The Role Akoya is seeking a seasoned, hands-on Head of Risk & Security to lead and mature our cybersecurity, risk management, and IT governance functions as we scale our secure, API-driven open finance network. This leader will serve as the operational backbone of Akoya’s security and risk programs — translating strategy into execution. You will lead and develop a team across security engineering, cyber operations, risk, compliance, and IT, while partnering closely with Engineering, Product, Legal, Customer Success, and Business Development. This role is ideal for a builder — someone who has scaled capabilities in security and risk functions in startup or fintech environments and understands the unique demands of serving both: - Financial Institutions (Data Providers) with rigorous regulatory and third-party risk requirements - Fintechs and Data Recipients operating in agile, API-first ecosystems You will play a critical role in protecting Akoya’s Data Access Network and Open Finance Solution while strengthening trust across our ecosystem of financial institutions and fintech partners. Key Responsibilities Risk Management - Mature and execute Akoya’s enterprise risk management (ERM) framework. - Develop and track key risk indicators (KRIs) aligned with business OKRs. - Lead third-party risk management across fintech partners, vendors, and service providers. - Conduct product risk assessments across new open finance capabilities. - Support regulatory readiness related to CFPB Section 1033 and evolving open banking requirements. Security & Cyber Operations Leadership - Lead day-to-day execution of Akoya’s cybersecurity program across product, infrastructure, and corporate environments. - Operationalize secure-by-design principles across SDLC in partnership with Engineering. - Oversee vulnerability management, penetration testing, red teaming, and incident response. - Drive continuous improvement of zero-trust cloud architectures (AWS-centric). - Enhance monitoring, automation, and threat intelligence capabilities. Compliance & Regulatory Alignment - Own operational execution of SOC 2 Type II and other certifications. - Ensure alignment with NIST, ISO 27001/27002, GLBA, SOX, PCI (as applicable). - Partner closely with Legal and Product on regulatory interpretation and implementation. - Respond to due diligence inquiries from financial institutions, fintechs, investors, and regulators. IT Governance & Internal Controls - Oversee corporate IT governance in partnership with the IT Systems Administrator (end-user security, device management, identity, remote access). - Ensure strong IAM, endpoint protection, DLP, encryption, and secure collaboration tooling. - Align IT and Security controls with remote-first operating model. Team Leadership & Organizational Development - Lead and mentor security engineers, risk analysts, and IT personnel. - Build scalable team structure aligned with growth in API volume and institutional adoption. - Foster a strong security culture where accountability and transparency are embedded across functions. - Act as a senior advisor to ELT. Ecosystem Trust & External Engagement - Interface directly with security and risk leaders at major financial institutions and fintech clients. - Support sales and customer conversations requiring deep technical credibility. - Represent Akoya in industry forums and working groups (e.g., FDX-aligned initiatives). Qualifications Not all applicants will have skills that match a job description exactly. Akoya values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or has not followed a traditional path, do not let that stop you from considering Akoya. We are always looking for people who will bring something new to the table! Required Experience/skills - 12+ years in enterprise risk, cybersecurity, or information security. - 5+ years leading risk/security teams in fintech, SaaS, or regulated environments. - Experience building or scaling security programs in startup or high-growth organizations. - Deep cloud security expertise (AWS required; multi-cloud a plus). - Strong hands-on knowledge of: - Zero-trust architecture - Secure SDLC - Threat modeling - Vulnerability management - Incident response - Demonstrated ownership of SOC 2 and regulatory audits. - Experience working with both: - Regulated financial institutions (bank-side risk expectations) - Fintechs or API-based SaaS platforms (data recipient expectations) Preferred Experience/skills - Experience in open banking / open finance ecosystems. - Familiarity with FDX standards and OAuth/OIDC-based authentication models. - Certifications such as CISSP, CISM, CRISC, or equivalent. - Experience briefing executives or board-level stakeholders. Akoya is an equal-opportunity employer. This remote position is only available to individuals living in the greater Boston, MA, New York City, NY and Raleigh, NC areas. Candidates who do not live within these areas will not be considered for this role. The actual base pay offered may take into account the candidate's work location, relevant education, job-related knowledge, skills, and experience, among other factors. Hiring Range: $170,000—$210,000 USD

• Garantir a estabilidade da infraestrutura por meio de uma governança ágil e do controle rigoroso de incidentes via Incident.IO. • Monitorar o ciclo de vida dos incidentes no Incident.IO, garantindo que nenhum alerta seja negligenciado e que os SLAs sejam cumpridos; • Operar ferramentas de gestão de projetos para manter o cronograma de infraestrutura atualizado e transparente para os stakeholders; • Documentar post-mortems e lições aprendidas após incidentes críticos, construindo uma base de conhecimento resiliente; • Analisar dados operacionais e métricas de suporte para identificar padrões de falhas e propor melhorias preventivas; • Auditar o cumprimento dos processos de governança técnica, assegurando o rigoroso seguimento das normas e padrões da empresa.

