Security Compliance Lead
Security Compliance Lead
Location:
Ottawa/Toronto, On‑Site
Reports to:
Head of Security
In this role, you'll lead our CPCSC certification program from the ground up — owning the controls register, evidence collection, and assessor relationship to drive us through Level1 and Level2 audit readiness. Beyond certification, you'll build out third‑party risk assessments, manage the Controlled Goods Program and export‑control obligations, oversee security flow‑downs on federal/defence contracts, and run the company's security awareness training and policy governance.
WhatYou'll Own
- Own the ITSP.
10.171 controls program day to day — controls register, control owners, evidence collection, gap remediation, and audit readiness. - Drive CPCSC certification through Level1 and Level2 with the Head of Security; own the assessor relationship and audit cycle end to end.
- Build and run third‑party risk assessments — vendor and supplier due diligence, scoring, and ongoing monitoring; enforce security flow‑downs on supplier agreements.
- Own the Controlled Goods Program: registration, security plan, Designated Official and Authorized Individual structure, visitor controls, and ongoing reporting.
- Handle export‑control obligations (EIPA, ITAR/EAR adjacency) as they come into scope.
- Manage security flow‑downs and contractual obligations on federal and defence contracts; run personnel security and clearance administration.
- Build and run the security awareness and training program — role‑based training, secure onboarding and off‑boarding — and track completion as control evidence.
- Own the security policy suite, keep it mapped to controls, and turn tribal knowledge into a maintained, assessor‑defensible governance body.
Note on legal: this role handles the security requirements inside contracts (flow‑downs, clearance/CG obligations, controlled‑info terms). Commercial, corporate, and IP legal sits with Legal/outside counsel — you partner with them, you don’t carry it.
First 6–12 Months- A credible, evidenced path to CPCSC certification underway — controls program owned, mapped, and audit‑ready.
- A working third‑party risk process: vendors assessed, scored, and tracked, with flow‑downs enforced on new agreements.
- Controlled Goods and clearance/onboarding baked into how we operate, with clean controlled‑information handling.
- A real, maintained policy suite and security handbook where today there’s tribal knowledge.
- A live security awareness/training program with evidence to back it.
- Hands‑on experience building or running a security compliance program against a recognized framework — CPCSC, CMMC, ISO
27001, NISTSP
800‑171, Controlled Goods, or comparable. - Fluency in at least one controls framework (ITSP.
10.171, NISTSP
800‑171/CMMC, or ISO
27001): can map controls, design evidence, and defend findings to an assessor. - Third‑party and supply‑chain risk management experience.
- Builder's mindset — comfortable standing up a function from scratch, with ambiguity as the starting condition.
- No defence background required.
We’ve hired people who didn’t tick every box. If this is the work you want to do, please apply anyway.
Why Join UsBuilding something meaningful starts with the right people. At Dominion Dynamics, you’ll:
- Shape Canada’s future by building real defence capability for the CAF and our allies.
- Make decisions that ship in a high‑trust environment with short feedback loops and rapid iteration.
- Move fast, field faster, and work directly with the operator — our systems are in the field with the CAF now.
- Have an impact from day one with equity, responsibility, and direct access to leadership.
- Competitive base salary and company equity
- Comprehensive health benefits
- Additional equity granted based on impact
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: