Director, Information Security – ASM / VM

4 hours ago

Apply Now

Receive Emails with Similar Jobs

OpenLoop

WebsiteLinkedInAll Job Openings

Healthcare Insurance • Telecommunications • SaaS

OpenLoop is a company dedicated to supporting and enhancing telehealth services. They offer comprehensive solutions designed to streamline virtual care delivery, including provider staffing, a technology platform, payer coverage, licensing, credentialing, and practice management. OpenLoop's services cater to both early-stage and established telehealth providers, as well as brick-and-mortar clinics looking to expand into telehealth. They have a vast network of clinicians, extensive insurance plan coverage, and operate across all 50 states, supporting a wide range of specialties and languages. Their offerings include white-label solutions and custom integrations to improve telehealth implementation and delivery.

51 - 200 employees

⚕️ Healthcare Insurance

📡 Telecommunications

☁️ SaaS

📋 Description

• Lead the attack surface and vulnerability management of applications, endpoints, databases, networking, operating systems, mobile, third parties and cloud services. • Liaise with IT and security leadership to manage internal- and external-facing systems to identify, track and remediate system and application vulnerabilities. • Develop strategies to identify vulnerabilities and align applicable remediations. • Manage vulnerability remediations, exploitation probability, and business risks. • Cultivate relationships across all operational teams to support security goals • Collaborate with IT, product, engineering, and cybersecurity leadership to develop practices and plans, to reduce potential attacks. • Partner closely with various teams, supporting all remediation efforts • Support employees in managing emerging threats and practices to strong security • Maintain an active asset inventory, including asset vulnerability state, remediation recommendations, across all business units. • Define key performance indicators, objectives and key results, to illustrate efficacy with attack surface and vulnerability management. • Embrace automation with asset inventory and vulnerability discovery reporting. • Certify testing and validation of vulnerability remediation and controls. • Communicate the state of vulnerability management to stakeholders, developers, IT and business leaders. • Participate in vulnerability special interest groups and consortiums for knowledge and building relationships. • Exhibit an above and beyond attitude and work ethic to support the business in response to security threats, providing timely support and action. • Manage the bug bounty program to surface and address security risks • Develop and execute an ASM/VM strategy, policies, standards, and procedures. • Collaborate with internal and external threat intelligence sources, law enforcement, and government bodies (e.g., H-ISAC) to stay updated on evolving threats, risks, and TTPs (tactics, techniques, and procedures). • Keep up to date on security knowledge and technology best practices • Ensure regulatory compliance (e.g., PCI, HIPAA, HITRUST, NIST CSF) through effective security operations controls and processes. • Other duties as assigned.

🎯 Requirements

• Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field is preferred. • 10-15 years of experience in Information Security, with at least 5 of those years focused on security operations, attack surface management, vulnerability management operations. • Experienced with commercial and open source VMS solutions and processes. • Applicable knowledge of adversary tactics, techniques and procedures (TTPs), MITRE ATT&ACK framework, CVSS, open source intelligence (OSINT) and deception techniques. • Strong understanding of cloud security environments and technologies (AWS, GCP, SaaS, IaaS, PaaS) • Strong handle of cyber threat landscapes, attack vectors, and defensive tactics. • Familiarity with regulatory frameworks (HIPAA, HITRUST, NIST CSF). • Excellent leadership and communication skills with the ability to engage technical and non-technical stakeholders, including senior executives • Ability to effectively collaborate and communicate with various teams • Analytical and problem-solving abilities with a proactive, risk-based approach. • Experience with handling a dynamic, challenging and fast-paced environment. • Strong people acumen and relationship skills • Excellent organizational and documentation skills. • Experience in healthcare or digital health is a plus.

🏖️ Benefits

• Medical, Dental, and Vision plans • Flexible Spending/Health Savings Accounts • Flexible PTO • 401(k) + Company Match • Life Insurance, Pet insurance, and more