Sr. Director, Information Security & Cloud Operations

About The Position

Requirements

• Bachelor’s degree in computer science, Engineering, Information Security, Information Systems, or related field.
• At least 15 years of experience in healthcare, biotech, medtech, or other regulated healthcare environments, with direct responsibility for information security in complex, multi-stakeholder settings.
• At least 5 years of experience serving as a Sr. Director of Information Security and Cloud Operations, or equivalent senior leadership role accountable for enterprise security and cloud operations in regulated environments in healthcare.
• Demonstrated experience designing and operating information security programs that support or achieve HITRUST, ISO 27001, and related certifications, as well as HIPAA and FDA regulatory requirements.
• Proven track record designing and implementing continuous security and compliance frameworks (for example security-as-code, automated controls testing, integrated GRC tooling) in cloud-native environments, including using AI to support security documentation, vendor assessments, policy oversight, and internal audits.
• Strong expertise in modern cloud architectures and operations (AWS/Azure/GCP), including infrastructure-as-code, Kubernetes/containers, microservices, serverless architecture, zero trust networking, and observability.
• Demonstrated experience building and securing AI and data infrastructure (e.g., GPU clusters, vector databases, AI model serving, data lakes) and supporting AI/ML workloads in validated production environment.
• Deep understanding of HIPAA, 21 CFR Part 11, GxP/CSV/CSA, data privacy laws, and security requirements applicable to healthcare, clinical trials, and AI-based systems
• Excellent communication skills, with the ability to translate complex security and technical concepts into clear, business-relevant narratives for executives, regulators, and partners.

Responsibilities

• Define and execute Prolaio’s enterprise information security strategy, aligned with Prolaio’s business goals, clinical programs, and AI product roadmap.
• Establish and maintain security policies, standards, and procedures covering access control, data governance, cryptography, incident response, and IT/clinical risk management with a focus on continuous improvement
• Lead the design and implementation of a continuous security and continuous compliance framework (e.g., security-as-code, compliance-as-code, automated controls testing) to support HITRUST, ISO 27001, ISO 42001, HIPAA, FDA, 21 CFR Part 11, GxP/CSV/CSA, and data privacy requirements.
• Architect and operationalize pipelines for continuous monitoring of security controls, configuration drift, vulnerabilities, and compliance posture across cloud, on-prem, and edge environments.
• Own the enterprise cybersecurity program, including threat modeling, vulnerability management, identity and access management, data protection, endpoint security, and incident response.
• Collaborate with AI and product engineering teams to defend against AI-specific threats such as model extraction, prompt injection, model poisoning, data leakage, and abuse of AI-generated content.
• Lead the architecture, deployment, and operation of Prolaio’s cloud infrastructure (e.g., GCP) to ensure high availability, scalability, and cost efficiency for clinical, operational, and AI workloads.
• Partner with the CDAO and AI engineering teams to define and enforce policies for training data governance, model lifecycle management, AI model validation, and ethical/secure use of AI.
• Define and monitor vendor SLAs, DPAs, and shared responsibility models, ensuring vendors support Prolaio’s certification goals and regulatory obligations.
• Foster a culture of innovation, experimentation, and learning within the security and cloud organization, balancing risk management with enabling rapid product delivery and AI-driven capabilities.
• Maintain clear ownership boundaries and collaboration models with the CIO (enterprise IT), CDAO (data & analytics), CPO/Engineering (product software), and Operations (Clinical and Supply Chain) to ensure coherent architecture and governance.

Benefits

• Competitive salary
• performance bonus
• equity
• Medical, dental, and vision plans with multiple options and strong company contributions.
• HSA, FSA, commuter benefits, and a $1,200 annual Lifestyle Spending Account
• Generous paid time off, sick leave, and company holidays.
• Paid parental leave, caregiver leave, and support for growing families.
• Company-paid life insurance and short- and long-term disability coverage.
• 401(k) plan
• Easy access to telehealth and optional supplemental coverage