Programmer 3 GRC Administrator and Developer

Title: Programmer 3 - GRC Administrator and Developer

Location: Lansing MI (Hybrid Locals Only)

Duration: 12 Months

Interview Type: in-person

Job Title:

GRC Administrator and Developer

Position Summary

• This position is part of a collaborative team of information technology professionals dedicated to supporting the agencys mission and goals.
• The role focuses on maintaining and enhancing the State of Michigans Web-based Governance Risk and Compliance (GRC) tool Navex IRM (formerly Keylight). Responsibilities include administration development troubleshooting and implementing new functionality.
• The position may also involve working on new development projects testing documentation and cross-team collaboration with Michigan Cyber Security Office of Internal Audit Systems Office of the Chief Technology Officer and the Enterprise Project Management Office.

Key Responsibilities

• Serve as the primary administrator and developer for the State of Michigans GRC tool (Navex IRM).
• Collaborate closely with stakeholders to understand security and compliance requirements and design tailored automation solutions.
• Lead automation initiatives for security accreditation processes including evidence collection workflow routing and control reviews to reduce manual effort.
• Design and implement unified security controls frameworks aligned with State of Michigan Standards and integrate CJIS v6.0 IRS 1075 PCI (SAQ A SAQ A-EP) and ARC-AMPE standards.
• Develop and maintain Python API modules and automation scripts to import and update compliance controls integrate CMDB vulnerability data and audit evidence for continuous monitoring.
• Work cross-functionally with IT security and business teams to ingest structured data (JSON CSV) into the GRC tool and maintain centralized Azure Repos for source control and documentation.
• Integrate with RESTful APIs to automate data imports exports and reporting in JSON and CSV formats.
• Troubleshoot issues identify solutions and ensure timely resolution.
• Maintain and update system and project documentation (Azure repositories SharePoint).
• Communicate with Navex IRM regarding software issues maintenance and upgrades.
• Analyze GRC issues/incidents to identify root causes and work with vendor support to implement solutions.
• Participate in development activities including testing implementation and documentation.
• Perform other duties as assigned.

Required Skills and Qualifications

• Python programming experience
• Experience developing automation scripts and API integrations (RESTful APIs)
• General knowledge of database design
• Basic programming skills in Java or C#
• Familiarity with DevOps practices and Risk Management concepts
• Experience with Agile methodology (e.g. sprints)
• Strong troubleshooting and problem-solving skills
• Excellent communication and collaboration abilities

Preferred Skills

• Experience with automated testing
• Knowledge of any GRC tool (Navex IRM experience is a plus)
• Understanding of governance risk and compliance frameworks
• Experience with security frameworks such as CJIS IRS 1075 PCI ARC-AMPE

Top Skills Summary

• Python programming (primary requirement) - 2-3 years
• API integration and automation experience - 1-2 years
• Agile methodology experience - 1-2 years
• Risk Management knowledge - 1-2 years
• Database design expertise - 2-3 years
• GRC tool familiarity (preferred) - 1-2 years