The Principal Security Technical Analyst - Governance, Risk, and Compliance (GRC) role requires strong technical expertise, exceptional customer service, and excellent communication and writing skills. The Principal is recognized as a leader and subject matter expert within and beyond their immediate function and is highly proficient at gathering critical information, distinguishing key details, and making sound decisions. This role requires a solid understanding of technology, governance, risk, controls, compliance practices, modern cybersecurity challenges, asset management lifecycles, and data management. The position also supports the Manager and Senior Principal in developing roadmaps, standards, and strategic initiatives.
This role operates within the Security GRC Risk organization, focusing on evaluating and enhancing technology risk controls across critical platforms and services. The analyst supports effectiveness reviews in collaboration with engineering and operations teams to assess how documented approaches align with actual technical practices. Over time, this position will expand into broader technical risk and assurance functions, helping identify control gaps, validate remediation efforts, and strengthen overall risk transparency.
Essential Duties and Responsibilities
- Develops and maintains visual dashboards; produces high-quality reports and documentation; ensures accuracy, clarity, and succinctness; and reviews or approves work from less-senior team members. Provides recommendations to Senior Principals and management.
- Assumes ownership in analyzing and implementing operational, regulatory, business, and legal requirements. Identifies and assesses complex, ambiguous, or conflicting business process and technology issues, advising department managers on development, enhancement, and maintenance activities.
- Researches and advocates for new or emerging technologies, architectures, and enterprise products; may collaborate with Supply Chain to provide subject-matter expertise during contract evaluations.
- Ensures timely completion of deliverables; represents the team in meetings and review boards; and serves as a backup to the Manager and other team leaders. Supports daily operations by validating objectives and KPIs, taking corrective action as needed, and partnering with technical and business teams to meet goals.
- May directly oversee one or more areas including controls, risk mitigation and management, compliance, audit support, and hardware/software/OT asset management operations with guidance from the Manager or Senior Principal. May occasionally present high-impact exceptions to Company senior vice presidents.
- Translates technical standards into language understood by non-technical stakeholders; clearly articulates gaps and recommended actions; ensures standards and policies are well-written, accurate, and accessible; and monitors adherence, addressing compliance issues when needed.
- Leads or participates in team initiatives such as annual planning, continuous improvement efforts, waste elimination activities, and operational reviews. Actively maintains internal processes, owning gap analysis and remediation. Adheres to the Company's quality systems and methodologies.
- Performs other duties as assigned or required.
- Contributes as a primary resource on the IT & Security Governance, Risk, and Compliance Team, working independently with Company stakeholders and keeping leadership appropriately informed. May interact with vendors, publishers, governmental agencies, and external organizations.
- Engages with, leads, and mentors other staff, ensuring backup coverage and contingency planning for critical work. Provides guidance to less-senior staff through one-on-one mentoring, training sessions, and constructive feedback.
- Applies subject-matter expertise to develop solutions for current and emerging work, demonstrating strong situational awareness and clear decision-making. Regularly meets with stakeholders to address questions, document decisions, and ensure execution of action items. Maintains a proactive and professional demeanor in all interactions.
Knowledge/Skills/Abilities
- Advanced understanding of IT and cybersecurity concepts, with the ability to explain how technologies, systems, and configurations influence risk exposure and mitigation strategies.
- Excellent communication, interpersonal, and active-listening skills, capable of translating risk implications for both technical and non-technical audiences and supporting informed decision-making.
- Strong comprehension of technology tools, data management practices, and core technical concepts.
- Demonstrated ability to work independently with strong organizational and time-management skills. Effectively collaborates with leadership, product owners, and key stakeholders to set program direction.
- Applies strategic thinking to identify, evaluate, and prioritize technology and cybersecurity risks, aligning mitigation activities with organizational objectives.
- Skilled in optimizing data management processes and producing reports that support data-driven decision-making.
- Exhibits excellent teamwork and embodies the values of humility, initiative, and people-centered collaboration.
Education/Experience
- Bachelor's Degree in computer science, information systems, or a related field, and seven (7) or more years of combined IT or security experience, including 4-7 years in governance, risk, compliance, and/or technology controls, asset management programs, or data management/validation.
- [OR] Associate's Degree in computer science, information systems, or a related field, and nine (9) or more years of combined IT or security experience, including 4-7 years in governance, risk, compliance, and/or technology controls, asset management programs, or data management/validation.
- [OR] High School Diploma and eleven (11) or more years of combined IT or security experience, including 4-7 years in governance, risk, compliance, and/or technology controls, asset management programs, or data management/validation.
Consumers Energy
1 Energy Plz
Jackson
Michigan United States
www.consumersenergy.com
