Vice President, Information Technology & Security
Offer summary
Qualifications:
15+ years of IT and cybersecurity experience, including 5+ years in senior leadership roles., Proven success in securing enterprise applications and platforms, especially in AI/ML or cloud-native environments., Hands-on experience with Google Cloud Platform (GCP) and secure software development practices., Strong communication skills to explain complex topics to both technical and non-technical stakeholders..Key responsibilities:
- Lead product and application security strategy, including secure design and deployment.
- Oversee corporate IT operations, policies, and tooling to ensure security and efficiency.
- Manage security compliance programs and audits such as HIPAA, HITRUST, SOC 2, and ISO 27001.
- Hire, mentor, and lead high-performing teams across InfoSec, security engineering, and corporate IT.
Job description
Virta Health is on a mission to transform type 2 diabetes and weightloss care. Current treatment approaches aren’t working—over half of US adults have either type 2 diabetes or prediabetes, and obesity rates are at an alltime high. Virta is changing this by helping people reverse their metabolic condition through innovations in technology, personalized nutrition, and virtual care delivery reinvented from the ground up. We have raised over $350 million from toptier investors, and partner with the largest health plans, employers, and government organizations to help their employees and members restore their health and take back their lives. Join us on our mission to reverse diabetes and obesity in one billion people.
As Vice President of Information Technology and Security, you will serve as a critical member of the leadership team, responsible for defining and executing the security and IT vision across the organization. You will lead efforts to architect and build secure, scalable systems that power our missioncritical applications, while ensuring that enterprise security and IT operations enable productivity and resilience at scale. This role combines deep technical acumen with strategic oversight and crossfunctional leadership.
You’ll be instrumental in enabling our AI efforts to scale securely, allowing developers to focus on solving complex problems without being encumbered by infrastructure or operational and legal risks. Your influence will span from product design to employee experience, making you a key decisionmaker in the company’s longterm strategy.
Key ResponsibilitiesSecurity Architecture & Product Security
Lead product and application security strategy, including secure design, development, deployment, and monitoring.
Oversee secure configuration and continuous assessment of cloud environments (GCP), containers, APIs, and developer workflows.
Partner with engineering and product teams to embed securebydesign practices and eliminate security and privacy risks early in the SDLC.
Drive secure delivery of our AI platform in compliance with regulatory and industry frameworks.
Corporate Security & IT Leadership
Own the full lifecycle of corporate IT, from onboarding to offboarding, including identity management, endpoint protection, and employee enablement.
Build and manage IT policies, practices, and tooling to ensure minimal friction for staff while maintaining rigorous security standards.
Oversee SaaS tool governance, device fleet security, and MDM configuration to protect company assets.
Ensure corporate infrastructure supports remotefirst, distributed teams efficiently and securely.
Governance, Risk & Compliance
Lead all aspects of security compliance programs and audits, including HIPAA, HITRUST, SOC 2, and ISO 27001.
Partner with legal, privacy, engineering, and operations to ensure risk assessments, policies, and controls meet evolving regulatory requirements.
Monitor controls for access, vulnerability management, incident response, and business continuity.
Team Building & Leadership
Hire, mentor, and manage highperforming teams across InfoSec, security engineering, and corporate IT.
Cultivate a culture of transparency, ownership, and continuous improvement.
Educate and empower employees on secure practices and foster crossfunctional collaboration.
QualificationsWe’d love to hear from you if you have:
15+ years of IT and cybersecurity experience, including 5+ years in senior leadership roles (VP, Senior Director).
Proven leadership experience in both information security and corporate IT domains.
Demonstrated success securing enterprise applications and platforms, particularly in AIML or cloudnative environments.
Handson experience with IT framework, and cloud platforms such as Google Cloud Platform (GCP).
Strong knowledge of secure software development practices, CICD, and developer enablement.
A track record of successfully managing IT operations, SaaS administration, endpoint security, and helpdesk experience.
Experience leading thirdparty certifications and audits (e.g., HIPAA, HITRUST, SOC 2, ISO 27001).
Exceptional communication skills, with the ability to explain complex topics to technical and nontechnical stakeholders, including Virta’s Executive leadership team and its Board of Directors.
A passion for enabling developers and employees by balancing security with usability.
Preferred QualificationsExperience in a highgrowth startup or remotefirst company.
Familiarity with MDM tools, SSOIDP platforms (e.g., Okta), and SIEM solutions.
