Sr. Director, Business Resilience & Third-Party Risk

About The Position

Requirements

• 10+ years experience building programs at scale within information security, risk management, or operational resilience
• Strong knowledge of vendor risk, including concentration risk, SaaS governance, security, and identity governance.
• Ability to partner cross-functionally with senior technology leaders on uptime, resilience architecture, and RTO/RPO validation.
• Working knowledge of broader security GRC domains, including enterprise risk, compliance, and data/AI governance.
• Experience in regulated industries (e.g., healthcare, fintech) with frameworks such as SOC 2, HITRUST, and HIPAA.
• Executive communication skills with experience presenting to boards, C-suite, regulators, and auditors.
• Demonstrated success operating in fast-paced, high-autonomy environments and influencing cross-functional stakeholders without direct authority.

Nice To Haves

• Former CISO, Deputy CISO, or VP-level security leadership experience.
• CBCP, CBCI, CISSP, CRISC, or equivalent certifications.
• Experience with IPO readiness
• Familiarity with DORA, FFIEC, or other operational resilience
• Experience with GRC and TPRM platforms (Vanta preferred)

Responsibilities

• Build and own OLH’s resilience program from the ground up such as BIA, critical service mapping, crisis playbooks, tabletop exercises, recovery testing, and resilience metrics.
• Build and own the third-party risk management program — designing the multi-domain tiering model, managing concentration and fourth-party risk
• Work cross-functionally with the CTO, EVP of Engineering, and senior technology leadership to ensure uptime commitments are met
• Partner with IT and Engineering to evaluate, implement, and validate resilience and backup technologies — ensuring recovery capabilities are engineered into the platform, not bolted on.
• Lead SaaS governance in partnership with IT, Security, and Engineering — establishing intake controls, usage visibility, and lifecycle management for SaaS applications across the enterprise.
• Partner with IAM on vendor identity governance — ensuring vendor identities, privileged access, and identity lifecycles are managed, reviewed, and terminated appropriately.
• Manage data security and data lifecycle requirements with third parties, ensuring vendors handling OpenLoop data meet access control standards.
• Negotiate and advise on contract security, privacy, and continuity requirements in partnership with Legal and Procurement.
• Serve as a strategic leader beyond your direct programs — contributing working knowledge and executive judgment across Data & AI Governance, Enterprise Risk, Security GRC, and Identity Governance initiatives.
• Present regularly to executive leadership and support board-level reporting on resilience readiness, third-party risk posture, and broader GRC health.
• Plan, facilitate, and run executive-level tabletop exercises and crisis simulations that test organizational readiness towards strong improvements.
• Contribute to GRC strategic planning, OKR development, cross-program integration, and organizational design as a senior member of the GRC leadership team.
• Other duties as assigned.

Benefits

• Medical, Dental, and Vision plans
• Flexible Spending/Health Savings Accounts
• Flexible PTO
• 401(k) + Company Match
• Life Insurance, Pet insurance, and more