Role: GRC Administrator and Developer
Location: Lansing, MI (Hybrid – 2 days onsite - Mondays and Tuesdays required)
Duration: 1 year with possible extension
Interview Process: In-person interviews (bringing laptops, headsets, etc. to the interview is not permitted). Candidates MUST be available for an in-person interview.
References are required for this position. Please include a separate attachment with your submission that includes 2-3 professional references. Each reference should include the name, email, phone number, and their position title/company name.
Required Skills and Qualifications
Python programming experience
Experience developing automation scripts and API integrations (RESTful APIs)
General knowledge of database design
Basic programming skills in Java or C#
Familiarity with DevOps practices and Risk Management concepts
Experience with Agile methodology (e.g., sprints)
Strong troubleshooting and problem-solving skills
Excellent communication and collaboration abilities
Preferred Skills
Experience with automated testing
Knowledge of any GRC tool (Navex IRM experience is a plus)
Understanding of governance, risk, and compliance frameworks
Experience with security frameworks such as CJIS, IRS 1075, PCI, ARC-AMPE
Top Skills Summary
Python programming (primary requirement) – 2-3+ years
API integration and automation experience – 1-2+ years
Agile methodology experience – 1-2+ years
Risk Management knowledge – 1-2+ years
Database design expertise – 2-3+ years
GRC tool familiarity (preferred) – 1-2+ years
Responsibilities
Serve as the primary administrator and developer for the State of Michigan’s GRC tool (Navex IRM).
Collaborate closely with stakeholders to understand security and compliance requirements and design tailored automation solutions.
Lead automation initiatives for security accreditation processes, including evidence collection, workflow routing, and control reviews to reduce manual effort.
Design and implement unified security controls frameworks aligned with State of Michigan Standards and integrate CJIS v6.0, IRS 1075, PCI (SAQ A, SAQ A-EP), and ARC-AMPE standards.
Develop and maintain Python API modules and automation scripts to import and update compliance controls, integrate CMDB, vulnerability data, and audit evidence for continuous monitoring.
Work cross-functionally with IT, security, and business teams to ingest structured data (JSON, CSV) into the GRC tool and maintain centralized Azure Repos for source control and documentation.
Integrate with RESTful APIs to automate data imports, exports, and reporting in JSON and CSV formats.
Troubleshoot issues, identify solutions, and ensure timely resolution.
Maintain and update system and project documentation (Azure repositories, SharePoint).
Communicate with Navex IRM regarding software issues, maintenance, and upgrades.
Analyze GRC issues/incidents to identify root causes and work with vendor support to implement solutions.
Participate in development activities, including testing, implementation, and documentation.
Perform other duties as assigned.
Never miss an opportunity! Create an alert based on the job you applied for.
