• Support the InfoSec GRC Lead in operating and improving the organization’s governance, risk, and compliance program • Review client MSAs and related security requirements • Support internal and client audits • Drive risk and exception management workflows • Support supplier/third-party security reviews • Maintain documentation and evidence for ISO/IEC 27001 & ISO/IEC 42001 • Support continual improvement activities • Extract and document security requirements from client MSAs • Identify gaps and risks; coordinate with Legal and Privacy teams • Collect evidence for audit requests; ensure traceability between requirements, controls, and evidence • Maintain risk registers and support exception workflows • Assess third-party security submissions; track supplier risk ratings and remediation actions • Map regulatory requirements (HIPAA, GDPR, APPI) to internal controls • Produce operational reports on audit status/risk metrics • Contribute to process improvements

• Reports to Offensive Security Manager • Grow penetration testing practice • Propose and take ownership of internal project initiatives • Conduct debrief reviews with clients • Lead client debrief calls for standard engagements

• Serve as the primary security contact for Sales, Customer Success, Legal/Contracts, Product, and Professional Services — acting as a security advisor embedded in commercial and delivery workflows. • Attend key deal reviews, QBRs, and customer onboarding sessions to provide security context and remove blockers caused by security uncertainty. • Translate cyber security standards and policies into actionable guidance for non-security teams; bridge the gap between the CISO’s policy layer and day-to-day business operations. • Own the security governance framework for Omilia’s AI product features: generative AI tools (Pathfinder, miniApps), LLM integrations, agentic execution pipelines, and voice biometric systems. • Lead the security review process for new AI feature releases, including threat modelling, data handling assessment, and compliance gap analysis (EU AI Act, NIST AI RMF). • Establish and maintain an AI risk register covering model input/output risks, training data provenance, inference security, and human-in-the-loop control adequacy. • Represent Omilia in AI security discussions with enterprise customers and prospects who are subject to AI governance mandates (DORA, EU AI Act, internal AI ethics boards). • Own the security questionnaire process end-to-end: triage, response, evidence pack assembly, and customer sign-off. Target: sub-5-day turnaround for standard RFPs. • Maintain and continuously improve the master security response library, aligned to current certifications (FedRAMP, SOC 2 Type II, ISO 27001, PCI-DSS, HIPAA, GDPR). • Participate in contract security exhibit negotiations, advising Legal on what Omilia can operationally commit to vs. what requires escalation or commercial pushback. • Support customer audits, penetration test disclosure requirements, and on-site/virtual security review sessions. • Drive adherence to Omilia’s internal security policies across business units: data classification, acceptable use, third-party risk, incident reporting obligations. • Run targeted security awareness programmes for non-technical staff, with specific focus on data handling, phishing resilience, and AI tool usage policies. • Identify and escalate systemic non-compliance patterns to the CISO; propose pragmatic remediation plans that do not block business operations. • Maintain the internal security risk register for business-unit-owned risks (as distinct from technical/platform risks owned by Cloud Security). • Manage the security assessment lifecycle for new vendors, subprocessors, and integration partners, ensuring DPA and Security Exhibit obligations flow down appropriately. • Monitor existing subprocessor security posture and flag material changes (e.g., a CCaaS partner changing their cloud provider or incident disclosures). • Support the OEM and reseller channel on security onboarding: ensure partner-side obligations are understood and operationalised.

• Provides cybersecurity guidance for systems development, analysis and design, network design, and security engineering. • Conducts cybersecurity risk assessments of networks and systems. • Conducts cyber threat assessment activities to include research of persistent threats. • Uses classified and unclassified information to create cybersecurity intelligence products and threat assessments for senior leaders. • Develops information security/privacy documentation. • Researches and participates in the selection and management of security support systems. • Supports the development of cybersecurity policies and standard operating procedures. • Participates in compliance and vulnerability assessments for various systems.