Sr. Director, Business Resilience & Third-Party Risk

About OpenLoop

OpenLoop was co-founded by CEO, Dr. Jon Lensing, and COO, Christian Williams, with the vision to bring care anywhere. Our telehealth support solutions are thoughtfully designed to streamline and simplify go-to-market care delivery for companies offering meaningful virtual support to patients across an expansive array of specialties, in all 50 states.

About the Role

OpenLoop's mission is to bring care anywhere by powering telehealth solutions at scale. The Security Governance, Risk, and Compliance (GRC) team builds the guardrails that let OpenLoop move fast while managing risk — enterprise risk management, security compliance, third-party risk, business resilience, AI governance, and security program management. We are hiring a Sr. Director of Business Resilience & Third-Party Risk to serve as a senior leader within the GRC organization, reporting to the VP, Security Governance, Risk, and Compliance (GRC). This role owns two mission-critical programs — business resilience and third-party risk management — and carries broader leadership responsibility across the security GRC portfolio.

You'll Do:

• Build and own OLH’s resilience program from the ground up such as BIA, critical service mapping, crisis playbooks, tabletop exercises, recovery testing, and resilience metrics.

• Build and own the third-party risk management program — designing the multi-domain tiering model, managing concentration and fourth-party risk

• Work cross-functionally with the CTO, EVP of Engineering, and senior technology leadership to ensure uptime commitments are met

• Partner with IT and Engineering to evaluate, implement, and validate resilience and backup technologies — ensuring recovery capabilities are engineered into the platform, not bolted on.

• Lead SaaS governance in partnership with IT, Security, and Engineering — establishing intake controls, usage visibility, and lifecycle management for SaaS applications across the enterprise.

• Partner with IAM on vendor identity governance — ensuring vendor identities, privileged access, and identity lifecycles are managed, reviewed, and terminated appropriately.

• Manage data security and data lifecycle requirements with third parties, ensuring vendors handling OpenLoop data meet access control standards.

• Negotiate and advise on contract security, privacy, and continuity requirements in partnership with Legal and Procurement.

• Serve as a strategic leader beyond your direct programs — contributing working knowledge and executive judgment across Data & AI Governance, Enterprise Risk, Security GRC, and Identity Governance initiatives.

• Present regularly to executive leadership and support board-level reporting on resilience readiness, third-party risk posture, and broader GRC health.

• Plan, facilitate, and run executive-level tabletop exercises and crisis simulations that test organizational readiness towards strong improvements.

• Contribute to GRC strategic planning, OKR development, cross-program integration, and organizational design as a senior member of the GRC leadership team.

• Other duties as assigned.

Who You Are

Required:

• 10+ years experience building programs at scale within information security, risk management, or operational resilience

• Strong knowledge of vendor risk, including concentration risk, SaaS governance, security, and identity governance.

• Ability to partner cross-functionally with senior technology leaders on uptime, resilience architecture, and RTO/RPO validation.

• Working knowledge of broader security GRC domains, including enterprise risk, compliance, and data/AI governance.

• Experience in regulated industries (e.g., healthcare, fintech) with frameworks such as SOC 2, HITRUST, and HIPAA.

• Executive communication skills with experience presenting to boards, C-suite, regulators, and auditors.

• Demonstrated success operating in fast-paced, high-autonomy environments and influencing cross-functional stakeholders without direct authority.

Preferred Qualifications

• Former CISO, Deputy CISO, or VP-level security leadership experience.

• CBCP, CBCI, CISSP, CRISC, or equivalent certifications.

• Experience with IPO readiness

• Familiarity with DORA, FFIEC, or other operational resilience

• Experience with GRC and TPRM platforms (Vanta preferred)

Our Benefits

• Medical, Dental, and Vision plans

• Flexible Spending/Health Savings Accounts

• Flexible PTO

• 401(k) + Company Match

• Life Insurance, Pet insurance, and more

Our Company

We have a relatively flat organizational structure here at OpenLoop. Everyone is encouraged to bring ideas to the table and make things happen. This fits in well with our core values of Autonomy, Competence and Belonging, as we want everyone to feel empowered and supported to do their best work.

Sound like a good fit? We’d love to meet you.