• Design, implement, and maintain security gates within CI/CD pipelines • Explore and deploy AI-powered security tools to enhance vulnerability detection and automate triage • Conduct regular internal penetration tests on web, mobile, and AI-based applications • Coordinate with external security firms for third-party audits and manage the end-to-end remediation process • Conduct security reviews and threat modeling specifically for AI-driven features • Lead threat modeling sessions with architects and developers to identify potential attack vectors • Perform regular security assessments, triage findings, and coordinate with engineering teams to prioritize remediation • Establish guidelines and best practices for the secure use of AI coding assistants • Conduct manual and automated deep-dive code reviews • Act as a security consultant for product teams, providing guidance on OWASP Top 10 and secure coding standards • Periodically monitor high-level availability and performance dashboards

• Develop and implement GRC Strategy: Create, author, develop and implement a comprehensive GRC strategy, which includes policies, procedures, and security requirements that aligns with industry best practices and regulatory requirements. • Deploy, maintain and continuously develop a proprietary control framework that is consistent with the organization’s compliance requirements and needs. • Support in conducting risk and control assessments, and identify, evaluate, and prioritize potential threats and vulnerabilities. • Author and conceptualize original risk mitigation plans and corrective actions to address risks effectively. • Collaborate with Product teams to ensure "Compliance-by-Design," providing requirements and highlighting security risks during the discovery phase of new features and improvements. • Ensure Regulatory and Industry Standards Compliance: Stay abreast of relevant laws, regulations, security frameworks and industry standards (e.g. GDPR, ISO 27001, NIS2, SOC 2,...), and work towards ensuring the organization’s compliance with them. • Promote awareness of applicable laws and regulations towards employees and upper management. • Conduct regular audits and assessments to monitor compliance and identify areas of improvement. • Be an active participant in third party audits, including leading them to support IT Security needs. • Support Business Processes: Perform deep-dive analysis and author technical responses for security questionnaires, translating complex internal security controls into customized client-facing documentation. • Review and provide expert analysis of security clauses in contracts, drafting customized security requirements for clients and suppliers. • Participate in clients meetings to address cybersecurity concerns and requirements, Conduct and document security reviews of SaaS applications, producing original risk assessment reports and designing mitigation recommendations. • Building and maintaining a Security Trust Center or similar customer-facing resources. • Provide Strategic Guidance: Become one of the main points of contact for senior management on GRC matters, and create strategic advisory materials/models detailing the impact of GRC initiatives on business decisions. • Develop and maintain strong relationships with key stakeholders across the organization. • Ensure Functional Supervision Provide expert guidance and alignment for the GRC team; act as the technical mentor and "quality gatekeeper" for key deliverables, including security awareness program and third-party risk assessments. • Deliver IT Security Reporting: Develop, support and maintain key performance indicators (KPI) for the Security function. Gather, analyze and report on security metrics and compliance status. Prepare and design customized presentations and reports to senior management on the status of the IT Security program, including key risks, threats, and vulnerabilities. • Implement AI-Powered GRC Operations: Lead the practical adoption of Generative AI tools (LLMs, AI Agents) to automate evidence collection, draft security policies, and summarize regulatory changes, significantly increasing team efficiency.

Provide expert advice on data protection, manage inbound queries, support compliance activities, and draft information sharing arrangements to ensure effective information governance and risk management across the organization.

Title: Director, Industrial Security Location: Remote, CAN Job Description: Job Title: Director, Industrial Security Job Location: Remote, CAN Job Code: 35839 Job Schedule: Day Shift Compensation Range: Between $173,500 - $243,500 CDN annually We are seeking an experienced, self-starting and adaptable security specialist to oversee and coordinate security efforts across Canada, including convergence with information technology, human resources, communications, legal, facilities management and other functional and support organizations. Develop, mentor and guide security representatives to maintain a cost-effective program to meet and exceed all customer requirements to include, Canadian Government and Corporate policies and directives as applicable. This role will act as the Corporate Company Security Officer (CCSO) for the group and divisions, under Industrial Security Policy for all L3Harris business units in Canada. Senior L3Harris point of contact for Government Relations with PWGSC Industrial Security; classified/protected contracts, domestic/international About you: To be successful in this role and to best leverage the opportunities provided by L3Harris, some skills & experience ideal applicants will bring include; - Experience in a Senior Security position within a defense or government organization involving classified programs - Oversight and implementation of Industrial Security Regulations, Controlled Goods Program, ITAR, and regulatory frameworks - Strong crisis management, risk assessment, and stakeholder engagement skills - Information Security experience and membership of Government / Industry Associations is highly desirable. - Must also have experience in working with but not limited to: Foreign Government information, emergency management, policy development, counterintelligence and investigations, and risk analysis - Highly developed policy development and implementation capabilities - Successful history in similarly fast-paced and complex technical environments - Self-starting, inquisitive, highly driven individuals, with good business acumen and an eye for practical outcomes, are best suited to the performance profile of this role. - Availability to travel. Domestic and international travel may be required (10-15%). Qualifications: - Bachelor’s Degree with a minimum of 15 years of security related experience in Government or industry and five years of management experience involving classified programs. Graduate Degree with a minimum of 13 years of prior related experience. In lieu of a degree, minimum of 19 years of prior related experience. Government security specific qualifications within security, risk management and personnel security management are also highly desired. - Experience in Government and/or industrial security programs as a Chief Security Officer (CSO), Associate CSO, and COMSEC Custodian. - Comprehensive and practical understanding of the Industrial Security Regulations, Controlled Goods Program, ITAR and regulatory frameworks. - This position also requires access to and experience with the various Canadian intelligence agencies, and other provincial, state, and local security, investigative, and law enforcement. Preferred Additional Skills: - Familiarity with global defense prime contractors - Qualifications in Security, Risk, Cybersecurity, or Defense Studies - Experience integrating physical security strategies - The candidate must also possess strong communications skills, written, verbal and interpersonal. Eligibility Criteria: - Must be eligible for registration with the Controlled Goods Program; - Must be eligible to obtain and maintain a government of Canada Secret Level 2/NATO Secret security clearance; - Must be eligible to meet the requirements for U.S. International Traffic in Arms Regulations (ITAR). L3Harris is proud to be an equal opportunity employer and is committed to treating all of its employees and job applicants with respect and dignity and to maintaining a workplace free from discrimination. Anyone applying for a position will be considered without regard to the following: race, national or ethnic origin, colour, religion, age, nationality, ancestry, ethnicity, gender, sex, sexual orientation, gender identity or expression, marital status, family status, genetic characteristics, disability, citizenship status, or conviction for an offence for which a pardon has been granted or in respect of which a record suspension has been ordered, or any other characteristic that is protected by applicable human rights legislation. L3Harris maintains a drug-free workplace and conducts pre-employment drug and alcohol testing and background checks, in accordance with applicable law. Such results are only accessible and viewed by individuals at L3Harris who have direct responsibility in the hiring process. If you fail to report for a drug and alcohol test, refuse to undergo such test or test positive for the presence of drugs or alcohol, the hiring process may be concluded or your offer of employment may be rescinded, in L3Harris’ sole discretion.