Business Information Security Officer
Omilia
Posted: March 17, 2026
Interested in this position?
Create a free account to apply with AI-powered matching
Quick Summary
Omilia’s growth trajectory — enterprise contracts with major banks, utilities, telecoms, and government agencies, combined with an expanding AI product surface — is generating security obligations faster than a centralised security team can absorb. The BISO is the security function’s embedded representative within the business units: translating cyber standards into operational practice, unblocking commercial initiatives that are stalled on security reviews, and ensuring that Omilia’s customer-facing commitments (contractual security exhibits, DPAs, SLAs) are operationally delivered. This role involves translating cyber standards into operational practice, unblocking commercial initiatives, and ensuring customer commitments are delivered.
Required Skills
Job Description
Omilia’s growth trajectory — enterprise contracts with major banks, utilities, telecoms, and government agencies, combined with an expanding AI product surface — is generating security obligations faster than a centralised security team can absorb. The BISO is the security function’s embedded representative within the business units: translating cyber standards into operational practice, unblocking commercial initiatives that are stalled on security reviews, and ensuring that Omilia’s customer-facing commitments (contractual security exhibits, DPAs, SLAs) are operationally delivered. This role is specifically created to address the growing volume of AI-related security initiatives, customer due diligence requests, and internal cyber standard adoption challenges that currently constrain the business.
Key Responsibilities
Business Unit Security Partnership
• Serve as the primary security contact for Sales, Customer Success, Legal/Contracts, Product, and Professional Services — acting as a security advisor embedded in commercial and delivery workflows.
• Attend key deal reviews, QBRs, and customer onboarding sessions to provide security context and remove blockers caused by security uncertainty.
• Translate cyber security standards and policies into actionable guidance for non-security teams; bridge the gap between the CISO’s policy layer and day-to-day business operations.
AI Initiative Security Governance
• Own the security governance framework for Omilia’s AI product features: generative AI tools (Pathfinder, miniApps), LLM integrations, agentic execution pipelines, and voice biometric systems.
• Lead the security review process for new AI feature releases, including threat modelling, data handling assessment, and compliance gap analysis (EU AI Act, NIST AI RMF).
• Establish and maintain an AI risk register covering model input/output risks, training data provenance, inference security, and human-in-the-loop control adequacy.
• Represent Omilia in AI security discussions with enterprise customers and prospects who are subject to AI governance mandates (DORA, EU AI Act, internal AI ethics boards).
Customer-Facing Security Assurance
• Own the security questionnaire process end-to-end: triage, response, evidence pack assembly, and customer sign-off. Target: sub-5-day turnaround for standard RFPs.
• Maintain and continuously improve the master security response library, aligned to current certifications (FedRAMP, SOC 2 Type II, ISO 27001, PCI-DSS, HIPAA, GDPR).
• Participate in contract security exhibit negotiations, advising Legal on what Omilia can operationally commit to vs. what requires escalation or commercial pushback.
• Support customer audits, penetration test disclosure requirements, and on-site/virtual security review sessions.
Internal Cyber Standard Adherence
• Drive adherence to Omilia’s internal security policies across business units: data classification, acceptable use, third-party risk, incident reporting obligations.
• Run targeted security awareness programmes for non-technical staff, with specific focus on data handling, phishing resilience, and AI tool usage policies.
• Identify and escalate systemic non-compliance patterns to the CISO; propose pragmatic remediation plans that do not block business operations.
• Maintain the internal security risk register for business-unit-owned risks (as distinct from technical/platform risks owned by Cloud Security).
Third-Party & Partner Risk
• Manage the security assessment lifecycle for new vendors, subprocessors, and integration partners, ensuring DPA and Security Exhibit obligations flow down appropriately.
• Monitor existing subprocessor security posture and flag material changes (e.g., a CCaaS partner changing their cloud provider or incident disclosures).
• Support the OEM and reseller channel on security onboarding: ensure partner-side obligations are understood and operationalised.
Requirements:
• 6+ years in information security, with at least 2 years in a BISO, security business partner, or GRC-facing role at a SaaS or technology company.
• Strong working knowledge of PCI-DSS, SOC 2, ISO 27001, HIPAA, and GDPR as they apply to a cloud service provider selling to regulated enterprise customers.
• Experience managing enterprise security questionnaires and RFP security sections at volume — ideally for deals with banks, insurers, utilities, or government buyers.
• Demonstrated ability to work across commercial, legal, and technical functions without formal authority; strong stakeholder management and influencing skills.
• Familiarity with AI governance frameworks: EU AI Act (basic awareness of high-risk classification), NIST AI RMF, or internal AI ethics/risk policies.
• Strong written communication: able to produce clear, accurate security responses for both technical and non-technical audiences.
• Professional certification: CISM, CRISC, CISA, or CISSP. ISO 27001 Lead Implementer/Auditor is a plus.
Preferred / Differentiating Experience
• Prior experience in conversational AI, CCaaS, UCaaS, or a voice/telephony SaaS platform.
• Exposure to FedRAMP-authorised environments and US federal/SLED customer security requirements.
• Background supporting DORA compliance (Digital Operational Resilience Act) for financial sector customers.
• Experience building or scaling a security evidence library / trust centre (e.g., Vanta, Drata, SecurityScorecard).
• Multilingual capability is a plus given Omilia’s international customer base (EU, US, APAC, LATAM).
What Success Looks Like (Year 1)
• Security questionnaire backlog cleared and average turnaround time below 5 business days.
• AI risk register live and reviewed quarterly, covering all production AI features.
• Internal security policy adherence programme launched across Sales, PS, and Customer Success teams.
• No material security-related deal blockers attributable to slow response or unclear position on AI security.
• At least two enterprise customer security reviews completed with documented sign-off.
Benefits:
• Fixed compensation;
• Long-term employment with the working days vacation;
• Development in professional growth (courses, training, etc);
• Being part of successful cutting-edge technology products that are making a global impact in the service industry;
• Proficient and fun-to-work-with colleagues;
• Apple gear.
Omilia is proud to be an equal opportunity employer and is dedicated to fostering a diverse and inclusive workplace. We believe that embracing diversity in all its forms enriches our workplace and drives our collective success. We are committed to creating an environment where everyone feels welcomed, valued, and empowered to contribute their unique perspectives without regard to factors such as race, color, religion, gender, gender identity or expression, sexual orientation, national origin, heredity, disability, age, or veteran status, all eligible candidates will be given consideration for employment.