Cyber Security

This GRC Admin/Specialist position with 10 + years in developing, incorporating, and administering complex enterprise Governance, Risk, and Compliance (GRC) workflows, data, new process integration for the Michigan Security Accreditation Process. The individual must have technical knowledge and understanding GRC concepts and risk management frameworks and associated statutory and regulatory requirements. This position also requires research and review of industry best practices for information security GRC processes, industry recognized security frameworks, and familiarity with the techniques required to protect the confidentiality, integrity, and availability of sensitive information.

• Serve as the single point of contact for state of Michigan’s GRC tool, LockPath by Navex Global and serve as the System Administrator for Security Accreditation/Risk Management process.
• Provide strategic, architectural and process support for GRC at the enterprise level to MCS/RCD as a Subject Matter Expert.
• Troubleshoot issues, seek solutions, and provide support where needed. Ensure solutions to issues have been determined, implemented, and resolved.

• Attend meetings with various SOM areas to gather business requirements for integrating into GRC and other enterprise processes impacting risk management process.
• Building and testing requirements and reviewing them with business process owners and other business parties affecting the change to GRC tool.

• Design and implement new functionality, workflows, processes, and/or reporting in the GRC tool including requirements gathering, configuration, and testing.

• Communicate with Navex Global regarding GRC software issues, maintenance, and any other software violations.
• Serve as main contact to analyze GRC issues/incidents to identify root cause. Work closely with vendor’s product support team to implement solutions where needed.

• Ensure the adequacy of management, operational, and technical security controls, i.e., policies, standards, procedures, and processes, are implemented in the Michigan Security Accreditation Process and they are working as intended.

• Work with MCS Management to improve the GRC tool and associated processes.

• Receive GRC Service Requests through the GRC tool for updates/revisions to the tool. and determine the eligibility, compatibility and acceptability of service requests when assessing capability and change requests.
• Develop alternate strategies and work with management and agencies impacted by the alternate strategy considering compliance requirements, process efficiency and system limitations and work with DTMB agency service staff and MCS Management to discuss, design, and implement changes in the GRC tool.

• Maintain design and integration with the results of threat, risk, and vulnerability assessments within GRC tool and PowerBI reporting to monitor security risks.

• Assist the management with review metrics on the performance of security responsibilities and create new reports based on those collected metrics across multiple Agencies utilizing the GRC tool.

• Provide support and subject matter expertise with respect to adherence to statutory and regulatory compliance frameworks, i.e., NIST special publications 800 series, HIPAA, IRS Publication 1075, CMS, PCI, etc.).
• Other duties as assigned.