Cyber GRC Manager

Sirius.

Cyber GRC Manager (PV Cleared) — Canberra (On-site 5 days per week) | Permanent

Want to lead Authority to Operate (ATO) outcomes and lift cyber maturity in an environment where security actually matters? Would you like to grow a team of 4 GRC Analysts to 7 and be part of a growing workplace?

We are partnering with a highly regarded organisation in the Government & Defence sector to recruit a Cyber GRC Manager in Canberra. This is a permanent, on-site role working closely with senior cyber leadership, driving governance, risk, compliance and security authorisation across complex systems.

Why you’ll want this role

  • High-impact work: Own and lead security authorisation activities supporting Government ATO processes.
  • Leadership & influence: Report into senior cyber leadership and guide a dedicated GRC function (direct report included).
  • Maturity uplift focus: Drive implementation and continuous improvement aligned to Government security frameworks.
  • Variety: Influence greenfield initiatives and modernisation of legacy systems.
  • Growth: Strong emphasis on mentoring and self-directed learning in a small, capable cyber team.
  • Permanent opportunity: Long-term stability in a highly regulated environment.

The role (what you’ll be doing) You’ll lead the organisation’s cyber governance, risk and compliance posture by:

  • Owning security authorisation documentation (e.g., System Security Plans, Security Risk Management Plans, Cyber Incident Response Plans) for ATO.
  • Leading implementation and uplift across frameworks/standards such as ISM, PSPF, ASD Essential Eight, NIST (and similar).
  • Running and leading cyber security risk assessments, with pragmatic risk treatment strategies.
  • Acting as a trusted SME across stakeholders with varying technical depth, including executive-level briefings.
  • Partnering with IT and delivery teams to embed security into infrastructure, projects, and enterprise applications.

What you’ll bring

  • Australian Citizenship (and eligible to maintain PV clearance requirements)
  • AGSVA Positive Vetting clearance (Current, active or recently deactivated within the past 2 months)
  • Strong experience in cyber security / GRC (typically 7+ years in cyber/GRC-focused roles)
  • Solid working knowledge of PSPF, ISM, ASD Essential Eight (and/or NIST)
  • Proven stakeholder management across a complex, regulated environment

Nice-to-haves

  • Exposure to ISO 27000 series, NIST 800 series, CIS controls, etc.

If you are a passionate experienced GRC Analyst looking to be a leader or an experienced GRC Manager, we encourage you to apply today via the link provided!

Please note Canberra-based candidates with full time work rights or people already willing to relocate only will be considered for this role as it is a requirement for this position and no sponsorship is on offer.

Candidates from all backgrounds are welcome to apply too. Please feel free to also send a CV to ***email_hidden***, our Principal IT Consultant for Data, AI and Cyber, thanks.

Apply Now Apply Now Post a Resume

See more jobs in Canberra, Australian Capital Territory, jobs in Australia