Vice President, Information Technology & Security

at Virta Health
๐Ÿ’ฐ $225k-$285k
๐Ÿ”’ Cybersecurityโšซ Executive

Job description

Virta Health is on a mission to transform type 2 diabetes and weight-loss care. Current treatment approaches arenโ€™t workingโ€”over half of US adults have either type 2 diabetes or prediabetes, and obesity rates are at an all-time high. Virta is changing this by helping people reverse their metabolic condition through innovations in technology, personalized nutrition, and virtual care delivery reinvented from the ground up. We have raised over $350 million from top-tier investors, and partner with the largest health plans, employers, and government organizations to help their employees and members restore their health and take back their lives. Join us on our mission to reverse diabetes and obesity in one billion people.

As Vice President of Information Technology and Security, you will serve as a critical member of the leadership team, responsible for defining and executing the security and IT vision across the organization. You will lead efforts to architect and build secure, scalable systems that power our mission-critical applications, while ensuring that enterprise security and IT operations enable productivity and resilience at scale. This role combines deep technical acumen with strategic oversight and cross-functional leadership.

Youโ€™ll be instrumental in enabling our AI efforts to scale securely, allowing developers to focus on solving complex problems without being encumbered by infrastructure or operational and legal risks. Your influence will span from product design to employee experience, making you a key decision-maker in the companyโ€™s long-term strategy.

Key Responsibilities

Security Architecture & Product Security

  • Lead product and application security strategy, including secure design, development, deployment, and monitoring.

  • Oversee secure configuration and continuous assessment of cloud environments (GCP), containers, APIs, and developer workflows.

  • Partner with engineering and product teams to embed secure-by-design practices and eliminate security and privacy risks early in the SDLC.

  • Drive secure delivery of our AI platform in compliance with regulatory and industry frameworks.

Corporate Security & IT Leadership

  • Own the full lifecycle of corporate IT, from onboarding to offboarding, including identity management, endpoint protection, and employee enablement.

  • Build and manage IT policies, practices, and tooling to ensure minimal friction for staff while maintaining rigorous security standards.

  • Oversee SaaS tool governance, device fleet security, and MDM configuration to protect company assets.

  • Ensure corporate infrastructure supports remote-first, distributed teams efficiently and securely.

Governance, Risk & Compliance

  • Lead all aspects of security compliance programs and audits, including HIPAA, HITRUST, SOC 2, and ISO 27001.

  • Partner with legal, privacy, engineering, and operations to ensure risk assessments, policies, and controls meet evolving regulatory requirements.

  • Monitor controls for access, vulnerability management, incident response, and business continuity.

Team Building & Leadership

  • Hire, mentor, and manage high-performing teams across InfoSec, security engineering, and corporate IT.

  • Cultivate a culture of transparency, ownership, and continuous improvement.

  • Educate and empower employees on secure practices and foster cross-functional collaboration.

Qualifications

Weโ€™d love to hear from you if you have:

  • 15+ years of IT and cybersecurity experience, including 5+ years in senior leadership roles (VP, Senior Director).

  • Proven leadership experience in both information security and corporate IT domains.

  • Demonstrated success securing enterprise applications and platforms, particularly in AI/ML or cloud-native environments.

  • Hands-on experience with IT framework, and cloud platforms such as Google Cloud Platform (GCP).

  • Strong knowledge of secure software development practices, CI/CD, and developer enablement.

  • A track record of successfully managing IT operations, SaaS administration, endpoint security, and helpdesk experience.

  • Experience leading third-party certifications and audits (e.g., HIPAA, HITRUST, SOC 2, ISO 27001).

  • Exceptional communication skills, with the ability to explain complex topics to technical and non-technical stakeholders, including Virtaโ€™s Executive leadership team and its Board of Directors.

  • A passion for enabling developers and employees by balancing security with usability.

Preferred Qualifications

  • Experience in a high-growth startup or remote-first company.

  • Familiarity with MDM tools, SSO/IDP platforms (e.g., Okta), and SIEM solutions.

90-Day Plan for VP of Information Technology and Security

Days 0โ€“30: Listen & Learn (Foundational Immersion)

Objective: Build a strong understanding of current security posture, IT systems, team dynamics, and existing AI use cases or experimentation across departments.

Key Activities

  • Organizational Immersion

    • Meet with executive leadership to understand company strategy, growth goals, IT and InfoSec pain points and AI priorities.

    • Identify departments currently using or planning to use AI (e.g., support automation, clinical ops, engineering, legal).

    • Review internal AI usage guidelines, current OpenAI or third-party LLM contracts, and any prior security assessments.

  • Team & Systems Review

    • Conduct 1:1s with Security, IT, and cross-functional stakeholders (Product, Engineering, Data Science/AAa, Legal, Privacy, HR).

    • Audit enterprise tools, endpoints, cloud infrastructure, and integrations that interface with AI/ML workloads.

    • Inventory all known AI usage: internal tools, SaaS platforms with embedded AI, custom LLMs, and shadow AI adoption.

  • Security & Compliance Discovery

    • Review existing policies related to acceptable AI use, data classification, and PHI/PII handling in AI systems.

    • Identify risks around sensitive data exposure, model drift, and external AI API calls.

