Security Compliance Lead Location: Ottawa/Toronto, On-Site Reports to: Head of Security The role In this role, you'll lead our CPCSC certification program from the ground up — owning the controls register, evidence collection, and assessor relationship to drive us through Level 1 and Level 2 audit readiness. Beyond certification, you'll build out third-party risk assessments, manage the Controlled Goods Program and export-control obligations, oversee security flow-downs on federal/defence contracts, and run the company's security awareness training and policy governance. What you'll own CPCSC & the controls program (the first big rock) Run the ITSP.10.171 controls program day to day: controls register, control owners, evidence collection, gap remediation, and audit readiness. Partner with the Head of Security to drive certification — Level 1, then Level 2 — and keep us there once we land it. Own the assessor relationship and the audit cycle end to end. Third-party & supply-chain risk Stand up and run third-party risk assessments: vendor/supplier security due diligence, scoring, the risk register, and ongoing monitoring. Push security requirement flow-downs to suppliers, subcontractors, and teaming partners, and verify they hold. Controlled Goods & export controls Own the Controlled Goods Program: registration, the security plan, Designated Official / Authorized Individual structure, visitor and access controls, and ongoing reporting. Handle export-control obligations (EIPA, ITAR/EAR adjacency) as they come into scope. Government & defence contract security Manage security flow-downs and contractual security obligations on federal and defence work. Run personnel security and clearance administration, and own how controlled and classified information is handled across the company. Security awareness & training Build and run the security awareness program — role-based training, secure onboarding/offboarding — and track completion as control evidence. Policy & governance Own the security policy suite (acceptable use, access/identity, logging, endpoint/workstation, and the rest), keep it mapped to controls, and turn tribal knowledge into a maintained, assessor-defensible body of work. Note on legal: this role handles the security requirements inside contracts (flow-downs, clearance/CG obligations, controlled-info terms). Commercial, corporate, and IP legal sits with Legal / outside counsel — you partner with them, you don't carry it. First 6–12 months (what good looks like) A credible, evidenced path to CPCSC certification underway — controls program owned, mapped, and audit-ready. A working third-party risk process: vendors assessed, scored, and tracked, with flow-downs enforced on new agreements. Controlled Goods and clearance/onboarding baked into how we operate, with clean controlled-information handling. A real, maintained policy suite and security handbook where today there's tribal knowledge. A live security awareness/training program with evidence to back it. Must-haves Hands-on building or running a security compliance program — CPCSC, CMMC, ISO 27001, NIST SP 800-171, controlled goods, or a directly comparable regulatory/security regime. Fluency in a controls framework (ITSP.10.171, NIST SP 800-171/CMMC, or ISO 27001) — you can read a control, design evidence for it, and defend it to an assessor. Third-party / supply-chain risk experience. Builder's temperament: you'd rather stand up the function than inherit a mature one, and you're fine with ambiguity. No defence background required.

We've hired people who didn't tick every box. If this is the work you want to do, please apply anyway. Why Join Us Building something meaningful starts with the right people. At Dominion Dynamics, you’ll: Shape Canada’s future by building real defence capability for the CAF and our allies. Make decisions that ship in a high-trust environment with short feedback loops and rapid iteration. Move fast, field faster, and work directly with the operator — our systems are in the field with the CAF now. Have an impact from day one with equity, responsibility, and direct access to leadership. If you’re curious, hands-on, and driven by the opportunity to make a difference, this is where you belong! Compensation & Benefits Competitive base salary and company equity Comprehensive health benefits Additional equity granted based on impact

We use AI tools to support parts of the hiring process, including screening and reviewing responses. Final hiring decisions are always made by people and follow all applicable privacy and employment laws in Canada.