• Serve as the primary security contact for Sales, Customer Success, Legal/Contracts, Product, and Professional Services — acting as a security advisor embedded in commercial and delivery workflows. • Attend key deal reviews, QBRs, and customer onboarding sessions to provide security context and remove blockers caused by security uncertainty. • Translate cyber security standards and policies into actionable guidance for non-security teams; bridge the gap between the CISO’s policy layer and day-to-day business operations. • Own the security governance framework for Omilia’s AI product features: generative AI tools (Pathfinder, miniApps), LLM integrations, agentic execution pipelines, and voice biometric systems. • Lead the security review process for new AI feature releases, including threat modelling, data handling assessment, and compliance gap analysis (EU AI Act, NIST AI RMF). • Establish and maintain an AI risk register covering model input/output risks, training data provenance, inference security, and human-in-the-loop control adequacy. • Represent Omilia in AI security discussions with enterprise customers and prospects who are subject to AI governance mandates (DORA, EU AI Act, internal AI ethics boards). • Own the security questionnaire process end-to-end: triage, response, evidence pack assembly, and customer sign-off. Target: sub-5-day turnaround for standard RFPs. • Maintain and continuously improve the master security response library, aligned to current certifications (FedRAMP, SOC 2 Type II, ISO 27001, PCI-DSS, HIPAA, GDPR). • Participate in contract security exhibit negotiations, advising Legal on what Omilia can operationally commit to vs. what requires escalation or commercial pushback. • Support customer audits, penetration test disclosure requirements, and on-site/virtual security review sessions. • Drive adherence to Omilia’s internal security policies across business units: data classification, acceptable use, third-party risk, incident reporting obligations. • Run targeted security awareness programmes for non-technical staff, with specific focus on data handling, phishing resilience, and AI tool usage policies. • Identify and escalate systemic non-compliance patterns to the CISO; propose pragmatic remediation plans that do not block business operations. • Maintain the internal security risk register for business-unit-owned risks (as distinct from technical/platform risks owned by Cloud Security). • Manage the security assessment lifecycle for new vendors, subprocessors, and integration partners, ensuring DPA and Security Exhibit obligations flow down appropriately. • Monitor existing subprocessor security posture and flag material changes (e.g., a CCaaS partner changing their cloud provider or incident disclosures). • Support the OEM and reseller channel on security onboarding: ensure partner-side obligations are understood and operationalised.

• Provides cybersecurity guidance for systems development, analysis and design, network design, and security engineering. • Conducts cybersecurity risk assessments of networks and systems. • Conducts cyber threat assessment activities to include research of persistent threats. • Uses classified and unclassified information to create cybersecurity intelligence products and threat assessments for senior leaders. • Develops information security/privacy documentation. • Researches and participates in the selection and management of security support systems. • Supports the development of cybersecurity policies and standard operating procedures. • Participates in compliance and vulnerability assessments for various systems.

• Advising companies on planning, selecting, and implementing secure Microsoft Azure and M365 solutions — tailored to individual requirements • Carrying out Azure migrations, security assessments, and implementing protective measures to secure cloud infrastructures and corporate data • Developing and integrating security policies, technologies, and best practices to strengthen IT security architecture in Azure and M365 environments • Planning and delivering training and workshops for the secure and efficient use of Microsoft cloud services • Continuously optimizing existing Azure and M365 solutions with respect to security, performance, and usability • Designing and implementing secure and efficient Microsoft Azure solutions for businesses

• The Cybersecurity Subject Matter Expert (SME) will be responsible for leading and executing the comprehensive cybersecurity program to protect the Agency’s Enterprise Infrastructure. • The SME will manage all aspects of security compliance, Risk Management Framework (RMF) activities, and vulnerability management to ensure systems maintain their Authority to Operate (ATO) and are compliant with all DoD and Agency policies. • Lead all activities required to maintain current and achieve new ATOs and Authorities to Connect (ATCs) for all Agency systems. • Perform as the System-Level Information System Security Officer (S-ISSO), managing day-to-day security operations. • Direct the vulnerability management program by ensuring all vulnerabilities identified by tools such as ACAS and SCAP are remediated. • Oversee and perform IAVM compliance patching, STIG compliance, and remediation for all IT assets. • Support all internal and external security reviews, including CSSP vulnerability assessments, CORA, IG audits, and penetration testing. • Collaborate with government and development teams on the 'System Security Package.'