GRC Administrator and Developer

Job Title: GRC Administrator and Developer

Location: Lansing MI (48933)

Duration: 1 year with possible extension (Hybrid)

Top Skills & Years of Experience:

Python programming (primary requirement) 2-3 years

API integration and automation experience 1-2 years

Agile methodology experience 1-2 years

Risk Management knowledge 1-2 years

Database design expertise 2-3 years

GRC tool familiarity (preferred) 1-2 years

Position Summary

This position is part of a collaborative team of information technology professionals dedicated

to supporting the agencys mission and goals. The role focuses on maintaining and enhancing

the State of Michigans Web-based Governance Risk and Compliance (GRC) tool Navex IRM

(formerly Keylight). Responsibilities include administration development troubleshooting and

implementing new functionality. The position may also involve working on new development

projects testing documentation and cross-team collaboration with Michigan Cyber Security

Office of Internal Audit Systems Office of the Chief Technology Officer and the Enterprise

Project Management Office.

Key Responsibilities

Serve as the primary administrator and developer for the State of Michigans GRC tool

(Navex IRM).

Collaborate closely with stakeholders to understand security and compliance requirements

and design tailored automation solutions.

Lead automation initiatives for security accreditation processes including evidence

collection workflow routing and control reviews to reduce manual effort.

Design and implement unified security controls frameworks aligned with State of Michigan

Standards and integrate CJIS v6.0 IRS 1075 PCI (SAQ A SAQ A-EP) and ARC-AMPE

standards.

Develop and maintain Python API modules and automation scripts to import and update

compliance controls integrate CMDB vulnerability data and audit evidence for continuous

monitoring.

Work cross-functionally with IT security and business teams to ingest structured data

(JSON CSV) into the GRC tool and maintain centralized Azure Repos for source control and

documentation.

Integrate with RESTful APIs to automate data imports exports and reporting in JSON and

CSV formats.

Troubleshoot issues identify solutions and ensure timely resolution.

Maintain and update system and project documentation (Azure repositories SharePoint).

Communicate with Navex IRM regarding software issues maintenance and upgrades.

Analyze GRC issues/incidents to identify root causes and work with vendor support to

implement solutions.

Participate in development activities including testing implementation and

documentation.

Perform other duties as assigned.

Required Skills and Qualifications

Python programming experience

Experience developing automation scripts and API integrations (RESTful APIs)

General knowledge of database design

Basic programming skills in Java or C#

Familiarity with DevOps practices and Risk Management concepts

Experience with Agile methodology (e.g. sprints)

Strong troubleshooting and problem-solving skills

Excellent communication and collaboration abilities

Preferred Skills

Experience with automated testing

Knowledge of any GRC tool (Navex IRM experience is a plus)

Understanding of governance risk and compliance frameworks

Experience with security frameworks such as CJIS IRS 1075 PCI ARC-AMPE

Top Skills Summary

Python programming (primary requirement) 2-3 years

API integration and automation experience 1-2 years

Agile methodology experience 1-2 years

Risk Management knowledge 1-2 years

Database design expertise 2-3 years

GRC tool familiarity (preferred) 1-2 years