Security Compliance Lead
Location: Ottawa/Toronto, On-Site
Reports to: Head of Security
In this role, you'll lead our CPCSC certification program from the ground up — owning the controls register, evidence collection, and assessor relationship to drive us through Level 1 and Level 2 audit readiness. Beyond certification, you'll build out third-party risk assessments, manage the Controlled Goods Program and export-control obligations, oversee security flow-downs on federal/defence contracts, and run the company's security awareness training and policy governance.
Own the ITSP.10.171 controls program day to day — controls register, control owners, evidence collection, gap remediation, and audit readiness.
Drive CPCSC certification through Level 1 and Level 2 with the Head of Security; own the assessor relationship and audit cycle end to end.
Build and run third-party risk assessments — vendor and supplier due diligence, scoring, and ongoing monitoring; enforce security flow-downs on supplier agreements.
Own the Controlled Goods Program: registration, security plan, Designated Official and Authorized Individual structure, visitor controls, and ongoing reporting.
Handle export-control obligations (EIPA, ITAR/EAR adjacency) as they come into scope.
Manage security flow-downs and contractual obligations on federal and defence contracts; run personnel security and clearance administration.
Build and run the security awareness and training program — role-based training, secure onboarding and offboarding — and track completion as control evidence.
Own the security policy suite, keep it mapped to controls, and turn tribal knowledge into a maintained, assessor-defensible governance body.
Note on legal: this role handles the security requirements inside contracts (flow-downs, clearance/CG obligations, controlled-info terms). Commercial, corporate, and IP legal sits with Legal / outside counsel — you partner with them, you don't carry it.
A credible, evidenced path to CPCSC certification underway — controls program owned, mapped, and audit-ready.
A working third-party risk process: vendors assessed, scored, and tracked, with flow-downs enforced on new agreements.
Controlled Goods and clearance/onboarding baked into how we operate, with clean controlled-information handling.
A real, maintained policy suite and security handbook where today there's tribal knowledge.
A live security awareness/training program with evidence to back it.
Hands-on experience building or running a security compliance program against a recognized framework — CPCSC, CMMC, ISO 27001, NIST SP 800-171, Controlled Goods, or comparable.
Fluency in at least one controls framework (ITSP.10.171, NIST SP 800-171/CMMC, or ISO 27001): can map controls, design evidence, and defend findings to an assessor.
Third-party and supply-chain risk management experience.
Builder's mindset — comfortable standing up a function from scratch, with ambiguity as the starting condition.
No defence background required.
We've hired people who didn't tick every box. If this is the work you want to do, please apply anyway.
Building something meaningful starts with the right people. At Dominion Dynamics, you’ll:
Shape Canada’s future by building real defence capability for the CAF and our allies.
Make decisions that ship in a high-trust environment with short feedback loops and rapid iteration.
Move fast, field faster, and work directly with the operator — our systems are in the field with the CAF now.
Have an impact from day one with equity, responsibility, and direct access to leadership.
If you’re curious, hands-on, and driven by the opportunity to make a difference, this is where you belong!
Competitive base salary and company equity
Comprehensive health benefits
Additional equity granted based on impact
We use AI tools to support parts of the hiring process, including screening and reviewing responses. Final hiring decisions are always made by people and follow all applicable privacy and employment laws in Canada.
