VP of Information Security & IT

About Curative

Curative is building the future of health insurance with a first-of-its-kind employer-based plan designed to remove financial barriers and make care truly accessible: one monthly premium with $0 copays and $0 deductibles*. Backed by our recent $150M in Series B funding and valuation at $1.275B Curative is scaling rapidly and investing in AI-powered service deeper member engagement and a smart network designed for todays workforce.

Our north star guides everything we do: healthcare only works when people can actually use it. That belief drives every decision we make: from how we design our plan support our members to how we collaborate as a team.

Our culture is fast-paced and demanding and it may not be the right fit for everyone. But for those who want to help build the future alongside high-performing professionals who strive for excellence and expect the same from each other theres no better place to grow and make an impact. If you want to do meaningful work with a team that moves fast experiments boldly and cares deeply Curative is the place to do it. Were growing fast and looking for teammates who want to help transform health insurance for the better.

Role Overview

The VP of Information Security & IT is responsible for leading and executing a comprehensive information security and IT strategy including Governance Risk & Compliance Security Operations and Enterprise IT. As the companys HIPAA Information Security Officer this leader owns the design implementation and continuous improvement of the companys information security program. This leader will partner cross-functionally with every aspect of the business to ensure that security is embedded into every layer of the organization and that IT systems and infrastructure reliably support the needs of a growing AI-enthusiastic company.

Key Responsibilities

Product Security

• Deploy and operationalize automated security scanning across engineering products and CI/CD pipelines identifying and communicating vulnerabilities at the code and architecture level.
• Partner with Engineering and Platform teams to integrate SAST DAST SCA and secrets detection tooling into development workflows and secure cloud computing environments.
• Maintain vulnerability management processes including prioritization remediation tracking and SLA enforcement; leverage AI tooling to improve detection coverage and triage efficiency.

Information Security Risk Management

• Own the Information Security and IT GRC program ensuring alignment with HIPAA COBIT and other applicable frameworks including the risk register and control environment.
• Own the Third Party Risk Management program including vendor assessments contract reviews and ongoing monitoring with particular attention to the risks introduced by AI-powered vendor tools.
• Provide risk-based guidance to stakeholders on new tools vendors and architectural decisions including policy governance for AI workforce tools.

Security Operations

• Maintain and evolve the threat monitoring program leveraging AI-assisted detection to ensure continuous visibility and timely identification of suspicious activity.
• Lead incident response coordinating cross-functional teams managing communications and driving post-incident reviews.
• Continuously improve detection and response capabilities through SIEM tuning playbook development and tabletop exercises.

Information Technology

• Oversee IT operations including helpdesk system administration and physical network administration ensuring reliability and security across the environment.
• Set the strategy and roadmap for enterprise applications and infrastructure including identity and access management; evaluate and govern the use of AI-powered productivity and business tools.

Leadership & Communication

• Own security and IT vendor relationships contracts and budgets including forecasting and investment recommendations.
• Deliver regular updates to executive leadership on program status key risks and strategic priorities.
• Lead mentor and develop a team spanning security and IT managing priorities workload and career growth across both operational and strategic work.

Qualifications

Education

• Bachelors degree in a related field or equivalent experience.

Experience

• 10 years in information security with at least 5 years in a leadership role.
• Demonstrated experience owning a GRC program and TPRM function.
• Hands-on background in Security Operations vulnerability management and incident response.
• Experience leading an IT function and managing vendor relationships.
• Comfortable presenting security topics to executive and non-technical audiences.

Technical Skills

• Proficiency with SIEM and EDR/XDR platforms; familiarity with code scanning tools (Snyk Semgrep Checkmarx etc.).
• Understanding of cloud security (AWS GCP Azure) IAM platforms and network infrastructure.
• Knowledge of NIST CSF ISO 27001 SOC 2 HIPAA and CIS Controls.
• Hands-on experience using AI tools for security monitoring and workflow automation; familiarity with securing LLM deployments agentic workflows and AI harness/orchestration security.
• Ability to assess risk and develop policy guidance for AI-powered workforce tools.

Leadership Competencies

• Strategic leader who balances near-term operational demands with longer-term program development.
• Strong communicator who translates technical risk into business-relevant terms.
• Cross-functional decisive under pressure and able to lead teams across multiple functions with competing priorities.

Perks & Benefits

• Curative Health Plan (100% employer-covered medical premiums for you and 50% coverage for dependents on the base plan.)

  • $0 copays and $0 deductibles (with completion of our Baseline Visit )

  • Preventive and primary care built in

  • Mental health support (Rula Televero Two Chairs Recovery Unplugged)

  • One-on-one care navigation

  • Chronic condition programs (diabetes weight hypertension)

  • Maternity and family planning support

  • 24/7/365 Curative Telehealth

  • Pharmacy benefits

• Comprehensive dental and vision coverage

• Employer-provided life and disability coverage with additional supplemental options

• Flexible spending accounts

• Flexible work options: remote and in-person opportunities

• Generous PTO policy plus 11 paid annual company holidays

• 401K for full-time employees

• Generous Up to 812 weeks paid parental leave based on role eligibility.

• This role is eligible for annual discretionary bonus structure and company equity
• This a remote position