GRC Administrator & Developer

Mode of work: Hybrid Mode of Interview: In-Person Location: Lansing, Michigan Job Titl e:GRC Administrator and Develop erPosition Summa ryThis position is part of a collaborative team of information technology professionals dedicated to supporting the agency’s mission and goals. The role focuses on maintaining and enhancing the State of Michigan’s Web-based Governance, Risk, and Compliance (GRC) tool, Navex IRM (formerly Keylight). Responsibilities include administration, development, troubleshooting, and implementing new functionality. The position may also involve working on new development projects, testing, documentation, and cross-team collaboration with Michigan Cyber Security, Office of Internal Audit Systems, Office of the Chief Technology Officer, and the Enterprise Project Management Offic e.Key Responsibiliti • esServe as the primary administrator and developer for the State of Michigan’s GRC tool (Navex IRM • ).Collaborate closely with stakeholders to understand security and compliance requirements and design tailored automation solution • s.Lead automation initiatives for security accreditation processes, including evidence collection, workflow routing, and control reviews to reduce manual effor • t.Design and implement unified security controls frameworks aligned with State of Michigan Standards and integrate CJIS v6.0, IRS 1075, PCI (SAQ A, SAQ A-EP), and ARC-AMPE standard • s.Develop and maintain Python API modules and automation scripts to import and update compliance controls, integrate CMDB, vulnerability data, and audit evidence for continuous monitorin • g.Work cross-functionally with IT, security, and business teams to ingest structured data (JSON, CSV) into the GRC tool and maintain centralized Azure Repos for source control and documentatio • n.Integrate with RESTful APIs to automate data imports, exports, and reporting in JSON and CSV format • s.Troubleshoot issues, identify solutions, and ensure timely resolutio • n.Maintain and update system and project documentation (Azure repositories, SharePoint • ).Communicate with Navex IRM regarding software issues, maintenance, and upgrade • s.Analyze GRC issues/incidents to identify root causes and work with vendor support to implement solution • s.Participate in development activities, including testing, implementation, and documentatio • n.Perform other duties as assigne d.Required Skills and Qualificatio • nsPython programming experien • ceExperience developing automation scripts and API integrations (RESTful API • s)General knowledge of database desi • gnBasic programming skills in Java or • C#Familiarity with DevOps practices and Risk Management concep • tsExperience with Agile methodology (e.g., sprint • s)Strong troubleshooting and problem-solving skil • lsExcellent communication and collaboration abiliti esPreferred Skil • lsExperience with automated testi • ngKnowledge of any GRC tool (Navex IRM experience is a plu • s)Understanding of governance, risk, and compliance framewor • ksExperience with security frameworks such as CJIS, IRS 1075, PCI, ARC-AM PETop Skills Summa • ryPython programming (primary requirement) – 2-3+ yea • rsAPI integration and automation experience – 1-2+ yea • rsAgile methodology experience – 1-2+ yea • rsRisk Management knowledge – 1-2+ yea • rsDatabase design expertise – 2-3+ yea • rsGRC tool familiarity (preferred) – 1-2+ yea rs