• Establish, implement, and enforce technical governance frameworks, policies, and standards across IT systems, software delivery, and engineering processes. • Lead governance oversight for software development, testing, automation, DevSecOps, and security to ensure alignment with organizational and regulatory requirements. • Drive adoption of Team Managed Deployment (TMD) practices to enable efficient, secure, and high-quality software delivery across the enterprise. • Oversee automated policy enforcement and prescriptive remediation strategies to reduce maturity gaps and eliminate manual compliance bottlenecks. • Ensure consistent application of quality, security, and compliance controls across all systems and programs without reliance on manual intervention. • Partner with cross-functional teams to enable horizontal delivery, improve collaboration, and standardize engineering practices across multiple programs. • Define and monitor governance KPIs, ensuring continuous improvement in deployment speed, release quality, and compliance adherence. • Lead the design and implementation of automated performance metrics and reporting frameworks to support data-driven decision making. • Increase visibility and transparency across products, portfolios, and delivery pipelines in alignment with agency policies. • Establish feedback loops and governance mechanisms that continuously improve delivery, testing, and operational performance. • Provide leadership and direction to technical teams, ensuring accountability, consistency, and adherence to governance standards.

For more than 170 years, The Hanover has been committed to delivering on our promises and being there when it matters the most. We live our values every day, demonstrating we CARE through our values, Sustainability initiatives and inclusive corporate culture. Our Risk Solutions team is currently seeking a Senior Risk Solutions/Loss Control Consultant, preferably in the Southern Wisconsin region. This is a full-time, exempt role. Position is eligible for a fully remote arrangement. POSITION OVERVIEW: Conducts high level technical evaluations and loss analysis of more complex prospective or existing policyholders in a consultative manner. Identifies and analyzes exposures and controls. Delivers consultative and technical services to policyholders. Develops and delivers service strategies in collaboration with underwriting and agency partners to insureds. IN THIS ROLE, YOU WILL: - Conduct field surveys on prospect and existing policyholders and writes reports for underwriting. - Creates and delivers loss analysis. - Develop and deliver meaningful service solutions. - Create and follow up on essential recommendations. - Develop effective relationships with underwriting and agency partners that drives continual collaboration. - Participate in underwriting pipeline, new business, and renewal meetings to provide RS perspective regarding exposure and controls. - Takes initiative to enhance risk solutions / industry knowledge through participation in educational programs and training sessions. - Communicates ideas or positions in a persuasive manner that build support, agreement, and commitment. - Coach / mentor newer in career staff as appropriate. Key Measures of Success: - Quality of work product – both survey and service - Productivity - Timeliness - Partnership with underwriting and agency partners - Innovative ideas and implementation for quality and efficiency gains - Ability to demonstrate improvements in loss ratio, loss frequency, and loss severity, on assigned service accounts WHAT YOU NEED TO APPLY: - At least 5 years Risk Solutions/Loss Control field experience with a commercial lines national/regional insurance carrier. - B.S. degree preferred in a related field to include health and safety, science, engineering or equivalent. - Motivated self-starter with demonstrated initiative; ability to work independently with minimal direction. - Strong to exceptional communication skills, both verbal & written - Professional loss control certification preferred to include CSP, CFPS, CIH, PE, CPCU, ARM. - Strong to exceptional analytical & problem-solving skills. - Demonstrated project management skills. - Ability to work in a dynamic environment on multiple projects, tasks or assignments. - Results focused. Physical Demands and Work Environment: - Ability to use a personal computer and other standard office equipment. - Ability to work in a fast-paced environment. - Ability to travel as necessary. - Ability to sit and/or stand for extended periods. - Ability to walk through customer buildings and facilities. - Ability to climb a ladder to various heights and maintain balance while performing work tasks. This job posting provides cursory examples of some of the job duties associated with this position. The examples provided are not complete, and the position may entail other essential and job-related functions and responsibilities that employees will be required to perform. CAREER DEVELOPMENT: It’s not just a job, it’s a career, and we are here to support you every step of the way. We want you to be successful and fulfilled. Through on-the-job experiences, personalized coaching and our robust learning and development programs, we encourage you – at every level – to grow and develop. BENEFITS: We offer comprehensive benefits to help you be healthy, build financial security, and balance work and home life. At The Hanover, you’ll enjoy what you do and have the support you need to succeed. Benefits include: - Medical, dental, vision, life, and disability insurance - 401K with a company match - Tuition reimbursement - PTO - Company paid holidays - Flexible work arrangements - Cultural Awareness Day in support of IDE - On-site medical/wellness center (Worcester only) - Click here for the full list of Benefits EEO statement: The Hanover values diversity in the workplace and among our customers. The company provides equal opportunity for employment and promotion to all qualified employees and applicants on the basis of experience, training, education, and ability to do the available work without regard to race, religion, color, age, sex/gender, sexual orientation, national origin, gender identity, disability, marital status, veteran status, genetic information, ancestry or any other status protected by law. Furthermore, The Hanover Insurance Group is committed to providing an equal opportunity workplace that is free of discrimination and harassment based on national origin, race, color, religion, gender, ancestry, age, sexual orientation, gender identity, disability, marital status, veteran status, genetic information or any other status protected by law.” As an equal opportunity employer, Hanover does not discriminate against qualified individuals with disabilities. Individuals with disabilities who wish to request a reasonable accommodation to participate in the job application or interview process, or to perform essential job functions, should contact us at:HRServices@hanover.com and include the link of the job posting in which you are interested. Privacy Policy: To view our privacy policy and online privacy statement, click here. Applicants who are California residents: To see the types of information we may collect from applicants and employees and how we use it, please click here. Compensation: The target hiring range for this role may vary based on geographic location and other factors, including merit or performance, demonstrated proficiency, skills for the role, education, travel requirements, and experience. Additional compensation may include an annual bonus (which could take the form of a general bonus, sales incentive, or short-term incentive), long-term incentive or spot recognition awards. The posted range reflects our ability to hire at different position titles and levels depending on background and experience.