Job ID: MI-97720 (99290116)10A
Cybersecurity Specialist with Governance, Risk, Compliance, data, new process integration, requirements gathering, configuration and testing experience.
Location: Lansing, MI (DTMB-MCS)
Duration: 12 months
Postions: 1 (1/1)
Top Skills:
Top Skills & Years of Experience:
– 10 years in developing, incorporating, and administering complex enterprise Governance, Risk, and Compliance (GRC) workflows, data, new process integration for the Michigan Security Accreditation Process.
– Building and testing requirements and reviewing them with business process owners and other business parties affecting the change to GRC tool.
– Design and implement new functionality, workflows, processes, and/or reporting in the GRC tool including requirements gathering, configuration, and testing.
This GRC Admin/Specialist position with 10 + years in developing, incorporating, and
administering complex enterprise Governance, Risk, and Compliance (GRC) workflows, data,
new process integration for the Michigan Security Accreditation Process.
The individual must have technical knowledge and understanding GRC concepts and risk
management frameworks and associated statutory and regulatory requirements.
This position also requires research and review of industry best practices for information
security GRC processes, industry recognized security frameworks, and familiarity with the
techniques required to protect the confidentiality, integrity, and availability of sensitive
information.
• Serve as the single point of contact for state of Michigan’s GRC tool, LockPath by
Navex Global and serve as the System Administrator for Security Accreditation/Risk
Management process.
• Provide strategic, architectural and process support for GRC at the enterprise
level to MCS/RCD as a Subject Matter Expert.
• Troubleshoot issues, seek solutions, and provide support where needed. Ensure
solutions to issues have been determined, implemented, and resolved.
• Attend meetings with various SOM areas to gather business requirements for integrating
into GRC and other enterprise processes impacting risk management process.
• Building and testing requirements and reviewing them with business process owners and
other business parties affecting the change to GRC tool.
• Design and implement new functionality, workflows, processes, and/or reporting
in the GRC tool including requirements gathering, configuration, and testing.
• Communicate with Navex Global regarding GRC software issues, maintenance,
and any other software violations.
• Serve as main contact to analyze GRC issues/incidents to identify root cause. Work
closely with vendor’s product support team to implement solutions where needed.
• Ensure the adequacy of management, operational, and technical security controls, i.e.,
policies, standards, procedures, and processes, are implemented in the Michigan
Security Accreditation Process and they are working as intended.
• Work with MCS Management to improve the GRC tool and associated processes.
• Receive GRC Service Requests through the GRC tool for updates/revisions to the
tool. and determine the eligibility, compatibility and acceptability of service requests
when assessing capability and change requests.
Maintain design and integration with the results of threat, risk, and vulnerability
assessments within GRC tool and PowerBI reporting to monitor security risks.
• Assist the management with review metrics on the performance of security
responsibilities and create new reports based on those collected metrics across
multiple Agencies utilizing the GRC tool.
• Provide support and subject matter expertise with respect to adherence to statutory
and regulatory compliance frameworks, i.e., NIST special publications 800 series,
HIPAA, IRS Publication 1075, CMS, PCI, etc.).
• Other duties as assigned.