Virta Health is on a mission to transform type 2 diabetes and weight-loss care. Current treatment approaches aren’t working—over half of US adults have either type 2 diabetes or prediabetes, and obesity rates are at an all-time high. Virta is changing this by helping people reverse their metabolic condition through innovations in technology, personalized nutrition, and virtual care delivery reinvented from the ground up. We have raised over $350 million from top-tier investors, and partner with the largest health plans, employers, and government organizations to help their employees and members restore their health and take back their lives. Join us on our mission to reverse diabetes in one billion people.

The Vice President of Information Security will lead Virta’s enterprise-wide information security program, setting a long-term strategic vision that safeguards our data, systems, and customer trust. As the most senior security leader in the organization, you will oversee all aspects of Virta’s security posture—including risk management, regulatory compliance, and incident response—and be responsible for developing and executing a comprehensive roadmap that aligns with our growth and evolving threat landscape. This role reports to the General Counsel and regularly communicates with the Board of Directors, Executive Team, large-scale customers, and other critical stakeholders. You will shape the future of security at Virta by driving cross-functional alignment, fostering a resilient and scalable security culture, and ensuring that our security investments enable innovation and trust at scale. 

Responsibilities:

Security Strategy and Vision:

• Define and maintain an enterprise-wide security vision and strategic roadmap (2+ years), ensuring alignment with business goals and long-term growth.

• Serve as the senior-most authority on information security, responsible for the organization’s overall security posture and risk landscape.

• Participate in board-level and executive leadership discussions, providing strategic guidance on security implications of corporate initiatives and business operations.

Team Leadership and Organizational Design:

• Architect and continuously evolve the organizational structure of the security team, including headcount planning, role design, and succession planning.

• Cultivate a high-performance, values-driven security culture.

• Manage and mentor senior security leaders (directors and managers), fostering professional growth and ensuring strong leadership continuity.

• Build coverage and redundancy into security operations to mitigate single points of failure and maintain resilience.

Budgeting and Resource Allocation:

• Own and manage the security budget, ensuring optimal allocation of resources across people, processes, and technology.

• Approve key spending decisions, including technology investments, third-party vendors, audit engagements, and staffing.

Stakeholder and External Engagement:

• Act as the primary point of contact for internal and external security-related engagements.

• Partner with executive leadership and department heads to align security efforts with company objectives.

• Represent Virta in customer conversations, industry forums, and peer networks as a public-facing security leader.

• Maintain strong relationships with industry partners, regulators, auditors, and large enterprise clients.

Enterprise Risk Management:

• Define and implement an enterprise risk tolerance strategy, in coordination with broader corporate governance.

• Lead the development and execution of risk management frameworks, ensuring consistent identification, mitigation, and reporting of risks.

• Deliver high-level risk and compliance reports to executive stakeholders and the Board.

• Oversee the response to critical incidents and crisis events, ensuring transparent communication and swift resolution.

Technology and Innovation Leadership:

• Establish a forward-looking vision for security technology and innovation.

• Stay current with emerging threats, trends, and technologies to ensure Virta maintains a modern and robust defense posture.

• Guide strategic security tooling decisions and oversee the implementation of scalable, automated security infrastructure.

Compliance and Certification:

• Oversee Virta’s SOC 2 and HITRUST certification programs, ensuring successful audits and ongoing compliance.

• Monitor and ensure adherence to all applicable healthcare and privacy regulations, including HIPAA and other relevant frameworks.

Additional Requirements:

• Exceptional executive communication skills with the ability to influence and gain buy-in across all levels of the organization, including the Board and C-suite.

• Demonstrated ability to operate effectively in complex and ambiguous environments, balancing regulatory obligations, business priorities, and evolving risks.

• Proven experience building, leading, and scaling high-performing teams in high-growth environments.

• Strong business acumen with the ability to collaborate and align security strategies to corporate objectives and product goals.

• Experience building and leading enterprise risk programs, incident response, and security operations at scale.

• A strategic mindset paired with the technical and operational expertise to execute at scale and deliver measurable impact.

Must Haves:

• Bachelor’s degree in computer science, cybersecurity information technology or a related field

• Master’s degree especially an MBA or MS in Cybersecurity / Information Security (not required, but highly preferred)

• 15+ years of IT and cybersecurity experience; 5+ years of leadership experience in security  roles (such as Director of Security, Security Manager or VP of Security)

• Certifications demonstrating proficiency and SME, including at least one of the following: Certified Information Systems Security Professional (CISSP); Certified Information Security Management (CISM), Certified Ethical Hacker (CEH); Certified Chief Information Security Officer (CCISO)

• Deep familiarity with healthcare regulatory requirements and third-party certification programs such as HITRUST and SOC 2, and security frameworks such as NIST, ISO 27001, GDPR, CCPA, and HIPAA.

• Strong understanding of cloud security, network security, and emerging threats

• Experience working with executive leadership, board members, and customer executives to communicate cybersecurity risk and the key aspects of Virta’s program

Values-driven culture

Virta’s company values drive our culture, so you’ll do well if:

• You put people first and take care of yourself, your peers, and our patients equally

• You have a strong sense of ownership and take initiative while empowering others to do the same

• You prioritize positive impact over busy work

• You have no ego and understand that everyone has something to bring to the table regardless of experience

• You appreciate transparency and promote trust and empowerment through open access of information

• You are evidence-based and prioritize data and science over seniority or dogma

• You take risks and rapidly iterate

Is this role not quite what you're looking for? Join our Talent Community and follow us on Linkedin to stay connected!

Virta has a location based compensation structure. Starting pay will be based on a

number of factors and commensurate with qualifications & experience. For

this role, the compensation range is $225,000-$285,000 plus bonus and equity. Information about Virta’s benefits is on our Careers page at: https://www.virtahealth.com/careers.

As part of your duties at Virta, you may come in contact with sensitive patient information that is governed by HIPAA. Throughout your career at Virta, you will be expected to follow Virta's security and privacy procedures to ensure our patients' information remains strictly confidential. Security and privacy training will be provided.

As a remote-first company, our team is spread across various locations with office hubs in Denver and San Francisco. We currently do not hire in the following states: AK, AR, DE, HI, ME, MS, NM, OK, SD, VT, WI.

#LI-remote