90Day Plan for VP of Information Technology and Security
Days 0–30: Listen & Learn (Foundational Immersion)Objective: Build a strong understanding of current security posture, IT systems, team dynamics, and existing AI use cases or experimentation across departments.
Key Activities
Organizational Immersion
Meet with executive leadership to understand company strategy, growth goals, IT and InfoSec pain points and AI priorities.
Identify departments currently using or planning to use AI (e.g., support automation, clinical ops, engineering, legal).
Review internal AI usage guidelines, current OpenAI or thirdparty LLM contracts, and any prior security assessments.
Team & Systems Review
Conduct 1:1s with Security, IT, and crossfunctional stakeholders (Product, Engineering, Data ScienceAAa, Legal, Privacy, HR).
Audit enterprise tools, endpoints, cloud infrastructure, and integrations that interface with AIML workloads.
Inventory all known AI usage: internal tools, SaaS platforms with embedded AI, custom LLMs, and shadow AI adoption.
Security & Compliance Discovery
Review existing policies related to acceptable AI use, data classification, and PHIPII handling in AI systems.
Identify risks around sensitive data exposure, model drift, and external AI API calls.
Assess current alignment with frameworks such as NIST AI RMF, HIPAA, and HITRUST for AI governance.
Deliverables
AI adoption baseline and departmentlevel inventory
Internal stakeholder map for AI governance
Currentstate securityIT summary
Initial risk areas for AI usage
Shortlist of AI costsaving opportunities (e.g., license consolidation, helpdesk automation, AIassisted triage)
Days 31–60: Evaluate & Strategize (Design & Prioritize)Objective: Define a secure, scalable, and costefficient framework for AI usage while driving improvements across security and IT.
Key Activities
AI Governance Framework
Develop a lightweight, businessfriendly AI governance model: acceptable use, humanintheloop requirements, data inputsoutputs, and usage approvals.
Work with Legal and Privacy to address data residency, PHI exposure, and contractual guardrails for AI vendors.
Define clear lines of ownership for AI tooling and model integration into internal workflows.
CostSaving AI Enablement
Identify specific operational areas for AI enablement (e.g., Zendesk ticket classification, onboarding FAQs, coding support, reporting automation).
Prioritize use cases that reduce SaaS sprawl or eliminate manual effort (e.g., documentation, internal training).
Evaluate internal AI solutions vs. vendor platforms for optimal cost control.
Security & IT Enhancements
Roll out quickwin security upgrades (SSO enforcement, device posture, GCP policy tightening).
Draft or revise securityIT policies (including AI usage, endpoint protection, access control).
Identify key automation opportunities in corporate IT (e.g., offboarding workflows, MDM enforcement, helpdesk triage with AI).
Deliverables
AI governance policy (draft)
12month Security, IT, and AI strategy roadmap
AI enablement scorecard (use case, business impact, cost delta)
Proposed AI pilot programs with success criteria
Days 61–90: Execute & Lead (Scale & Secure)Objective: Begin executing foundational work across Security, IT, and AI enablement. Institutionalize governance and operationalize scalable, secure AI usage.
Key Activities
AI Enablement & Scaling
Launch initial AI pilots in prioritized departments (e.g., IT support automation, compliance reporting, autodrafting engineering documentation).
Develop dashboards to track AI adoption, model usage, cost, and business impact.
Partner with EngineeringAAA to embed security into model pipelines (input validation, logging, hallucination handling).
Security & Compliance Operations
Finalize and publish core security and AI usage policies; begin annual review cadences.
Implement monitoring controls for AI API usage, cost alerts, and sensitive data access.
Launch internal training on secure and responsible AI use for employees.
Efficiency Gains in Corporate IT
Deploy tooling to support onboardingoffboarding automation with leastprivilege principles.
Enable frictionless employee experience (selfservice support, AIfirst helpdesk, unified endpoint management).
Close key audit gaps; initiate precertification steps for SOC 2 or HITRUST if needed.
Culture & Communication
Publish monthly Security & IT newsletters with transparency on risks, initiatives, and metrics.
Host “AI Office Hours” to encourage responsible experimentation and collect feedback.
Establish a crossfunctional “AI Task Force” to guide innovation and policy.
