Chief Information Security & IT Leader (HIPAA & AI)

Curative is building the future of health insurance with a first-of-its-kind employer-based plan designed to remove financial barriers and make care truly accessible: one monthly premium with $0 copays and $0 deductibles*. Backed by our recent $150M in Series B funding and valuation at $1.275B , Curative is scaling rapidly and investing in AI-powered service, deeper member engagement, and a smart network designed for today’s workforce. Our north star guides everything we do: healthcare only works when people can actually use it . That belief drives every decision we make: from how we design our plan, support our members, to how we collaborate as a team. Our culture is fast-paced and demanding, and it may not be the right fit for everyone. But for those who want to help build the future alongside high-performing professionals who strive for excellence and expect the same from each other, there’s no better place to grow and make an impact. If you want to do meaningful work with a team that moves fast, experiments boldly, and cares deeply, Curative is the place to do it. We’re growing fast and looking for teammates who want to help transform health insurance for the better. Role Overview The VP of Information Security & IT is responsible for leading and executing a comprehensive information security and IT strategy, including Governance, Risk & Compliance, Security Operations, and Enterprise IT. As the company's HIPAA Information Security Officer, this leader owns the design, implementation, and continuous improvement of the company's information security program. This leader will partner cross-functionally with every aspect of the business to ensure that security is embedded into every layer of the organization, and that IT systems and infrastructure reliably support the needs of a growing AI-enthusiastic company. Key Responsibilities Product Security Deploy and operationalize automated security scanning across engineering products and CI/CD pipelines, identifying and communicating vulnerabilities at the code and architecture level. Partner with Engineering and Platform teams to integrate SAST, DAST, SCA, and secrets detection tooling into development workflows and secure cloud computing environments. Maintain vulnerability management processes including prioritization, remediation tracking, and SLA enforcement; leverage AI tooling to improve detection coverage and triage efficiency. Information Security Risk Management Own the Information Security and IT GRC program, ensuring alignment with HIPAA, COBIT, and other applicable frameworks, including the risk register and control environment. Own the Third Party Risk Management program, including vendor assessments, contract reviews, and ongoing monitoring with particular attention to the risks introduced by AI-powered vendor tools. Provide risk-based guidance to stakeholders on new tools, vendors, and architectural decisions, including policy governance for AI workforce tools. Security Operations Maintain and evolve the threat monitoring program, leveraging AI-assisted detection to ensure continuous visibility and timely identification of suspicious activity. Lead incident response, coordinating cross-functional teams, managing communications, and driving post-incident reviews. Continuously improve detection and response capabilities through SIEM tuning, playbook development, and tabletop exercises. Information Technology Oversee IT operations including helpdesk, system administration, and physical network administration, ensuring reliability and security across the environment. Set the strategy and roadmap for enterprise applications and infrastructure, including identity and access management; evaluate and govern the use of AI-powered productivity and business tools. Leadership & Communication Own security and IT vendor relationships, contracts, and budgets, including forecasting and investment recommendations. Deliver regular updates to executive leadership on program status, key risks, and strategic priorities. Lead, mentor, and develop a team spanning security and IT, managing priorities, workload, and career growth across both operational and strategic work. Qualifications Education Bachelor's degree in a related field or equivalent experience. Experience 10+ years in information security, with at least 5 years in a leadership role. Demonstrated experience owning a GRC program and TPRM function. Hands-on background in Security Operations, vulnerability management, and incident response. Experience leading an IT function and managing vendor relationships. Comfortable presenting security topics to executive and non-technical audiences. Technical Skills Proficiency with SIEM and EDR/XDR platforms; familiarity with code scanning tools (Snyk, Semgrep, Checkmarx, etc.). Understanding of cloud security (AWS, GCP, Azure), IAM platforms, and network infrastructure. Knowledge of NIST CSF, ISO 27001, SOC 2, HIPAA, and CIS Controls. Hands-on experience using AI tools for security monitoring and workflow automation; familiarity with securing LLM deployments, agentic workflows, and AI harness/orchestration security. Ability to assess risk and develop policy guidance for AI-powered workforce tools. Strategic leader who balances near-term operational demands with longer-term program development. Strong communicator who translates technical risk into business-relevant terms. Cross-functional, decisive under pressure, and able to lead teams across multiple functions with competing priorities. Curative Health Plan (100% employer-covered medical premiums for you and 50% coverage for dependents on the base plan.) $0 copays and $0 deductibles (with completion of our Baseline Visit ) Preventive and primary care built in Mental health support (Rula, Televero, Two Chairs, Recovery Unplugged) Chronic condition programs (diabetes, weight, hypertension) Maternity and family planning support Employer-provided life and disability coverage with additional supplemental options Flexible spending accounts Flexible work options: remote and in-person opportunities Generous PTO policy plus 11 paid annual company holidays 401K for full-time employees Generous Up to 8–12 weeks paid parental leave, based on role eligibility. This role is eligible for annual discretionary bonus structure and company equity #J-18808-Ljbffr Valid8 Financial, Inc.