Description:

Job Description:
Honeywell is hiring for a General Counsel, Cyber Security & Government Contracts to lead the cybersecurity/government contracts legal practice across the Honeywell Technologies business. This role is the enterprise's principal legal advisor on cybersecurity risk, product security, government contracts, incident response, and security regulatory compliance, providing strategic counsel across business segments and corporate functions.

The position carries both strategic and operational weight: shaping enterprise policy while managing day-to-day legal risk where a single compliance failure can trigger regulatory enforcement, loss of customer trust, or disruption to business operations. The role partners closely with the CISO, CTO, engineering, IT, product security, and commercial teams to embed legal and compliance considerations into product development, incident response, and business operations and advises on U.S. government contract regulations (FAR/DFARS/DPAS/domestic sourcing requirements), contract negotiations, risk management, and compliance.

This position operates at an executive level in the Law Department with significant influence on legal and business strategy and has a Government Contracts Analyst reporting to it.

You will report directly to our VP & GC Data Privacy with a matrix report to the VP & GC Regulatory and Legal Transformation and you'll work out of our Charlotte, NC location on a hybrid work schedule.

Why This Role Matters
Cybersecurity threats and data governance obligations are growing in complexity and consequence across Honeywell Technologies' global operations. From coordinated vulnerability disclosure and product security to SEC cyber incident reporting, this role ensures Honeywell meets its legal obligations while enabling the business to operate at speed. It also protects revenue and mission-critical customer relationships by ensuring compliant performance under FAR/DFARS and related government contract requirements, reducing the risk of audits, claims, bid protests, or loss of eligibility to compete.

Responsibilities:
Key Responsibilities:

Cybersecurity Legal

Serve as a standing member of the Cybersecurity Incident Response Team, coordinating legal risk management, privilege strategy, regulatory assessment, and communications during cyber incidents.
Advise the CISO and cybersecurity team on legal requirements for incident detection, response, notification, and remediation, including mandatory reporting timelines under federal, state, and international breach notification laws.
Counsel on secure product development, coordinated vulnerability disclosure (PSIRT), and regulatory readiness across the product lifecycle, including compliance with the EU Cyber Resilience Act (CRA) and NIS2 Directive.
Partner with GRC on maintaining Honeywell's information security management system, policies, certifications, and customer-facing assurances in light of legal and contractual obligations, including ISO 27001, SOC 2, and technical and organizational measures incorporated into data processing agreements.
Structure and negotiate information security terms in agreements with customers, suppliers, and commercial partners and support security terms, due diligence and integrations in M & A.
Monitor and interpret emerging cybersecurity and legislation affecting government contracting at the federal, state, and international level.
Own the legal dimensions of CMMC, NIST SP 800-171/800-53 compliance, and DFARS 252.204-7012 obligations for controlled unclassified information (CUI).

Government Contracts Legal

Advise business and legal stakeholders on U.S. government contract compliance, including FAR, DFARS, DPAS, domestic preference requirements (including BAA, TAA, BABA, FTA BA), and related government contracting obligations.
Develop, maintain, and enhance government contract compliance policies, procedures, tools, and guidance to support compliance program, business operations, and risk management.
Monitor and assess regulatory developments, including FAR/DFARS updates, proposed DFARS rules, FASCSA prohibitions, and other emerging U.S. government compliance requirements.
Lead legal oversight of government contract compliance, including supplier/product screening (e.g., domestic preference, FASCSA, NDAA 889) and approval of representations, certifications, and contract requirements.
Drive enterprise compliance processes and governance, including automation (e.g., iValua), KPI/KRI reporting, audits and site risk assessments, SAM.gov/CAGE maintenance, and continuous improvement initiatives.
Serve as a strategic legal partner by delivering training and guidance, supporting investigations and remediation, and coordinating with cross‑functional stakeholders and outside counsel to advance compliance strategy.

Critical Skills:

Established expertise in cybersecurity law and government contracts law with demonstrated ability to influence senior leadership.
Deep working knowledge of NIST SP 800-171/800-53, CMMC, DFARS 252.204-7012 and related safeguarding requirements, SEC cybersecurity disclosure rules, NIS2, the EU Cyber Resilience Act, and the EU Data Act.
Proficiency partnering with technical teams on security architecture, vulnerability management, incident response, and product security.
Incident response and regulatory engagement experience, including breach notifications, investigations, and interactions with regulators globally.
Deep knowledge of FAR, DFARS, DPAS, domestic preference requirements (BAA, TAA, BABA, FTA BA), reps/certs, and related U.S. government contracting obligations.
Strong ability to counsel business, sourcing, export, cybersecurity, audit, and legal stakeholders on government contracts compliance requirements and drive practical implementation of FAR, DFARS, DPAS, domestic preference, reps/certs, and related obligations.
Experience developing and enhancing government contracts compliance policies, procedures, tools, controls, and training programs to support regulatory implementation, strengthen compliance infrastructure, and improve organizational readiness.
Strong contracting and drafting capability for cybersecurity and government contracts, including prime contracts, subcontracts, teaming agreements, security addenda, audit rights, and flow-down clauses.
Working knowledge of government contractor compliance and audit frameworks (e.g., ethics and mandatory disclosure considerations, investigations, Inspector General inquiries, and DCAA/DCMA touchpoints).
Practical understanding of cost allowability and pricing concepts common in federal contracting (e.g., allowability/allocability/reasonableness principles).
Excellent judgment, prioritization, and stakeholder management in fast-moving, cross-functional environments (legal, compliance, security, engineering, supply chain, and commercial teams).

Qualifications:
You must have:

10+ years of relevant legal experience, including significant experience advising on cybersecurity and government contracts matters.
J.D. (or equivalent) and admitted to practice law in a jurisdiction in the United States.
Demonstrated ability to synthesize complex issues quickly and communicate clearly to technical and non-technical audiences.
Proven subject matter expertise in cybersecurity and government contracts law management.

We value:

Prior in-house legal experience in regulated or industrial sectors.
Prior government experience (e.g., DOJ, FTC, SEC, DOD, Commerce Department, CISA).
Experience with global cybersecurity and government contracts regulatory regimes, including the EU Data Act, NIS2, CRA, the FAR, the DFARS, DPAS, domestic preference requirements (BAA, TAA, BABA, FTA BA), CMMC, and GDPR.
Experience in crisis management, including ransomware attacks and coordinated incident response.
Investigation, litigation, and regulatory compliance experience (e.g., sanctions, export controls, government contracts).
Strong, independent leadership and the ability to set strategic direction and execute in a matrixed organization.