Virta Health is on a mission to transform type 2 diabetes and weight-loss care. Current treatment approaches aren’t working—over half of US adults have either type 2 diabetes or prediabetes, and obesity rates are at an all-time high. Virta is changing this by helping people reverse their metabolic condition through innovations in technology, personalized nutrition, and virtual care delivery reinvented from the ground up. We have raised over $350 million from top-tier investors, and partner with the largest health plans, employers, and government organizations to help their employees and members restore their health and take back their lives. Join us on our mission to reverse diabetes and obesity in one billion people.

As Vice President of Information Technology and Security, you will serve as a critical member of the leadership team, responsible for defining and executing the security and IT vision across the organization. You will lead efforts to architect and build secure, scalable systems that power our mission-critical applications, while ensuring that enterprise security and IT operations enable productivity and resilience at scale. This role combines deep technical acumen with strategic oversight and cross-functional leadership.

You’ll be instrumental in enabling our AI efforts to scale securely, allowing developers to focus on solving complex problems without being encumbered by infrastructure or operational and legal risks. Your influence will span from product design to employee experience, making you a key decision-maker in the company’s long-term strategy.

Key Responsibilities

Security Architecture & Product Security

• Lead product and application security strategy, including secure design, development, deployment, and monitoring.
  

• Oversee secure configuration and continuous assessment of cloud environments (GCP), containers, APIs, and developer workflows.
  

• Partner with engineering and product teams to embed secure-by-design practices and eliminate security and privacy risks early in the SDLC.
  

• Drive secure delivery of our AI platform in compliance with regulatory and industry frameworks.
  

Corporate Security & IT Leadership

• Own the full lifecycle of corporate IT, from onboarding to offboarding, including identity management, endpoint protection, and employee enablement.
  

• Build and manage IT policies, practices, and tooling to ensure minimal friction for staff while maintaining rigorous security standards.
  

• Oversee SaaS tool governance, device fleet security, and MDM configuration to protect company assets.
  

• Ensure corporate infrastructure supports remote-first, distributed teams efficiently and securely.
  

Governance, Risk & Compliance

• Lead all aspects of security compliance programs and audits, including HIPAA, HITRUST, SOC 2, and ISO 27001.
  

• Partner with legal, privacy, engineering, and operations to ensure risk assessments, policies, and controls meet evolving regulatory requirements.
  

• Monitor controls for access, vulnerability management, incident response, and business continuity.
  

Team Building & Leadership

• Hire, mentor, and manage high-performing teams across InfoSec, security engineering, and corporate IT.
  

• Cultivate a culture of transparency, ownership, and continuous improvement.
  

• Educate and empower employees on secure practices and foster cross-functional collaboration.
  

Qualifications

We’d love to hear from you if you have:

• 15+ years of IT and cybersecurity experience, including 5+ years in senior leadership roles (VP, Senior Director).
  

• Proven leadership experience in both information security and corporate IT domains.
  

• Demonstrated success securing enterprise applications and platforms, particularly in AI/ML or cloud-native environments.
  

• Hands-on experience with IT framework, and cloud platforms such as Google Cloud Platform (GCP).
  

• Strong knowledge of secure software development practices, CI/CD, and developer enablement.
  

• A track record of successfully managing IT operations, SaaS administration, endpoint security, and helpdesk experience.
  

• Experience leading third-party certifications and audits (e.g., HIPAA, HITRUST, SOC 2, ISO 27001).
  

• Exceptional communication skills, with the ability to explain complex topics to technical and non-technical stakeholders, including Virta’s Executive leadership team and its Board of Directors.
  

• A passion for enabling developers and employees by balancing security with usability.
  

Preferred Qualifications

• Experience in a high-growth startup or remote-first company.
  

• Familiarity with MDM tools, SSO/IDP platforms (e.g., Okta), and SIEM solutions.
  

90-Day Plan for VP of Information Technology and Security

Days 0–30: Listen & Learn (Foundational Immersion)

Objective: Build a strong understanding of current security posture, IT systems, team dynamics, and existing AI use cases or experimentation across departments.

Key Activities

• Organizational Immersion
  

  • Meet with executive leadership to understand company strategy, growth goals, IT and InfoSec pain points and AI priorities.
    

  • Identify departments currently using or planning to use AI (e.g., support automation, clinical ops, engineering, legal).
    

  • Review internal AI usage guidelines, current OpenAI or third-party LLM contracts, and any prior security assessments.
    

• Team & Systems Review
  

  • Conduct 1:1s with Security, IT, and cross-functional stakeholders (Product, Engineering, Data Science/AAa, Legal, Privacy, HR).
    

  • Audit enterprise tools, endpoints, cloud infrastructure, and integrations that interface with AI/ML workloads.
    

  • Inventory all known AI usage: internal tools, SaaS platforms with embedded AI, custom LLMs, and shadow AI adoption.
    

• Security & Compliance Discovery
  

  • Review existing policies related to acceptable AI use, data classification, and PHI/PII handling in AI systems.
    

  • Identify risks around sensitive data exposure, model drift, and external AI API calls.
    

