Cybersecurity GRC Manager

Tyto Athene is searching for a Cybersecurity GRC Manager to lead our ISSO team’s compliance and risk management function. This is a critical mid-level leadership role responsible for maintaining posture but architecting a cultural shift within our security delivery pipeline. The ideal candidate excels at stabilizing programs, and can lead a cultural reset across teams, processes, technologies, and client relationships.

The GRC Manager will serve as the principal architect of our compliance, risk, and governance ecosystem, responsible for restoring discipline, transparency, and delivery excellence across all federal engagements.

This role has full authority to establish a culture of accountability and trust. You will be the face of GRC to federal clients, auditors, and internal leadership.

• →Organizational Transformation: Lead a complete modernization of existing GRC processes; identify process gaps, eliminate inefficiencies, and implement quality standards for all deliverables.
• →Team Leadership: Assess current capabilities, restructure roles, identify required resources, and establish a high‑performance culture.
• →Client Trust: Act as the primary interface for federal stakeholders, including ISSOs, Systems Owners (SOs) and Authorizing Officials (AOs), to enhance confidence in our ability to manage the system authorization lifecycle.
• →End-to-End Service Delivery: Direct all aspects of the NIST Risk Management Framework (RMF) from categorization and control selection to continuous monitoring ensuring 100% compliance with FIPS 199 H/M/L and FedRAMP standards. Possesses technical acumen and process familiarity to effectively perform ISSO tasks as needed.
• →Audit Lifecycle Management: Manage the full audit lifecycle, including remediating legacy findings and leading interactions with Third-Party Assessors.
• →Team Rebuilding & Mentorship: Hire, mentor, and oversee a team of GRC analysts, fostering a culture of accountability and deep technical competence.
• →Integrated Risk Management: Align GRC activities with product development lifecycles, ensuring security is "built-in" and not "bolted-on".
• →Executive Reporting: Deliver concise, actionable risk and compliance insights to senior leadership.

• Federal Expertise: 8+ years of experience in Federal GRC, with deep mastery of NIST SP 800-53, NIST 800-37 (RMF), and FedRAMP.
• Proven Leadership: Extensive experience leading team turnarounds and developing standard operating procedures (SOPs) in a high-growth environment.
• Technical Writing: Mastery in developing authorization packages, including SSPs, SARs, and POA&Ms.
• Strong communication skills with federal clients, auditors, and executives.
• Ability to operate with urgency, clarity, and authority in high‑pressure environments
• Certifications: CISM, CISA, CGRC
• Experience utilizing GRC platforms (ServiceNow, etc.)

• Experience implementing automation within GRC tools to reduce manual audit prep and increase efficiency (StackArmor, Splunk, etc.)
• Deep understanding of cloud architectures (AWS, Azure, or GCP) within regulated GovCloud environments.
• Certifications: CISSP, PMP, CRISC

• Must possess an active Public Trust clearance.