Deliverables
Implemented AI pilots with documented ROI or time savings
Live dashboards tracking AI usage and impact
Finalized and rolled out policies (security, IT, AI use)
Security training completion metrics
Executive briefing deck on 90day outcomes and 12month strategic plan
Valuesdriven cultureVirta’s company values drive our culture, so you’ll do well if:
You put people first and take care of yourself, your peers, and our patients equally
You have a strong sense of ownership and take initiative while empowering others to do the same
You prioritize positive impact over busy work
You have no ego and understand that everyone has something to bring to the table regardless of experience
You appreciate transparency and promote trust and empowerment through open access of information
You are evidencebased and prioritize data and science over seniority or dogma
You take risks and rapidly iterate
Is this role not quite what youre looking for? Join our Talent Community and follow us on Linkedin to stay connected!
Virta has a location based compensation structure. Starting pay will be based on a
number of factors and commensurate with qualifications & experience. For
this role, the compensation range is $225,000$285,000 plus bonus and equity. Information about Virta’s benefits is on our Careers page at: https:www.virtahealth.comcareers.
Lead product and application security strategy, including secure design, development, deployment, and monitoring.
Oversee secure configuration and continuous assessment of cloud environments (GCP), containers, APIs, and developer workflows.
Partner with engineering and product teams to embed securebydesign practices and eliminate security and privacy risks early in the SDLC.
Drive secure delivery of our AI platform in compliance with regulatory and industry frameworks.
Own the full lifecycle of corporate IT, from onboarding to offboarding, including identity management, endpoint protection, and employee enablement.
Build and manage IT policies, practices, and tooling to ensure minimal friction for staff while maintaining rigorous security standards.
Oversee SaaS tool governance, device fleet security, and MDM configuration to protect company assets.
Ensure corporate infrastructure supports remotefirst, distributed teams efficiently and securely.
Lead all aspects of security compliance programs and audits, including HIPAA, HITRUST, SOC 2, and ISO 27001.
Partner with legal, privacy, engineering, and operations to ensure risk assessments, policies, and controls meet evolving regulatory requirements.
Monitor controls for access, vulnerability management, incident response, and business continuity.
Hire, mentor, and manage highperforming teams across InfoSec, security engineering, and corporate IT.
Cultivate a culture of transparency, ownership, and continuous improvement.
Educate and empower employees on secure practices and foster crossfunctional collaboration.
15+ years of IT and cybersecurity experience, including 5+ years in senior leadership roles (VP, Senior Director).
Proven leadership experience in both information security and corporate IT domains.
Demonstrated success securing enterprise applications and platforms, particularly in AIML or cloudnative environments.
Handson experience with IT framework, and cloud platforms such as Google Cloud Platform (GCP).
Strong knowledge of secure software development practices, CICD, and developer enablement.
A track record of successfully managing IT operations, SaaS administration, endpoint security, and helpdesk experience.
Experience leading thirdparty certifications and audits (e.g., HIPAA, HITRUST, SOC 2, ISO 27001).
Exceptional communication skills, with the ability to explain complex topics to technical and nontechnical stakeholders, including Virta’s Executive leadership team and its Board of Directors.
A passion for enabling developers and employees by balancing security with usability.
Experience in a highgrowth startup or remotefirst company.
Familiarity with MDM tools, SSOIDP platforms (e.g., Okta), and SIEM solutions.
Organizational Immersion
Meet with executive leadership to understand company strategy, growth goals, IT and InfoSec pain points and AI priorities.
Identify departments currently using or planning to use AI (e.g., support automation, clinical ops, engineering, legal).
Review internal AI usage guidelines, current OpenAI or thirdparty LLM contracts, and any prior security assessments.
Team & Systems Review
Conduct 1:1s with Security, IT, and crossfunctional stakeholders (Product, Engineering, Data ScienceAAa, Legal, Privacy, HR).
Audit enterprise tools, endpoints, cloud infrastructure, and integrations that interface with AIML workloads.
Inventory all known AI usage: internal tools, SaaS platforms with embedded AI, custom LLMs, and shadow AI adoption.
Security & Compliance Discovery
Review existing policies related to acceptable AI use, data classification, and PHIPII handling in AI systems.
Identify risks around sensitive data exposure, model drift, and external AI API calls.
Assess current alignment with frameworks such as NIST AI RMF, HIPAA, and HITRUST for AI governance.
AI adoption baseline and departmentlevel inventory
Internal stakeholder map for AI governance
Currentstate securityIT summary
Initial risk areas for AI usage
Shortlist of AI costsaving opportunities (e.g., license consolidation, helpdesk automation, AIassisted triage)
AI Governance Framework
Develop a lightweight, businessfriendly AI governance model: acceptable use, humanintheloop requirements, data inputsoutputs, and usage approvals.