  • Assess current alignment with frameworks such as NIST AI RMF, HIPAA, and HITRUST for AI governance.
    

Deliverables

• AI adoption baseline and department-level inventory
  

• Internal stakeholder map for AI governance
  

• Current-state security/IT summary
  

• Initial risk areas for AI usage
  

• Shortlist of AI cost-saving opportunities (e.g., license consolidation, helpdesk automation, AI-assisted triage)
  

Days 31–60: Evaluate & Strategize (Design & Prioritize)

Objective: Define a secure, scalable, and cost-efficient framework for AI usage while driving improvements across security and IT.

Key Activities

• AI Governance Framework
  

  • Develop a lightweight, business-friendly AI governance model: acceptable use, human-in-the-loop requirements, data inputs/outputs, and usage approvals.
    

  • Work with Legal and Privacy to address data residency, PHI exposure, and contractual guardrails for AI vendors.
    

  • Define clear lines of ownership for AI tooling and model integration into internal workflows.
    

• Cost-Saving AI Enablement
  

  • Identify specific operational areas for AI enablement (e.g., Zendesk ticket classification, onboarding FAQs, coding support, reporting automation).
    

  • Prioritize use cases that reduce SaaS sprawl or eliminate manual effort (e.g., documentation, internal training).
    

  • Evaluate internal AI solutions vs. vendor platforms for optimal cost control.
    

• Security & IT Enhancements
  

  • Roll out quick-win security upgrades (SSO enforcement, device posture, GCP policy tightening).
    

  • Draft or revise security/IT policies (including AI usage, endpoint protection, access control).
    

  • Identify key automation opportunities in corporate IT (e.g., offboarding workflows, MDM enforcement, helpdesk triage with AI).
    

Deliverables

• AI governance policy (draft)
  

• 12-month Security, IT, and AI strategy roadmap
  

• AI enablement scorecard (use case, business impact, cost delta)
  

• Proposed AI pilot programs with success criteria
  
  

Days 61–90: Execute & Lead (Scale & Secure)

Objective: Begin executing foundational work across Security, IT, and AI enablement. Institutionalize governance and operationalize scalable, secure AI usage.

Key Activities

• AI Enablement & Scaling
  

  • Launch initial AI pilots in prioritized departments (e.g., IT support automation, compliance reporting, auto-drafting engineering documentation).
    

  • Develop dashboards to track AI adoption, model usage, cost, and business impact.
    

  • Partner with Engineering/AAA to embed security into model pipelines (input validation, logging, hallucination handling).
    

• Security & Compliance Operations
  

  • Finalize and publish core security and AI usage policies; begin annual review cadences.
    

  • Implement monitoring controls for AI API usage, cost alerts, and sensitive data access.
    

  • Launch internal training on secure and responsible AI use for employees.
    

• Efficiency Gains in Corporate IT
  

  • Deploy tooling to support onboarding/offboarding automation with least-privilege principles.
    

  • Enable frictionless employee experience (self-service support, AI-first helpdesk, unified endpoint management).
    

  • Close key audit gaps; initiate pre-certification steps for SOC 2 or HITRUST if needed.
    

• Culture & Communication
  

  • Publish monthly Security & IT newsletters with transparency on risks, initiatives, and metrics.
    

  • Host “AI Office Hours” to encourage responsible experimentation and collect feedback.
    

  • Establish a cross-functional “AI Task Force” to guide innovation and policy.
    

Deliverables

• Implemented AI pilots with documented ROI or time savings
  

• Live dashboards tracking AI usage and impact
  

• Finalized and rolled out policies (security, IT, AI use)
  

• Security training completion metrics
  

• Executive briefing deck on 90-day outcomes and 12-month strategic plan

Values-driven culture

Virta’s company values drive our culture, so you’ll do well if:

• You put people first and take care of yourself, your peers, and our patients equally

• You have a strong sense of ownership and take initiative while empowering others to do the same

• You prioritize positive impact over busy work

• You have no ego and understand that everyone has something to bring to the table regardless of experience

• You appreciate transparency and promote trust and empowerment through open access of information

• You are evidence-based and prioritize data and science over seniority or dogma

• You take risks and rapidly iterate
  

Is this role not quite what you're looking for? Join our Talent Community and follow us on Linkedin to stay connected!

Virta has a location based compensation structure. Starting pay will be based on a

number of factors and commensurate with qualifications & experience. For

this role, the compensation range is $225,000-$285,000 plus bonus and equity. Information about Virta’s benefits is on our Careers page at: https://www.virtahealth.com/careers.

As part of your duties at Virta, you may come in contact with sensitive patient information that is governed by HIPAA. Throughout your career at Virta, you will be expected to follow Virta's security and privacy procedures to ensure our patients' information remains strictly confidential. Security and privacy training will be provided.

As a remote-first company, our team is spread across various locations with office hubs in Denver and San Francisco.
Clinical roles: We currently do not hire in the following states: AK, HI, RI
Corporate roles: We currently do not hire in the following states: AK, AR, DE, HI, ME, MS, NM, OK, SD, VT, WI.

#LI-remote