Omilia - Conversational Intelligence

Director of Cloud Security

Omilia - Conversational Intelligence

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

AWSCloudKubernetesSDLC

About the role

  • Omilia operates a proprietary, end-to-end conversational AI cloud platform serving enterprise contact
  • centres in regulated industries including banking, utilities, and telecoms. The platform is cloud-native
  • on AWS, Kubernetes-orchestrated, multi-tenant and single-tenant, and holds government-grade
  • certifications including FedRAMP, ISO 27001, SOC 2 Type II, PCI-DSS Level 1, HIPAA, and GDPR.
  • The Director of Cloud Security will own the security posture of this platform end-to-end: from
  • infrastructure hardening and threat modelling through to audit evidence production and customer-
  • facing security assurance.
  • **Key Responsibilities**
  • Cloud Security Ownership
  • Define and execute Omilia’s cloud security strategy across all deployment models: multi-tenant SaaS,
  • exclusive tenant, private cloud, and hybrid.
  • Own the AWS security architecture including IAM, VPC design, GuardDuty, Security Hub, CloudTrail, KMS
  • key management, and secrets management.
  • Lead infrastructure hardening programmes using golden image pipelines, CIS Benchmarks, and automated
  • compliance scanning.
  • Ensure network segmentation, tenant data isolation, and zero-trust principles are implemented and
  • maintained across all environments.
  • **Compliance & Certification Leadership**
  • Own the annual renewal and continuous readiness of FedRAMP, SOC 2 Type II, ISO 27001, PCI-DSS Level
  • 1, HIPAA, and GDPR across the cloud platform.
  • Drive the EU AI Act compliance programme as it applies to high-risk AI system classifications relevant to
  • Omilia’s deployments in regulated sectors.
  • Produce and maintain the security control evidence pack used in enterprise customer due diligence, RFP
  • responses, and regulatory audits.
  • Act as primary technical liaison with external auditors, QSAs, and penetration testing firms.
  • **AI & Data Security**
  • Define data security controls for voice data processing pipelines, including real-time PCI redaction, voice
  • biometric data storage, and training data anonymisation.
  • Assess security implications of LLM and generative AI integrations (Pathfinder, miniApps, RAG pipelines)
  • and establish guardrails for model input/output security.
  • Own the subprocessor security assessment programme and ensure DPA/Security Exhibit obligations are
  • met across the third-party supply chain.
  • **Security Engineering & Operations**
  • Lead vulnerability management: SAST/DAST integration in CI/CD, container image scanning, CVE triage,
  • patch SLAs.
  • Own incident response for cloud-tier events: detection, containment, eradication, recovery, and post-incident
  • review.
  • Define and operate security monitoring and SIEM coverage for the OCP platform, ensuring audit logs are
  • immutable, queryable, and exportable.
  • Collaborate with engineering on secure SDLC practices, threat modelling for new features, and security
  • review gates in the release process.
  • **Stakeholder Engagement**
  • Support Sales and Customer Success in enterprise security questionnaires, customer security reviews, and
  • contract security exhibit negotiations.
  • Represent cloud security posture to the CISO, CTO, and executive team; translate technical risk into
  • business impact language.
  • Engage with CCaaS platform partners (NICE, Five9, Genesys, RingCentral) on integration security
  • requirements and shared responsibility boundaries.

Requirements

  • 8+ years in information/cloud security, with at least 4 years in a senior individual contributor or leadership role.
  • Deep hands-on AWS security expertise: well-versed in AWS security services, architecture patterns, and shared responsibility model.
  • Demonstrated experience leading or co-leading at least one FedRAMP authorisation (ATO process) or equivalent high-assurance compliance programme.
  • Strong working knowledge of PCI-DSS, SOC 2, ISO 27001, HIPAA, and GDPR as they apply to SaaS/cloud service providers — not just as customer obligations.
  • Experience with Kubernetes security (pod security policies/admission controllers, network policies, secrets management, runtime security).
  • Proven ability to produce board-quality security reporting and present to enterprise customers and auditors.
  • Professional certification: CISSP, CCSP, AWS Security Specialty, or equivalent. CISA is a plus.
  • **Preferred / Differentiating Experience**
  • Prior experience in a conversational AI, CCaaS, or voice/telephony platform company.
  • Familiarity with EU AI Act requirements, NIST AI RMF, or AI-specific security governance frameworks.
  • Experience securing LLM inference pipelines, RAG architectures, or real-time audio processing workloads.
  • Background working with BPO/enterprise contact centre customers with high compliance scrutiny (banking, government, utilities).
  • Exposure to FedRAMP High or IL4/IL5 environments.
Benefits
  • **Benefits**
  • - Fixed compensation;
  • - Long-term employment with the working days vacation;
  • - Development in professional growth (courses, training, etc);
  • - Being part of successful cutting-edge technology products that are making a global impact in the service industry;
  • - Proficient and fun-to-work-with colleagues;
  • - Apple gear
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cloud securityAWS securityKubernetes securityvulnerability managementincident responsedata security controlssecurity monitoringthreat modellingcompliance scanningsecurity architecture
Soft Skills
leadershipstakeholder engagementcommunicationpresentation skillscollaboration
Certifications
CISSPCCSPAWS Security SpecialtyCISA