GRC Lead / Cyber Risk Manager

About the Organization: CyberLinx Solutions LLC is a full‑service Information Technology solution provider. We offer services in cloud‑based technologies, virtualization, system security implementation, vulnerability assessments, penetration testing, project management, system engineering, system development, hardware, software, system administration, technical writing, and help desk support. CyberLinx Solutions LLC is seeking a forward‑thinking Cybersecurity GRC Lead / Cyber Risk Manager responsible for leading the organization’s cybersecurity governance, risk, and compliance (GRC) program. This role oversees enterprise risk assessments, regulatory compliance, policy development, and security control implementation aligned to industry frameworks such as NIST CSF and NIST RMF. Key Responsibilities Lead and manage the enterprise GRC program, including policies, standards, and procedures. Serve as the primary advisor on cybersecurity risk and compliance matters. Align cybersecurity strategy with business objectives and regulatory requirements. Provide executive‑level reporting on risk posture, compliance status, and remediation efforts. Conduct enterprise and system‑level cybersecurity risk assessments. Develop and maintain risk registers aligned to NIST SP 800‑53 and NIST SP 800‑171. Define risk tolerance, scoring methodologies, and mitigation strategies. Perform gap assessments and maturity evaluations using NIST CSF. Ensure compliance with federal, state, and industry regulations for NIST RMF and FISMA as applicable. Lead audit readiness efforts and coordinate internal/external audits. Develop Plans of Action & Milestones (POA&M) and track remediation activities. Maintain documentation supporting Authority to Operate (ATO) processes. Oversee implementation and validation of security controls. Map controls across frameworks (NIST CSF, NIST 800‑53, ISO 27001). Collaborate with technical teams to ensure control effectiveness. Evaluate vendor and third‑party cybersecurity risks. Conduct security assessments and due diligence reviews. Ensure contractual security and compliance requirements are met. Required Qualifications Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or a related field. 8+ years of experience in cybersecurity, with at least 3–5 years in GRC or risk management leadership roles. Strong knowledge of NIST Cybersecurity Framework (CSF), NIST Risk Management Framework (RMF), NIST SP 800‑53 / 800‑171. Experience supporting audits, compliance programs, and regulatory frameworks. Proven ability to lead cross‑functional teams and communicate with executive leadership. Required Certifications Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC). Preferred Certifications Certified Information Systems Auditor (CISA). Certified in Governance of Enterprise IT (CGEIT). ISO/IEC 27001 Lead Implementer or Lead Auditor. CompTIA Security+ (for DoD 8570/8140 compliance environments). Preferred Skills Experience with GRC tools (e.g., Archer, ServiceNow GRC). Strong understanding of risk quantification methodologies. Experience with public sector or regulated environments. Ability to translate technical risk into business impact. Excellent written and verbal communication skills. Work Environment May support on‑site, hybrid, or remote engagements. May require participation in audits, executive briefings, and stakeholder meetings. Occasional travel may be required based on client or contract needs. Employment Type: Full‑Time Location: Washington, DC EOE Statement: We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law. This position is currently accepting applications. #J-18808-Ljbffr Cyberlinx-Solutions-LLC