Zahid Kamil

About Me

I originally became interested in GRC because it brings together several areas I enjoy learning about—security, compliance, programming, cloud technology, and now AI. I've always liked understanding how systems work and figuring out ways to automate or improve them. GRC turned out to be a space where those interests overlap, especially when building tools that make compliance processes easier for technical teams.

I currently work with the State of Michigan supporting governance, risk, and compliance (GRC) initiatives, where I help improve and automate the state's security accreditation and risk management processes. My work is more technical than traditional GRC and focuses on building automation inside our IRM platform (NAVEX). Using Python and APIs, I integrate vulnerability data, CMDB information, and other system evidence to support continuous monitoring and reduce manual compliance work.

One area I worked on was automating parts of the state's security accreditation workflow. By building scripts and integrations that automate evidence collection, control reviews, and workflow routing, we were able to significantly reduce manual effort. I also converted State of Michigan policies, standards, and procedures into structured control statements by parsing policy PDFs and mapping them into a unified controls framework aligned with NIST concepts and multiple standards including CJIS v6.0, IRS 1075, PCI SAQ A / A-EP, ARC-AMPE, and NACHA.

Looking ahead, I'm interested in how automation and AI can continue improving governance and compliance work. There is a lot of potential to reduce manual processes by using better integrations, data pipelines, and intelligent tooling to map policies to controls and identify gaps more quickly. I enjoy working in a space where I'm constantly learning new technologies and applying them to real security and compliance problems.

Experience Highlights

• Automated the State of Michigan's security accreditation process, reducing manual compliance effort by approximately 60% through workflow routing and evidence collection automation.
• Developed Python scripts and API integrations to ingest vulnerability data, CMDB records, and audit evidence into the GRC platform for continuous monitoring.
• Converted State of Michigan policies, standards, and procedures into structured control statements by parsing policy PDFs and mapping requirements into actionable controls.
• Designed a unified security controls framework aligned with NIST concepts and integrating CJIS v6.0, IRS 1075, PCI SAQ A / SAQ A-EP, ARC-AMPE, and NACHA requirements.
• Configured and enhanced the NAVEX IRM platform to support risk assessments, control reviews, and compliance reporting across multiple agencies.
• Integrated REST APIs to automate data imports, exports, and reporting using structured formats such as JSON and CSV.
• Collaborated with security teams, system owners, and business stakeholders to translate regulatory and policy requirements into automated compliance processes.
• Established centralized source control using Azure Repos to manage automation scripts, documentation, and development workflows.
• Worked with structured datasets and security tooling to support continuous monitoring and reduce reliance on manual compliance tracking.

Get in Touch

Feel free to reach out if you want to discuss about Security Compliance or anything GRC-related