Sr. Director, Information Security & Cloud Operations

Who Are We?

Prolaio believes that continuous learning and collaboration can make a significant difference in how heart care is administered. We are creating smarter ways to address heart disease and heart risks by uniting patients, care teams, and researchers on a secure, technology-enabled platform that drives clinical innovation and offers a path towards better patient outcomes.

This is precision cardiology, and we know it’s within reach.

The Sr. Director, Information security & Cloud Operations will be the senior leader shaping how Prolaio secures its AI‑driven, cloud‑first healthcare platform, owning the information security and cloud infrastructure strategy that underpins every product, trial, and patient interaction. This role designs and operates a continuous security and continuous compliance model that keeps Prolaio ahead of HITRUST, ISO 27001, ISO 42001, HIPAA, and FDA expectations, while still enabling the speed and flexibility required to innovate in AI‑powered products and decentralized clinical solutions.

This is a role for an innovative security and cloud leader who prefers modern DevSecOps, security as code, and AI native approaches over purely policy driven models, using smart guardrails to manage risk, earn regulator and customer trust, and fuel Prolaio’s growth.

• Define and execute Prolaio’s enterprise information security strategy, aligned with Prolaio’s business goals, clinical programs, and AI product roadmap.
• Establish and maintain security policies, standards, and procedures covering access control, data governance, cryptography, incident response, and IT/clinical risk management with a focus on continuous improvement
• Lead the design and implementation of a continuous security and continuous compliance framework (e.g., security-as-code, compliance-as-code, automated controls testing) to support HITRUST, ISO 27001, ISO 42001, HIPAA, FDA, 21 CFR Part 11, GxP/CSV/CSA, and data privacy requirements.
• Architect and operationalize pipelines for continuous monitoring of security controls, configuration drift, vulnerabilities, and compliance posture across cloud, on-prem, and edge environments.
• Own the enterprise cybersecurity program, including threat modeling, vulnerability management, identity and access management, data protection, endpoint security, and incident response.
• Collaborate with AI and product engineering teams to defend against AI-specific threats such as model extraction, prompt injection, model poisoning, data leakage, and abuse of AI-generated content.
• Lead the architecture, deployment, and operation of Prolaio’s cloud infrastructure (e.g., GCP) to ensure high availability, scalability, and cost efficiency for clinical, operational, and AI workloads.
• Partner with the CDAO and AI engineering teams to define and enforce policies for training data governance, model lifecycle management, AI model validation, and ethical/secure use of AI.
• Define and monitor vendor SLAs, DPAs, and shared responsibility models, ensuring vendors support Prolaio’s certification goals and regulatory obligations.
• Foster a culture of innovation, experimentation, and learning within the security and cloud organization, balancing risk management with enabling rapid product delivery and AI-driven capabilities.
• Maintain clear ownership boundaries and collaboration models with the CIO (enterprise IT), CDAO (data & analytics), CPO/Engineering (product software), and Operations (Clinical and Supply Chain) to ensure coherent architecture and governance.

• Impactful Work: You will join in the fight against heart failure (HF) and hypertrophic cardiomyopathy (HCM) with the goal of extending and saving the lives of our patients while also being at the forefront of changing the healthcare industry through technology.
• Innovative Environment: You will be part of an organization doing something that’s never been done before.
• Professional Growth: You will join a growing team and have a substantial impact on our daily and future operations with the opportunity to continuously learn and grow.
• Collaborative Team: You will be part of a team of collaborative, curious, and committed individuals focused on the collective good, inclusiveness, scientific excellence, and advancing digital health for cardiology.

• Bachelor’s degree in computer science, Engineering, Information Security, Information Systems, or related field.
• At least 15 years of experience in healthcare, biotech, medtech, or other regulated healthcare environments, with direct responsibility for information security in complex, multi-stakeholder settings.
• At least 5 years of experience serving as a Sr. Director of Information Security and Cloud Operations, or equivalent senior leadership role accountable for enterprise security and cloud operations in regulated environments in healthcare.
• Demonstrated experience designing and operating information security programs that support or achieve HITRUST, ISO 27001, and related certifications, as well as HIPAA and FDA regulatory requirements.
• Proven track record designing and implementing continuous security and compliance frameworks (for example security-as-code, automated controls testing, integrated GRC tooling) in cloud-native environments, including using AI to support security documentation, vendor assessments, policy oversight, and internal audits.
• Strong expertise in modern cloud architectures and operations (AWS/Azure/GCP), including infrastructure-as-code, Kubernetes/containers, microservices, serverless architecture, zero trust networking, and observability.
• Demonstrated experience building and securing AI and data infrastructure (e.g., GPU clusters, vector databases, AI model serving, data lakes) and supporting AI/ML workloads in validated production environment.
• Deep understanding of HIPAA, 21 CFR Part 11, GxP/CSV/CSA, data privacy laws, and security requirements applicable to healthcare, clinical trials, and AI-based systems
• Excellent communication skills, with the ability to translate complex security and technical concepts into clear, business-relevant narratives for executives, regulators, and partners.

• Meaningful Compensation: Competitive salary, performance bonus, and equity so you can share in what we build.
• Great Health Coverage: Medical, dental, and vision plans with multiple options and strong company contributions.
• Flexible Spending Perks: HSA, FSA, commuter benefits, and a $1,200 annual Lifestyle Spending Account to support wellness, commuting, family needs, and more.
• Time to Recharge: Generous paid time off, sick leave, and company holidays.
• Family-First Benefits: Paid parental leave, caregiver leave, and support for growing families.
• Security & Peace of Mind: Company-paid life insurance and short- and long-term disability coverage.
• Plan for the Future: 401(k) plan to help you build long-term financial security.
• Care When You Need It: Easy access to telehealth and optional supplemental coverage for life’s unexpected moments.