Work with Legal and Privacy to address data residency, PHI exposure, and contractual guardrails for AI vendors.
Define clear lines of ownership for AI tooling and model integration into internal workflows.
CostSaving AI Enablement
Identify specific operational areas for AI enablement (e.g., Zendesk ticket classification, onboarding FAQs, coding support, reporting automation).
Prioritize use cases that reduce SaaS sprawl or eliminate manual effort (e.g., documentation, internal training).
Evaluate internal AI solutions vs. vendor platforms for optimal cost control.
Security & IT Enhancements
Roll out quickwin security upgrades (SSO enforcement, device posture, GCP policy tightening).
Draft or revise securityIT policies (including AI usage, endpoint protection, access control).
Identify key automation opportunities in corporate IT (e.g., offboarding workflows, MDM enforcement, helpdesk triage with AI).
AI governance policy (draft)
12month Security, IT, and AI strategy roadmap
AI enablement scorecard (use case, business impact, cost delta)
Proposed AI pilot programs with success criteria
AI Enablement & Scaling
Launch initial AI pilots in prioritized departments (e.g., IT support automation, compliance reporting, autodrafting engineering documentation).
Develop dashboards to track AI adoption, model usage, cost, and business impact.
Partner with EngineeringAAA to embed security into model pipelines (input validation, logging, hallucination handling).
Security & Compliance Operations
Finalize and publish core security and AI usage policies; begin annual review cadences.
Implement monitoring controls for AI API usage, cost alerts, and sensitive data access.
Launch internal training on secure and responsible AI use for employees.
Efficiency Gains in Corporate IT
Deploy tooling to support onboardingoffboarding automation with leastprivilege principles.
Enable frictionless employee experience (selfservice support, AIfirst helpdesk, unified endpoint management).
Close key audit gaps; initiate precertification steps for SOC 2 or HITRUST if needed.
Culture & Communication
Publish monthly Security & IT newsletters with transparency on risks, initiatives, and metrics.
Host “AI Office Hours” to encourage responsible experimentation and collect feedback.
Establish a crossfunctional “AI Task Force” to guide innovation and policy.
Implemented AI pilots with documented ROI or time savings
Live dashboards tracking AI usage and impact
Finalized and rolled out policies (security, IT, AI use)
Security training completion metrics
Executive briefing deck on 90day outcomes and 12month strategic plan
You put people first and take care of yourself, your peers, and our patients equally
You have a strong sense of ownership and take initiative while empowering others to do the same
You prioritize positive impact over busy work
You have no ego and understand that everyone has something to bring to the table regardless of experience
You appreciate transparency and promote trust and empowerment through open access of information
You are evidencebased and prioritize data and science over seniority or dogma
You take risks and rapidly iterate
Is this role not quite what youre looking for? Join our Talent Community and follow us on Linkedin to stay connected!
Virta has a location based compensation structure. Starting pay will be based on a
number of factors and commensurate with qualifications & experience. For
this role, the compensation range is $225,000$285,000 plus bonus and equity. Information about Virta’s benefits is on our Careers page at: https:www.virtahealth.comcareers.
Valuesdriven culture
Virta’s company values drive our culture, so you’ll do well if:
Deliverables
Days 61–90: Execute & Lead (Scale & Secure)
Objective: Begin executing foundational work across Security, IT, and AI enablement. Institutionalize governance and operationalize scalable, secure AI usage.
Key Activities
Deliverables
Days 31–60: Evaluate & Strategize (Design & Prioritize)
Objective: Define a secure, scalable, and costefficient framework for AI usage while driving improvements across security and IT.
Key Activities
Deliverables
90Day Plan for VP of Information Technology and Security
Days 0–30: Listen & Learn (Foundational Immersion)
Objective: Build a strong understanding of current security posture, IT systems, team dynamics, and existing AI use cases or experimentation across departments.
Key Activities
Preferred Qualifications
Qualifications
We’d love to hear from you if you have:
Team Building & Leadership
Governance, Risk & Compliance
Corporate Security & IT Leadership
Required profile
Experience
Hard Skills
Other Skills
- Collaboration
- Communication
- Leadership
- Team Building
- Problem Solving
Technology Director Related jobs
Wrapbook
- From: Canada (Full Remote)
- Full time
Intradiem
- From: United States (Full Remote)
- Full time
PURE Insurance
- From: United States (Full Remote)
- Full time
Experian
- From: United Kingdom (Full Remote)
- Full time
VOID Interactive
- From: Ireland (Full Remote)
- Full time