As a key member of our team, you will be responsible for working with a team of professionals focused on conducting end to end security risk assessments and driving security certifications such as ISO27001, FedRamp etc. for in scope services.  This position requires the ability to navigate across the Enterprise with coordination at all levels, excellent oral and written communication skills, and the ability to formulate issues and recommendations clearly.  This role, with a focus on Risk Management, is critical to informing leadership of the critical risks we face as a business and preparing teams for required external certification requirements.

Key Responsibilities and Accountabilities:

Drive risk assessments and compliance management efforts across engineering, manufacturing, and sourcing, factories, third-party suppliers/vendors and tools to identify operational security risks across end-to-end supply chain of Microsoft products and services.

Lead end to end security certification program to obtain compliance certifications such as ISO27001, FedRamp and others as requested by our customers.

Develop and maintain Standard Operating Procedures based on Microsoft and industry best practice to operationalize compliance activities.

Interact with various levels of engineering, marketing, legal, finance, and management to ensure accurate information is gathered, analyzed, and reported to drive risk-based decision making and deployment of mitigation strategies.

Bridge the gap between identifying security and operational risks across WDG supply chains and deployment of scalable, secure, and resilient mitigation strategies.

Support enhancements to the existing Unified Control Framework (UCF) leveraging industry standards and Microsoft policies and procedures to improve the risk and compliance management program.

Sustain and improve the WDG risk and compliance management program for identifying, mitigating, and controlling risks across the engineering group to promote consistency, efficiency, and reliability.

Understand how to turn raw data into useful, actionable information and provide dashboards, reports, and communications effectively to multiple audiences at various levels across the organization using PowerBI or similar technology.

Drive a Risk Management “Rhythm of the Business” and increase Leadership Team and stakeholder awareness of security risks to enable mitigation decisions on supply chain security and reliability.

Qualifications

Required Qualifications:

7 year’s technical program and/or project management experience

BS/BA in Computer Science; Information Systems, Engineering, Business or related field with the equivalent experience.

Strong interpersonal and written communication skills.

Knowledge of and experience in risk management, security, and/or supply chain compliance; fundamentals to include concepts, standards, and control frameworks.

Experience using Microsoft Office suite (Word, PowerPoint, Excel, SharePoint, etc.)

Preferred Qualifications:

Strong understanding of security and supply chain concepts, standards, and control frameworks (e.g., NIST CSF, NIST 800-161, NIST 800-53, ISO 27001, ISO 27036).

Previous experience in risk management, internal audit, and/or compliance.  

Demonstrated ability to own and drive programs and initiatives by working through ambiguity.  

Capability to develop data models and the ability to create reports using PowerBI and/or SQL

Experience with Azure Dev Ops/Visual Studio.  

Experience with Online Services Support or Architecture, Software Engineering, and/or Supply Chain a strong plus.

Proven track record of delivering results on time, to budget and on spec.   

Good track record of working collaboratively and effectively with senior leaders and teams across organizational boundaries.

Experience influencing others without authority.

Operational experience in online services and business-related background.  

Strong consideration for candidates who are certified or qualified for certification: CISSP, CISA, PMP (PMI)

This position is based at Microsoft’s corporate headquarters in Redmond, Washington.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.