GRC Administrator and Developer
Full-time, Part-time, Contract, Third Party
Contract
17 hours ago
Key skills
PythonJavaC#CAzureRESTfulSource ControlAgileProject ManagementRisk ManagementCommunicationCollaboration
About this role
Need local to Michigan
Job Description
Job Title:
GRC Administrator and Developer
Position Summary
This position is part of a collaborative team of information technology
professionals dedicated to supporting the agency s mission and goals.
The role focuses on maintaining and enhancing the State of Michigan s
Web-based Governance, Risk, and Compliance (GRC) tool, Navex IRM
(formerly Keylight). Responsibilities include administration,
development, troubleshooting, and implementing new functionality. The
position may also involve working on new development projects, testing,
documentation, and cross-team collaboration with Michigan Cyber
Security, Office of Internal Audit Systems, Office of the Chief
Technology Officer, and the Enterprise Project Management Office.
Key Responsibilities
- Serve as the primary administrator and developer for the State of
Michigan s GRC tool (Navex IRM).
- Collaborate closely with stakeholders to understand security and
compliance requirements and design tailored automation solutions.
- Lead automation initiatives for security accreditation processes,
including evidence collection, workflow routing, and control reviews
to reduce manual effort.
- Design and implement unified security controls frameworks aligned
with State of Michigan Standards and integrate CJIS v6.0, IRS 1075,
PCI (SAQ A, SAQ A-EP), and ARC-AMPE standards.
- Develop and maintain Python API modules and automation scripts to
import and update compliance controls, integrate CMDB, vulnerability
data, and audit evidence for continuous monitoring.
- Work cross-functionally with IT, security, and business teams to
ingest structured data (JSON, CSV) into the GRC tool and maintain
centralized Azure Repos for source control and documentation.
- Integrate with RESTful APIs to automate data imports, exports, and
reporting in JSON and CSV formats.
- Troubleshoot issues, identify solutions, and ensure timely
resolution.
- Maintain and update system and project documentation (Azure
repositories, SharePoint).
- Communicate with Navex IRM regarding software issues, maintenance,
and upgrades.
- Analyze GRC issues/incidents to identify root causes and work with
vendor support to implement solutions.
- Participate in development activities, including testing,
implementation, and documentation.
- Perform other duties as assigned.
Required Skills and Qualifications
- Python programming experience
- Experience developing automation scripts and API integrations
(RESTful APIs)
- General knowledge of database design
- Basic programming skills in Java or C#
- Familiarity with DevOps practices and Risk Management concepts
- Experience with Agile methodology (e.g., sprints)
- Strong troubleshooting and problem-solving skills
- Excellent communication and collaboration abilities
Preferred Skills
- Experience with automated testing
- Knowledge of any GRC tool (Navex IRM experience is a plus)
- Understanding of governance, risk, and compliance frameworks
- Experience with security frameworks such as CJIS, IRS 1075, PCI,
ARC-AMPE
Top Skills Summary
- Python programming (primary requirement) - 2-3+ years
- API integration and automation experience - 1-2+ years
- Agile methodology experience - 1-2+ years
- Risk Management knowledge - 1-2+ years
- Database design expertise - 2-3+ years
- GRC tool familiarity (preferred) - 1-2+ years