About the Role

OpenLoop is looking for a Head of Security Operations to join our team remotely or at HQ in Des Moines, IA. In this role, you will be responsible for leading and overseeing all aspects of the Security Operations Center (SOC) and ensuring the effective detection, response, and mitigation of cyber threats. This role also oversees the company’s Attack Surface Management (ASM) program to proactively reduce exposure and safeguard critical assets and data across our internal and customer-facing platforms as well as third-party and SaaS technologies. This role is responsible for developing and implementing a comprehensive SecOps strategy that safeguards our platform, data, systems, and clients—ensuring compliance with HIPAA, HITRUST, and other healthcare regulations.

What You’ll Do

• Lead and manage the Security Operations Center (SOC) (internal and/or external MSSP), ensuring 24/7 security monitoring, incident detection, response, and escalation processes.
• Develop and execute the security operations strategy, policies, and response playbooks, to include integrated third-party response and notification procedures.
• Oversee real-time monitoring and analysis of security events from multiple data sources to detect and respond to threats.
• Lead all aspects of incident response, including investigation, containment, remediation, and root cause analysis.
• Develop and execute a cyber intelligence program to deliver an intelligence-driven and risk-prioritized security program (awareness/technologies/controls) and identification of key risks to the business.
• Lead and enhance the Attack Surface Management (ASM) program to continuously identify, assess, and minimize external and internal exposures.
• Establish and maintain ASM governance, policies, standards, and procedures.
• Ensure the regular scanning, assessment, prioritization, and remediation of security vulnerabilities across the environment (application, infrastructure, cloud, API, etc.).
• Collaborate with external threat intelligence sources, law enforcement, and government/industry organizations (e.g., FS-ISAC) to stay updated on evolving threats, vulnerabilities, and TTPs (tactics, techniques, and procedures).
• Develop and maintain metrics, dashboards, and reports on SOC performance, attack surface exposure, and vulnerability management outcomes for senior leadership and the board.
• Ensure regulatory compliance (e.g., PCI, HIPAA, HITRUST, NIST CSF) through effective security operations controls and processes.
• Conduct security drills, tabletop exercises, and red/blue team assessments to test and improve operational readiness.
• Manage, in coordination with Security Architecture & Engineering, the security technology stack, including SIEM, SOAR, ASM tools, IDS/IPS, EDR, DLP, and vulnerability scanning platforms.
• Lead the SecOps team, including outsourced/contract support resources, fostering continuous growth, cross-training, and process optimization.
• Other duties as assigned.

Who You Are

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field is preferred.
• 8+ years of experience in Information Security, with at least 5 years focused on Security Operations and Vulnerability Management.
• 3+ years of leadership or management experience in Security Operations.
• Strong experience in healthcare or digital health is preferred.
• Experience working in a high growth company is required.
• Applicable certifications a plus (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH)).
• Deep expertise in security operations, cyber intelligence, threat detection, incident response, attack surface management, and vulnerability management.
• Strong understanding of cyber threat landscape, attack vectors, security technologies, and defensive tactics.
• Familiarity with regulatory frameworks (HIPAA, HITRUST, NIST CSF).
• Excellent leadership and communication skills with the ability to engage technical and non-technical stakeholders, including senior executives and the board.
• Excellent organizational and documentation skills.
• Ability to effectively collaborate and communicate with business partners, customers, third parties, and regulatory agencies.
• Analytical and problem-solving abilities with a proactive, risk-based approach.
• Strategic thinking and the ability to align security risks and initiatives with business objectives.
• Detail-oriented with a strong focus on operational excellence and regulatory compliance.
• Strong customer service orientation.
• Adaptability to handle dynamic and challenging environments.
• Energetic, resourceful, and appropriate work intensity to get the work done.
• Strong people acumen and relationship skills.