- Upgrade OpenSSL on all of your existing software
- Propose projects to remove infrastructure that can’t be upgraded (if your vendors haven’t shipped a patch, get new gear)
- Force users to update credentials (YMMV depending on what you do, either force a re-auth, or password resets)
- Apologize to your users for not dealing with this weeks ago.
If your employer won’t let you do these four things, the next thing to do is find a new job.
Anything less would be unprofessional.