GRC Manager (TSPV Cleared)
Sirius.
Cyber GRC Manager | Canberra
About the Opportunity
Are you a highly skilled Cyber GRC professional looking to make a significant impact in an enterprise security environment? Would you like to grow a team of 4 GRC Analysts to 7 and be part of a growing workplace?
We are seeking a Cyber GRC Manager to lead information system authorisation activities within a highly secure environment in Canberra.
In this pivotal role, you will lead the implementation, monitoring, and continuous improvement of security controls, ensuring alignment with Australian Government frameworks to drive maturity uplift and informed risk management.
- Location: Canberra
- Clearance Requirement: Active AGSVA Positive Vetting (PV) clearance
- Reporting Line: Reports to the Deputy CISO
- Direct Reports: Cyber GRC Lead
Key Responsibilities
As the Cyber GRC Manager, you will lead a small, dedicated team to deliver robust security outcomes across the organisation:
- Security Authorisation: Lead the development, delivery, submission, and maintenance of crucial security authorisation documentation (including System Security Plans, Security Risk Management Plans, and Cyber Incident Response Plans) to support Government ATO processes.
- Framework Implementation: Drive the implementation of key security standards, including the ISM, ASD Essential 8, and NIST frameworks.
- Strategic Risk Assessments: Lead comprehensive cyber security risk assessments to identify vulnerabilities, develop mitigation policies, and collaborate with business teams to secure stakeholder approval.
- SME Advisory: Provide expert cyber security advice for greenfield projects, infrastructure design, upgrades, and the modernisation of legacy enterprise applications.
- Executive Briefings: Support the CISO and Deputy CISO in achieving technical objectives and assisting with briefing the Executive team on critical security matters.
- Defensive Alignment: Assist the team in defending networks from cyber threat actors within a complex technical ecosystem.
What We Are Looking For
To be successful in this position, you will need a strong background in federal government compliance and a proven track record of managing GRC functions:
- Security Clearance: An active AGSVA Positive Vetting (PV) clearance is mandatory, alongside Australian Citizenship.
- Experience: A minimum of 7 years of experience working as a Cyber Security or GRC Analyst, ideally within an enterprise security environment.
- Regulated Environments: Proven experience working within heavily regulated sectors such as federal government, telecommunications, or energy.
- Framework Expertise: Deep operational knowledge of the Protective Security Policy Framework (PSPF), Information Security Manual (ISM), ASD Essential 8, and NIST standards.
- Communication Skills: Exceptional communication skills with the ability to translate complex technical risks into clear business terms for stakeholders of varying seniority.
- Desirable Qualifications: Relevant certifications or experience with the ISO27000 series, NIST 800 series, or CIS frameworks are highly regarded.
The Environment & Challenges
This role offers an excellent opportunity for personal career growth through both mentoring and self-directed learning. You will thrive here if you enjoy:
- Managing competing priorities and timelines within a fast-paced, complex operating environment.
- Building effective automation solutions to streamline GRC workflows.
- Cultivating strong working relationships across internal teams (IT Operations, Cyber Security, Business Change) and external Government agencies.
Additional Information
- Pre-employment screening, including medical, psychometric, and/or skills testing, may be required.
- Canberra based or candidate willing to live in Canberra only
- Positive vetting required.
If you are a passionate experienced GRC Analyst looking to be a leader or an experienced GRC Manager, we encourage you to apply today via the link provided! Please note Canberra-based candidates with full time work rights or people already willing to relocate only will be considered for this role as it is a requirement for this position and no sponsorship is on offer.
Candidates from all backgrounds are welcome to apply too. Please feel free to also send a CV to ***email_hidden***, our Principal IT Consultant for Data, AI and Cyber, thanks.