    • Assess current alignment with frameworks such as NIST AI RMF, HIPAA, and HITRUST for AI governance.

Deliverables

  • AI adoption baseline and department-level inventory

  • Internal stakeholder map for AI governance

  • Current-state security/IT summary

  • Initial risk areas for AI usage

  • Shortlist of AI cost-saving opportunities (e.g., license consolidation, helpdesk automation, AI-assisted triage)

Days 31โ€“60: Evaluate & Strategize (Design & Prioritize)

Objective: Define a secure, scalable, and cost-efficient framework for AI usage while driving improvements across security and IT.

Key Activities

  • AI Governance Framework

    • Develop a lightweight, business-friendly AI governance model: acceptable use, human-in-the-loop requirements, data inputs/outputs, and usage approvals.

    • Work with Legal and Privacy to address data residency, PHI exposure, and contractual guardrails for AI vendors.

    • Define clear lines of ownership for AI tooling and model integration into internal workflows.

  • Cost-Saving AI Enablement

    • Identify specific operational areas for AI enablement (e.g., Zendesk ticket classification, onboarding FAQs, coding support, reporting automation).

    • Prioritize use cases that reduce SaaS sprawl or eliminate manual effort (e.g., documentation, internal training).

    • Evaluate internal AI solutions vs. vendor platforms for optimal cost control.

  • Security & IT Enhancements

    • Roll out quick-win security upgrades (SSO enforcement, device posture, GCP policy tightening).

    • Draft or revise security/IT policies (including AI usage, endpoint protection, access control).

    • Identify key automation opportunities in corporate IT (e.g., offboarding workflows, MDM enforcement, helpdesk triage with AI).

Deliverables

  • AI governance policy (draft)

  • 12-month Security, IT, and AI strategy roadmap

  • AI enablement scorecard (use case, business impact, cost delta)

  • Proposed AI pilot programs with success criteria

Days 61โ€“90: Execute & Lead (Scale & Secure)

Objective: Begin executing foundational work across Security, IT, and AI enablement. Institutionalize governance and operationalize scalable, secure AI usage.

Key Activities

  • AI Enablement & Scaling

    • Launch initial AI pilots in prioritized departments (e.g., IT support automation, compliance reporting, auto-drafting engineering documentation).

    • Develop dashboards to track AI adoption, model usage, cost, and business impact.

    • Partner with Engineering/AAA to embed security into model pipelines (input validation, logging, hallucination handling).

  • Security & Compliance Operations

    • Finalize and publish core security and AI usage policies; begin annual review cadences.

    • Implement monitoring controls for AI API usage, cost alerts, and sensitive data access.

    • Launch internal training on secure and responsible AI use for employees.

  • Efficiency Gains in Corporate IT

    • Deploy tooling to support onboarding/offboarding automation with least-privilege principles.

    • Enable frictionless employee experience (self-service support, AI-first helpdesk, unified endpoint management).

    • Close key audit gaps; initiate pre-certification steps for SOC 2 or HITRUST if needed.

  • Culture & Communication

    • Publish monthly Security & IT newsletters with transparency on risks, initiatives, and metrics.

    • Host โ€œAI Office Hoursโ€ to encourage responsible experimentation and collect feedback.

    • Establish a cross-functional โ€œAI Task Forceโ€ to guide innovation and policy.

Deliverables

  • Implemented AI pilots with documented ROI or time savings

  • Live dashboards tracking AI usage and impact

  • Finalized and rolled out policies (security, IT, AI use)

  • Security training completion metrics

  • Executive briefing deck on 90-day outcomes and 12-month strategic plan

Values-driven culture

Virtaโ€™s company values drive our culture, so youโ€™ll do well if:

  • You put people first and take care of yourself, your peers, and our patients equally

  • You have a strong sense of ownership and take initiative while empowering others to do the same

  • You prioritize positive impact over busy work

  • You have no ego and understand that everyone has something to bring to the table regardless of experience

  • You appreciate transparency and promote trust and empowerment through open access of information

  • You are evidence-based and prioritize data and science over seniority or dogma

  • You take risks and rapidly iterate

Is this role not quite what you’re looking for? Join our Talent Community and follow us on Linkedin to stay connected!

Virta has a location based compensation structure. Starting pay will be based on a

number of factors and commensurate with qualifications & experience. For

this role, the compensation range is $225,000-$285,000 plus bonus and equity. Information about Virtaโ€™s benefits is on our Careers page at: https://www.virtahealth.com/careers.

As part of your duties at Virta, you may come in contact with sensitive patient information that is governed by HIPAA. Throughout your career at Virta, you will be expected to follow Virta’s security and privacy procedures to ensure our patients’ information remains strictly confidential. Security and privacy training will be provided.

As a remote-first company, our team is spread across various locations with office hubs in Denver and San Francisco.

Clinical roles: We currently do not hire in the following states: AK, HI, RI

Corporate roles: We currently do not hire in the following states: AK, AR, DE, HI, ME, MS, NM, OK, SD, VT, WI.

#LI-remote

Share this job:
Please let Virta Health know you found this job on Remote First Jobs ๐Ÿ™

Similar Remote Jobs

Latest Jobs at Virta Health

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service ๐Ÿ™

Apply