding of the many different systems and applications across the company.  A diverse understanding of cybersecurity principles, enterprise systems, Artificial Intelligence (AI) applications, and business process dependencies is required.   

The ideal candidate will support both short- and long-term strategic initiatives outlined by cybersecurity and IT leadership, identifying and reducing attack surface vulnerabilities, fostering automation, innovation and operational efficiency.

What You'll Do:

• Lead the attack surface and vulnerability management of applications, endpoints, databases, networking, operating systems, mobile, third parties and cloud services.
• Liaise with IT and security leadership to manage internal- and external-facing systems to identify, track and remediate system and application vulnerabilities.
• Develop strategies to identify vulnerabilities and align applicable remediations.
• Manage vulnerability remediations, exploitation probability, and business risks.
• Cultivate relationships across all operational teams to support security goals
• Collaborate with IT, product, engineering, and cybersecurity leadership to develop practices and plans, to reduce potential attacks.
• Partner closely with various teams, supporting all remediation efforts 
• Support employees in managing emerging threats and practices to strong security
• Maintain an active asset inventory, including asset vulnerability state, remediation recommendations, across all business units.
• Define key performance indicators, objectives and key results, to illustrate efficacy with attack surface and vulnerability management.
• Embrace automation with asset inventory and vulnerability discovery reporting.
• Certify testing and validation of vulnerability remediation and controls.
• Communicate the state of vulnerability management to stakeholders, developers, IT and business leaders.
• Participate in vulnerability special interest groups and consortiums for knowledge and building relationships.
• Exhibit an above and beyond attitude and work ethic to support the business in response to security threats, providing timely support and action.
• Manage the bug bounty program to surface and address security risks
• Develop and execute an ASM/VM strategy, policies, standards, and procedures.
• Collaborate with internal and external threat intelligence sources, law enforcement, and government bodies (e.g., H-ISAC) to stay updated on evolving threats, risks, and TTPs (tactics, techniques, and procedures).
• Keep up to date on security knowledge and technology best practices
• Ensure regulatory compliance (e.g., PCI, HIPAA, HITRUST, NIST CSF) through effective security operations controls and processes.
• Other duties as assigned.

Who You Are

• Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field is preferred.
• 10-15 years of experience in Information Security, with at least 5 of those years focused on security operations, attack surface management, vulnerability management operations.
• Experienced with commercial and open source VMS solutions and processes.
• Applicable knowledge of adversary tactics, techniques and procedures (TTPs), MITRE ATT&ACK framework, CVSS, open source intelligence (OSINT) and deception techniques. 
• Strong understanding of cloud security environments and technologies (AWS, GCP, SaaS, IaaS, PaaS)
• Strong handle of cyber threat landscapes, attack vectors, and defensive tactics.
• Familiarity with regulatory frameworks (HIPAA, HITRUST, NIST CSF).
• Excellent leadership and communication skills with the ability to engage technical and non-technical stakeholders, including senior executives
• Ability to effectively collaborate and communicate with various teams
• Analytical and problem-solving abilities with a proactive, risk-based approach.
• Experience with handling a dynamic, challenging and fast-paced environment.
• Strong people acumen and relationship skills
• Excellent organizational and documentation skills.
• Experience in healthcare or digital health is a plus.

In addition, for salaried positions you would also be eligible for:

• Medical, Dental, and Vision plans
• Flexible Spending/Health Savings Accounts
• Flexible PTO
• 401(k) Company Match
• Life Insurance, Pet insurance, and more

Sound like a good fit? We’d love to meet you.