Cybersecurity GRC Manager

Tyto Athene, LLC•Washington, DC

1d•$160,000 - $170,000

About The Position

Tyto Athene is searching for a Cybersecurity GRC Manager to lead our ISSO team’s compliance and risk management function. This is a critical mid-level leadership role responsible for maintaining posture but architecting a cultural shift within our security delivery pipeline. The ideal candidate excels at stabilizing programs, and can lead a cultural reset across teams, processes, technologies, and client relationships. The GRC Manager will serve as the principal architect of our compliance, risk, and governance ecosystem, responsible for restoring discipline, transparency, and delivery excellence across all federal engagements. This role has full authority to establish a culture of accountability and trust. You will be the face of GRC to federal clients, auditors, and internal leadership.

Requirements

8+ years of experience in Federal GRC, with deep mastery of NIST SP 800-53, NIST 800-37 (RMF), and FedRAMP.
Extensive experience leading team turnarounds and developing standard operating procedures (SOPs) in a high-growth environment.
Mastery in developing authorization packages, including SSPs, SARs, and POA&Ms.
Strong communication skills with federal clients, auditors, and executives.
Ability to operate with urgency, clarity, and authority in high‑pressure environments
CISM, CISA, CGRC certifications
Experience utilizing GRC platforms (ServiceNow, etc.)
Must possess an active Public Trust clearance.

Nice To Haves

Experience implementing automation within GRC tools to reduce manual audit prep and increase efficiency (StackArmor, Splunk, etc.)
Deep understanding of cloud architectures (AWS, Azure, or GCP) within regulated GovCloud environments.
CISSP, PMP, CRISC certifications

Responsibilities

Lead a complete modernization of existing GRC processes; identify process gaps, eliminate inefficiencies, and implement quality standards for all deliverables.
Assess current capabilities, restructure roles, identify required resources, and establish a high‑performance culture.
Act as the primary interface for federal stakeholders, including ISSOs, Systems Owners (SOs) and Authorizing Officials (AOs), to enhance confidence in our ability to manage the system authorization lifecycle.
Direct all aspects of the NIST Risk Management Framework (RMF) from categorization and control selection to continuous monitoring ensuring 100% compliance with FIPS 199 H/M/L and FedRAMP standards. Possesses technical acumen and process familiarity to effectively perform ISSO tasks as needed.
Manage the full audit lifecycle, including remediating legacy findings and leading interactions with Third-Party Assessors.
Hire, mentor, and oversee a team of GRC analysts, fostering a culture of accountability and deep technical competence.
Align GRC activities with product development lifecycles, ensuring security is "built-in" and not "bolted-on".
Deliver concise, actionable risk and compliance insights to senior leadership.