Omilia - Conversational Intelligence

Business Information Security Officer

Omilia - Conversational Intelligence

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AssemblyCloudCyber Security

About the role

  • Serve as the primary security contact for Sales, Customer Success, Legal/Contracts, Product, and Professional Services — acting as a security advisor embedded in commercial and delivery workflows.
  • Attend key deal reviews, QBRs, and customer onboarding sessions to provide security context and remove blockers caused by security uncertainty.
  • Translate cyber security standards and policies into actionable guidance for non-security teams; bridge the gap between the CISO’s policy layer and day-to-day business operations.
  • Own the security governance framework for Omilia’s AI product features: generative AI tools (Pathfinder, miniApps), LLM integrations, agentic execution pipelines, and voice biometric systems.
  • Lead the security review process for new AI feature releases, including threat modelling, data handling assessment, and compliance gap analysis (EU AI Act, NIST AI RMF).
  • Establish and maintain an AI risk register covering model input/output risks, training data provenance, inference security, and human-in-the-loop control adequacy.
  • Represent Omilia in AI security discussions with enterprise customers and prospects who are subject to AI governance mandates (DORA, EU AI Act, internal AI ethics boards).
  • Own the security questionnaire process end-to-end: triage, response, evidence pack assembly, and customer sign-off. Target: sub-5-day turnaround for standard RFPs.
  • Maintain and continuously improve the master security response library, aligned to current certifications (FedRAMP, SOC 2 Type II, ISO 27001, PCI-DSS, HIPAA, GDPR).
  • Participate in contract security exhibit negotiations, advising Legal on what Omilia can operationally commit to vs. what requires escalation or commercial pushback.
  • Support customer audits, penetration test disclosure requirements, and on-site/virtual security review sessions.
  • Drive adherence to Omilia’s internal security policies across business units: data classification, acceptable use, third-party risk, incident reporting obligations.
  • Run targeted security awareness programmes for non-technical staff, with specific focus on data handling, phishing resilience, and AI tool usage policies.
  • Identify and escalate systemic non-compliance patterns to the CISO; propose pragmatic remediation plans that do not block business operations.
  • Maintain the internal security risk register for business-unit-owned risks (as distinct from technical/platform risks owned by Cloud Security).
  • Manage the security assessment lifecycle for new vendors, subprocessors, and integration partners, ensuring DPA and Security Exhibit obligations flow down appropriately.
  • Monitor existing subprocessor security posture and flag material changes (e.g., a CCaaS partner changing their cloud provider or incident disclosures).
  • Support the OEM and reseller channel on security onboarding: ensure partner-side obligations are understood and operationalised.

Requirements

  • 6+ years in information security, with at least 2 years in a BISO, security business partner, or GRC-facing role at a SaaS or technology company.
  • Strong working knowledge of PCI-DSS, SOC 2, ISO 27001, HIPAA, and GDPR as they apply to a cloud service provider selling to regulated enterprise customers.
  • Experience managing enterprise security questionnaires and RFP security sections at volume — ideally for deals with banks, insurers, utilities, or government buyers.
  • Demonstrated ability to work across commercial, legal, and technical functions without formal authority; strong stakeholder management and influencing skills.
  • Familiarity with AI governance frameworks: EU AI Act (basic awareness of high-risk classification), NIST AI RMF, or internal AI ethics/risk policies.
  • Strong written communication: able to produce clear, accurate security responses for both technical and non-technical audiences.
  • Professional certification: CISM, CRISC, CISA, or CISSP. ISO 27001 Lead Implementer/Auditor is a plus.
Benefits
  • Fixed compensation;
  • Long-term employment with the working days vacation;
  • Development in professional growth (courses, training, etc);
  • Being part of successful cutting-edge technology products that are making a global impact in the service industry;
  • Proficient and fun-to-work-with colleagues;
  • Apple gear.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
information securitysecurity governancethreat modellingdata handling assessmentcompliance gap analysisrisk register managementsecurity assessment lifecyclesecurity questionnaire managementpenetration testingdata classification
Soft Skills
stakeholder managementinfluencing skillswritten communicationcross-functional collaborationproblem-solvingsecurity awareness trainingremediation planningnegotiation skillsadvisory skillsorganizational skills
Certifications
CISMCRISCCISACISSPISO 27001 Lead ImplementerISO 27001 AuditorFedRAMPSOC 2 Type IIPCI-DSSHIPAA