Business Information Security Officer

OmiliaCanada2 hours ago

Full-timeOther

Track This Job

Add this job to your tracking list to:

Monitor application status and updates
Change status (Applied, Interview, Offer, etc.)
Add personal notes and comments
Set reminders for follow-ups
Track your entire application journey

Save This Job

Add this job to your saved collection to:

Access easily from your saved jobs dashboard
Review job details later without searching again
Compare with other saved opportunities
Keep a collection of interesting positions
Receive notifications about saved jobs before they expire

AI-Powered Job Summary

Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.

Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.

Omilia's growth trajectory — enterprise contracts with major banks, utilities, telecoms, and government agencies, combined with an expanding AI product surface — is generating security obligations faster than a centralised security team can absorb. The BISO is the security function's embedded representative within the business units: translating cyber standards into operational practice, unblocking commercial initiatives that are stalled on security reviews, and ensuring that Omilia's customer-facing commitments (contractual security exhibits, DPAs, SLAs) are operationally delivered. This role is specifically created to address the growing volume of AI-related security initiatives, customer due diligence requests, and internal cyber standard adoption challenges that currently constrain the business.

Key Responsibilities

Business Unit Security Partnership

Serve as the primary security contact for Sales, Customer Success, Legal/Contracts, Product, and Professional Services — acting as a security advisor embedded in commercial and delivery workflows
Attend key deal reviews, QBRs, and customer onboarding sessions to provide security context and remove blockers caused by security uncertainty
Translate cyber security standards and policies into actionable guidance for non-security teams; bridge the gap between the CISO's policy layer and day-to-day business operations

AI Initiative Security Governance

Own the security governance framework for Omilia's AI product features: generative AI tools (Pathfinder, miniApps), LLM integrations, agentic execution pipelines, and voice biometric systems
Lead the security review process for new AI feature releases, including threat modelling, data handling assessment, and compliance gap analysis (EU AI Act, NIST AI RMF)
Establish and maintain an AI risk register covering model input/output risks, training data provenance, inference security, and human-in-the-loop control adequacy
Represent Omilia in AI security discussions with enterprise customers and prospects who are subject to AI governance mandates (DORA, EU AI Act, internal AI ethics boards)

Customer-Facing Security Assurance

Own the security questionnaire process end-to-end: triage, response, evidence pack assembly, and customer sign-off. Target: sub-5-day turnaround for standard RFPs
Maintain and continuously improve the master security response library, aligned to current certifications (FedRAMP, SOC 2 Type II, ISO 27001, PCI-DSS, HIPAA, GDPR)
Participate in contract security exhibit negotiations, advising Legal on what Omilia can operationally commit to vs. what requires escalation or commercial pushback
Support customer audits, penetration test disclosure requirements, and on-site/virtual security review sessions

Internal Cyber Standard Adherence

Drive adherence to Omilia's internal security policies across business units: data classification, acceptable use, third-party risk, incident reporting obligations
Run targeted security awareness programmes for non-technical staff, with specific focus on data handling, phishing resilience, and AI tool usage policies
Identify and escalate systemic non-compliance patterns to the CISO; propose pragmatic remediation plans that do not block business operations
Maintain the internal security risk register for business-unit-owned risks (as distinct from technical/platform risks owned by Cloud Security)

Third-Party & Partner Risk

Manage the security assessment lifecycle for new vendors, subprocessors, and integration partners, ensuring DPA and Security Exhibit obligations flow down appropriately
Monitor existing subprocessor security posture and flag material changes (e.g., a CCaaS partner changing their cloud provider or incident disclosures)
Support the OEM and reseller channel on security onboarding: ensure partner-side obligations are understood and operationalised

Requirements

6+ years in information security, with at least 2 years in a BISO, security business partner, or GRC-facing role at a SaaS or technology company
Strong working knowledge of PCI-DSS, SOC 2, ISO 27001, HIPAA, and GDPR as they apply to a cloud service provider selling to regulated enterprise customers
Experience managing enterprise security questionnaires and RFP security sections at volume — ideally for deals with banks, insurers, utilities, or government buyers
Demonstrated ability to work across commercial, legal, and technical functions without formal authority; strong stakeholder management and influencing skills
Familiarity with AI governance frameworks: EU AI Act (basic awareness of high-risk classification), NIST AI RMF, or internal AI ethics/risk policies
Strong written communication: able to produce clear, accurate security responses for both technical and non-technical audiences
Professional certification: CISM, CRISC, CISA, or CISSP. ISO 27001 Lead Implementer/Auditor is a plus

Preferred / Differentiating Experience

Prior experience in conversational AI, CCaaS, UCaaS, or a voice/telephony SaaS platform
Exposure to FedRAMP-authorised environments and US federal/SLED customer security requirements
Background supporting DORA compliance (Digital Operational Resilience Act) for financial sector customers
Experience building or scaling a security evidence library / trust centre (e.g., Vanta, Drata, SecurityScorecard)
Multilingual capability is a plus given Omilia's international customer base (EU, US, APAC, LATAM)

What Success Looks Like (Year 1)

Security questionnaire backlog cleared and average turnaround time below 5 business days
AI risk register live and reviewed quarterly, covering all production AI features
Internal security policy adherence programme launched across Sales, PS, and Customer Success teams
No material security-related deal blockers attributable to slow response or unclear position on AI security
At least two enterprise customer security reviews completed with documented sign-off

Benefits

Fixed compensation;
Long-term employment with the working days vacation;
Development in professional growth (courses, training, etc);
Being part of successful cutting-edge technology products that are making a global impact in the service industry;
Proficient and fun-to-work-with colleagues;
Apple gear

Omilia is proud to be an equal opportunity employer and is dedicated to fostering a diverse and inclusive workplace. We believe that embracing diversity in all its forms enriches our workplace and drives our collective success. We are committed to creating an environment where everyone feels welcomed, valued, and empowered to contribute their unique perspectives without regard to factors such as race, color, religion, gender, gender identity or expression, sexual orientation, national origin, heredity, disability, age, or veteran status, all eligible candidates will be given consideration for employment.

Key Skills

Ranked by relevance

Ready to apply?

Join Omilia and take your career to the next level!

Application takes less than 5 minutes

Apply