Cyber GRC Manager (PV Cleared) — Canberra (On-site 5 days per week) | Permanent Want to lead Authority to Operate (ATO) outcomes and lift cyber maturity in an environment where security actually matters ? Would you like to grow a team of 4 GRC Analysts to 7 and be part of a growing workplace? We are partnering with a highly regarded organisation in the Government & Defence sector to recruit a Cyber GRC Manager in Canberra. This is a permanent, on-site role working closely with senior cyber leadership, driving governance, risk, compliance and security authorisation across complex systems. Why you’ll want this role High-impact work: Own and lead security authorisation activities supporting Government ATO processes. Leadership & influence: Report into senior cyber leadership and guide a dedicated GRC function (direct report included). Maturity uplift focus: Drive implementation and continuous improvement aligned to Government security frameworks. Variety: Influence greenfield initiatives and modernisation of legacy systems. Growth: Strong emphasis on mentoring and self-directed learning in a small, capable cyber team. Permanent opportunity: Long-term stability in a highly regulated environment. The role (what you’ll be doing) You’ll lead the organisation’s cyber governance, risk and compliance posture by: Owning security authorisation documentation (e.g., System Security Plans, Security Risk Management Plans, Cyber Incident Response Plans) for ATO. Leading implementation and uplift across frameworks/standards such as ISM, PSPF, ASD Essential Eight, NIST (and similar). Running and leading cyber security risk assessments, with pragmatic risk treatment strategies. Acting as a trusted SME across stakeholders with varying technical depth, including executive-level briefings. Partnering with IT and delivery teams to embed security into infrastructure, projects, and enterprise applications. What you’ll bring Australian Citizenship (and eligible to maintain PV clearance requirements) AGSVA Positive Vetting clearance (Current, active or recently deactivated within the past 2 months) Strong experience in cyber security / GRC (typically 7 years in cyber/GRC-focused roles) Solid working knowledge of PSPF, ISM, ASD Essential Eight (and/or NIST) Proven stakeholder management across a complex, regulated environment Nice-to-haves Exposure to ISO 27000 series, NIST 800 series, CIS controls, etc. If you are a passionate experienced GRC Analyst looking to be a leader or an experienced GRC Manager, we encourage you to apply today via the link provided! Please note Canberra-based candidates with full time work rights or people already willing to relocate only will be considered for this role as it is a requirement for this position and no sponsorship is on offer. Candidates from all backgrounds are welcome to apply too. Please feel free to also send a CV to kgonzalez@siriustechnology.com.au, our Principal IT Consultant for Data, AI and Cyber, thanks.