Senior Staff, Incident Response Manager

About the Role

OpenLoop is looking for a Senior Staff Incident Response Manager to join our team remotely -or- at its HQ in Des Moines, IA.  In this role, you will be dedicated to leading our organization's Security Incident Response strategy, with the effort to respond, recover and implement all procedures, in addition to guiding teams through any incident.  This role will act as the central / leading authority during an incident, managing efforts across IT, security, legal, engineering, and compliance teams.  The ideal team player will succeed in this role by demonstrating their ability to manage this critical responsibility and guide others — owning steps from end-to-end, setting technical direction, diving deep into investigations, and executing response actions hands-on across teams and stakeholders.

What You'll Do

• Provide leadership and strategy over OpenLoop’s incident response program, including but not limited to overseeing detection, containment, eradication, and recovery from breaches.
• Serve as the central authority and decision-maker during active security incidents, communicating and directing across all teams / stakeholders, such as IT, security operations, engineering, legal, compliance, etc.
• Act as the primary liaison with executive stakeholders during major incidents and engage external partners as needed (e.g., forensic firms, cyber insurance, law enforcement).
• Create correlation strategies to detect and alert on security events and incidents
• Oversee monitoring, triage, and analysis of security alerts to identify potential incidents.
• Direct threat analysis to determine scope, severity, root cause, and business impact, ensuring accurate classifications and prioritization of incidents based on risk and regulatory impact.
• Coordinate and direct rapid containment actions to minimize damage and data loss, including leading all recovery efforts to restore systems, validate security controls, and return to normal operations
• Oversee eradication of threats, vulnerabilities, and attacker persistence mechanisms
• Manage all communication, internal and external including executive briefings.
• Define, maintain, and continuously improve incident response policies, playbooks, and procedures, ensuring timely and accurate documentation of incident timelines, actions, and outcomes.
• Support regulatory notifications and customer communications when required
• Lead post-incident reviews, root cause analyses, and lessons-learned sessions
• Drive remediation plans and long-term security improvements, supporting the growth of the organization, and evolving policies and procedures as the organization and its teams mature.
• Track trends, metrics, and key performance indicators to improve incident response maturity
• Support hiring, development, and readiness of incident response teams as the function scales
• Conduct tabletop exercises, simulations, and readiness testing
• Ensure on-call coverage, escalation paths, and incident response readiness
• Partner with Information Security Executive Leadership, to prepare and deliver executive-level and Board-level incident reports, translating technical findings into business, legal, and reputational risk terms.
• Ensure incident response processes meet regulatory, contractual, and audit requirements
• Maintain evidence handling, chain of custody, and forensic integrity standards
• Contribute to enterprise risk management and security governance initiatives
• Other duties as assigned.

Who You Are:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or Information Technology, or a related field.
• 10+ years (no more than 15 years) of extensive hands-on experience leading end-to-end cybersecurity incident response, including investigation, containment, eradication, and recovery in regulated environments.
• Strong understanding of healthcare security and privacy requirements (e.g., HIPAA, HITECH), with experience assessing and responding to incidents involving sensitive health data.
• Understanding of security frameworks and accreditation requirements such as NIST CSF, SOC2, FedRAMP, etc.
• Extensive years of working experience using frameworks such as NIST 800-61, SANS 504-B, or ISO/IEC 27035 to guide the response lifecycle.
• Demonstrated leadership experience operating autonomously as the sole or primary incident responder, making sound technical and risk-based decisions with minimal oversight.
• Proven ability to apply lean methodologies in alignment with IS best practices within a fast-moving / startup organization.
• Hands-on technical proficiency with cloud platforms, SaaS environments, SIEM, EDR, and log analysis tools commonly used in modern healthcare tech stacks.
• Proven experience communicating incident status, business impact, and regulatory considerations clearly to executive leadership and Board-level stakeholders.
• Strong documentation, evidence handling, and post-incident review skills, with a focus on compliance, audit readiness, and continuous improvement.
• Lead and be responsible for the creation, and evolution of OLH incident response processes, playbooks, and tooling, at times in environments with limited resources and developing security functions.

In addition, for salaried positions you would also be eligible for:

• Medical, Dental, and Vision plans
• Flexible Spending/Health Savings Accounts
• Flexible PTO
• 401(k) + Company Match
• Life Insurance, Pet insurance, and more