Are you an Information Security Program Manager or Risk Manager who has a passion for technology and protecting company assets? Are you looking for an opportunity to facilitate and drive initiatives that will have IT-wide and enterprise impacts? If so, please read on, as this may be the right role for you.
The Core Services Engineering Digital Security & Risk Engineering (DSRE) team is looking for a risk management professional to actively engage and lead enterprise wide information security projects that reduce Microsoft’s Top Information Security Risks. The role reports into DSRE’s Governance, Risk, Compliance, and Continuity (GRCC) team. GRCC’s mission is to ensure risk reduction and accountability of high risks while driving compliance with Microsoft’s Security Policy and applicable regulations enterprise wide.
As an Information Security Risk Manager, you will have an opportunity to drive projects that focus on reducing the enterprises most impactful information security needs. The candidate must have proven Project Management capabilities, IT acumen breadth, and strong information security knowledge. This candidate must have excellent written and verbal communication skills, strong attention to detail, and the ability to effectively communicate and present to senior executives.
Additionally, you must be able to work well under pressure while being both agile and flexible, and have the ability to easily navigate ambiguity and change. Key to being successful in this role is the ability to influence, collaborate, and empower individual’s enterprise wide to focus on risk reduction and the protection of Microsoft’s information assets.
Core responsibilities will include:
•Partnering with teams to identify risk patterns across the enterprise in a data driven way to enable identification and reduction of the enterprises most impactful information security needs
•Facilitating the development of remediation/mitigation plans by partnering with key stakeholders
•Preparing content to senior leadership to make risk based decisions on the remediation of risks
•Driving timelines and execution of remediation plans Measuring, proactively reporting, and tracking status of remediation plans
•A BS/BA in Information Systems, Business or related field or the equivalent experience
•5+ years experience in Information Security or related fields
•5+ years experience in project management
•3+ years experience working with risk management frameworks, 5+ years a plus
•Excellent verbal and written communication skills to a diverse audience
•Strong cross group collaboration and team player
•Ability to deal with ambiguity and complex problems
•Excellent interpersonal communication, executive presence, and presentation skills
•Experience driving business transformations and process improvement expertise
•Proven business and IT acumen
•Proven track-record influencing without authority, resolving conflict, and measuring results
•CRISC, CISM, or CISSP certification preferred
•PMP certification preferred
•Management or consulting experience in establishing or managing 3rd party risk management programs a plus
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to firstname.lastname@example.org.
A little about us:
Microsoft offers training and employment opportunities to help you turn your military experience and skills into a civilian technology career.