Vice President, Information Security

Summary

Join Virta Health as their Vice President of Information Security and lead their enterprise-wide information security program. You will define and maintain a security vision, oversee all aspects of Virta’s security posture, and manage the security team. This role requires strong leadership, communication, and technical skills, along with experience in risk management, compliance, and incident response. You will work closely with executive leadership, the board, and external stakeholders. The ideal candidate will have a strategic mindset and proven experience building and scaling high-performing security teams in high-growth environments. Virta offers a competitive salary and benefits package.

Requirements

• Exceptional executive communication skills with the ability to influence and gain buy-in across all levels of the organization, including the Board and C-suite
• Demonstrated ability to operate effectively in complex and ambiguous environments, balancing regulatory obligations, business priorities, and evolving risks
• Proven experience building, leading, and scaling high-performing teams in high-growth environments
• Strong business acumen with the ability to collaborate and align security strategies to corporate objectives and product goals
• Experience building and leading enterprise risk programs, incident response, and security operations at scale
• A strategic mindset paired with the technical and operational expertise to execute at scale and deliver measurable impact
• Bachelor’s degree in computer science, cybersecurity information technology or a related field
• 15+ years of IT and cybersecurity experience; 5+ years of leadership experience in security roles (such as Director of Security, Security Manager or VP of Security)
• Certifications demonstrating proficiency and SME, including at least one of the following: Certified Information Systems Security Professional (CISSP); Certified Information Security Management (CISM), Certified Ethical Hacker (CEH); Certified Chief Information Security Officer (CCISO)
• Deep familiarity with healthcare regulatory requirements and third-party certification programs such as HITRUST and SOC 2, and security frameworks such as NIST, ISO 27001, GDPR, CCPA, and HIPAA
• Strong understanding of cloud security, network security, and emerging threats
• Experience working with executive leadership, board members, and customer executives to communicate cybersecurity risk and the key aspects of Virta’s program

Responsibilities

• Define and maintain an enterprise-wide security vision and strategic roadmap (2+ years), ensuring alignment with business goals and long-term growth
• Serve as the senior-most authority on information security, responsible for the organization’s overall security posture and risk landscape
• Participate in board-level and executive leadership discussions, providing strategic guidance on security implications of corporate initiatives and business operations
• Architect and continuously evolve the organizational structure of the security team, including headcount planning, role design, and succession planning
• Cultivate a high-performance, values-driven security culture
• Manage and mentor senior security leaders (directors and managers), fostering professional growth and ensuring strong leadership continuity
• Build coverage and redundancy into security operations to mitigate single points of failure and maintain resilience
• Own and manage the security budget, ensuring optimal allocation of resources across people, processes, and technology
• Approve key spending decisions, including technology investments, third-party vendors, audit engagements, and staffing
• Act as the primary point of contact for internal and external security-related engagements
• Partner with executive leadership and department heads to align security efforts with company objectives
• Represent Virta in customer conversations, industry forums, and peer networks as a public-facing security leader
• Maintain strong relationships with industry partners, regulators, auditors, and large enterprise clients
• Define and implement an enterprise risk tolerance strategy, in coordination with broader corporate governance
• Lead the development and execution of risk management frameworks, ensuring consistent identification, mitigation, and reporting of risks
• Deliver high-level risk and compliance reports to executive stakeholders and the Board
• Oversee the response to critical incidents and crisis events, ensuring transparent communication and swift resolution
• Establish a forward-looking vision for security technology and innovation
• Stay current with emerging threats, trends, and technologies to ensure Virta maintains a modern and robust defense posture
• Guide strategic security tooling decisions and oversee the implementation of scalable, automated security infrastructure
• Oversee Virta’s SOC 2 and HITRUST certification programs, ensuring successful audits and ongoing compliance
• Monitor and ensure adherence to all applicable healthcare and privacy regulations, including HIPAA and other relevant frameworks

Preferred Qualifications

Master’s degree especially an MBA or MS in Cybersecurity / Information Security

Benefits

• Compensation range is $225,000-$285,000 plus bonus and equity
• Remote work