Director of Cloud Security

Omilia operates a proprietary, end-to-end conversational AI cloud platform serving enterprise contact

centres in regulated industries including banking, utilities, and telecoms. The platform is cloud-native

on AWS, Kubernetes-orchestrated, multi-tenant and single-tenant, and holds government-grade

certifications including FedRAMP, ISO 27001, SOC 2 Type II, PCI-DSS Level 1, HIPAA, and GDPR.

The Director of Cloud Security will own the security posture of this platform end-to-end: from

infrastructure hardening and threat modelling through to audit evidence production and customer-

facing security assurance.

Key Responsibilities

Cloud Security Ownership

• Define and execute Omilia’s cloud security strategy across all deployment models: multi-tenant SaaS,

exclusive tenant, private cloud, and hybrid.

• Own the AWS security architecture including IAM, VPC design, GuardDuty, Security Hub, CloudTrail, KMS

key management, and secrets management.

• Lead infrastructure hardening programmes using golden image pipelines, CIS Benchmarks, and automated

compliance scanning.

• Ensure network segmentation, tenant data isolation, and zero-trust principles are implemented and

maintained across all environments.

Compliance & Certification Leadership

• Own the annual renewal and continuous readiness of FedRAMP, SOC 2 Type II, ISO 27001, PCI-DSS Level

1, HIPAA, and GDPR across the cloud platform.

• Drive the EU AI Act compliance programme as it applies to high-risk AI system classifications relevant to

Omilia’s deployments in regulated sectors.

• Produce and maintain the security control evidence pack used in enterprise customer due diligence, RFP

responses, and regulatory audits.

• Act as primary technical liaison with external auditors, QSAs, and penetration testing firms.

AI & Data Security

• Define data security controls for voice data processing pipelines, including real-time PCI redaction, voice

biometric data storage, and training data anonymisation.

• Assess security implications of LLM and generative AI integrations (Pathfinder, miniApps, RAG pipelines)

and establish guardrails for model input/output security.

• Own the subprocessor security assessment programme and ensure DPA/Security Exhibit obligations are

met across the third-party supply chain.

Security Engineering & Operations

• Lead vulnerability management: SAST/DAST integration in CI/CD, container image scanning, CVE triage,

patch SLAs.

• Own incident response for cloud-tier events: detection, containment, eradication, recovery, and post-incident

review.

• Define and operate security monitoring and SIEM coverage for the OCP platform, ensuring audit logs are

immutable, queryable, and exportable.

• Collaborate with engineering on secure SDLC practices, threat modelling for new features, and security

review gates in the release process.

Stakeholder Engagement

• Support Sales and Customer Success in enterprise security questionnaires, customer security reviews, and

contract security exhibit negotiations.

• Represent cloud security posture to the CISO, CTO, and executive team; translate technical risk into

business impact language.

• Engage with CCaaS platform partners (NICE, Five9, Genesys, RingCentral) on integration security

requirements and shared responsibility boundaries.

Requirements:
8+ years in information/cloud security, with at least 4 years in a senior individual contributor or leadership

role.

• Deep hands-on AWS security expertise: well-versed in AWS security services, architecture patterns, and

shared responsibility model.

• Demonstrated experience leading or co-leading at least one FedRAMP authorisation (ATO process) or

equivalent high-assurance compliance programme.

• Strong working knowledge of PCI-DSS, SOC 2, ISO 27001, HIPAA, and GDPR as they apply to SaaS/cloud

service providers — not just as customer obligations.

• Experience with Kubernetes security (pod security policies/admission controllers, network policies, secrets

management, runtime security).

• Proven ability to produce board-quality security reporting and present to enterprise customers and auditors.

• Professional certification: CISSP, CCSP, AWS Security Specialty, or equivalent. CISA is a plus.

Preferred / Differentiating Experience

• Prior experience in a conversational AI, CCaaS, or voice/telephony platform company.

• Familiarity with EU AI Act requirements, NIST AI RMF, or AI-specific security governance frameworks.

• Experience securing LLM inference pipelines, RAG architectures, or real-time audio processing workloads.

• Background working with BPO/enterprise contact centre customers with high compliance scrutiny (banking,

government, utilities).

• Exposure to FedRAMP High or IL4/IL5 environments.

Benefits:
Benefits

• Fixed compensation;
• Long-term employment with the working days vacation;
• Development in professional growth (courses, training, etc);
• Being part of successful cutting-edge technology products that are making a global impact in the service industry;
• Proficient and fun-to-work-with colleagues;
• Apple gear

Apply Now to join Omilia and help engineer the future of conversational AI.

Omilia is proud to be an equal opportunity employer and is dedicated to fostering a diverse and inclusive workplace. We believe that embracing diversity in all its forms enriches our workplace and drives our collective success. We are committed to creating an environment where everyone feels welcomed, valued, and empowered to contribute their unique perspectives without regard to factors such as race, color, religion, gender, gender identity or expression, sexual orientation, national origin, heredity, disability, age, or veteran status, all eligible candidates will be given consideration for employment.