Derive password string from random bytes

I have 32 bytes. I need to derive from them a password string (which will hopefully work on most websites), given certain restrictions.

• All characters must be in one of { A-Z, a-z, 0-9, !@#$% }.
• The string will have at least two characters from each of the above sets.
• The string must be exactly 15 characters long.

Currently I'm using the bytes to seed a non-cryptographically-secure PRNG, which I'm then using to:

1. get two random characters from each of the sets and push them.
2. fill the rest of the string with randomly chosen characters from any of the sets.
3. shuffle the string.

Is this valid, and is there a simpler way?