Risk Manager
Redmond , Washington
October 23, 2017
Are you interested in being part of an environment and culture that ensures the right tone-at-the top? Are you looking for an opportunity to facilitate and drive information security requirements into everything Microsoft does? If so, please read on, as this may be the right role for you. Microsoft Core Services and Engineering (CSE) is for those professionals and business technology professionals who want to be strategic partners to the business and be the first place to create innovative solutions using all of Microsoft’s products and services.
Microsoft Core Services and Engineering provides career growth opportunities, a rewarding and flexible work environment so you can better integrate professional and personal life. Inspiring what’s next, Microsoft Core Services and Engineering employees make global impact on thousands of customers and thousands of employees who use Microsoft software and services. We provide Digital Security and Risk Engineering. And we’re kind of a big deal.

CSE’s Digital Security Risk Engineering (DSRE) team is looking for a policy management professional to actively engage and lead the policy and standards management program for DSRE. The role reports into DSRE’s Governance, Risk, Compliance, and Continuity (GRCC) team. GRCC’s mission is to ensure risk reduction and accountability of high risks while driving compliance with Microsoft’s Security Policy and applicable regulations enterprise wide. In this role you will have an opportunity to drive a program that focuses on embedding CSE’s information security requirements into everything we do and facilitates and supports Standards management for other CSE areas such as but not limited to privacy, business continuity, and IT compliance.
The candidate must have proven Policy Management capabilities and strong information security knowledge. This candidate must have excellent written and verbal communication skills, strong attention to detail, and the ability to effectively communicate and present to senior executives. Additionally, you must be able to work well under pressure while being both agile and flexible, and have the ability to easily navigate ambiguity and change. Key to being successful in this role is the ability to influence, collaborate, and empower individuals.

Core responsibilities will include:
•Lead the Standards Management program including:
(i)setting the Standards management annual program vision and direction;
(ii)managing the processes to identify new / changes to information security requirements;
(iii)documenting, publishing & communicating standard changes to relevant stakeholders;
(iv)enabling upstream controls,
(v)enabling standards health measurement, and
(vi)facilitating training needs due to risk, compliance and Standards health
•Lead an FTE and from time to time vendors/suppliers in driving the Standards Management program
•Meet and coordinate with stakeholders to understand updates needed to Standards and Standard management repositories, communication, and governance capabilities, and execute on those needs Be first line of defense in assisting the team remove road blocks
•Mentor team members in Standards Management better practices, and other topics as needed
•Drive Standards and Control Procedures management including but not limited to day-to-day governance processes for content and program health (e.g., provide routine status on content and program health)
•Facilitate content and tool updates and updates to supporting processes
•Ensure updated Standard Management program documentation (e.g., SOP, stakeholder material, tracking documents, vision documents)
•Drive and support other key risk management projects (e.g., data driven risk modeling), as necessary

Those that do not have the below required qualifications need not apply.
•3+ years experience consulting or running a policy management program,
•5+ years a plus
•5+ years experience in Information Security or related fields
•5+ years experience in project management
•3+ years experience working with risk and compliance management frameworks
•A BS/BA in Information Systems, Business or related field or 7+ years equivalent experience
•GRCP, CRISC, CISM, CISSP, and PMP certifications

•Excellent skills in setting a policy management programs vision and direction and executing towards that vision and direction.
•Greater focus will be placed on candidates with this experience in the Information Security domain
•Experience managing a policy management program including
(i)documenting and publishing information security policy requirements;
(ii)creating communication and training plans and curriculums based on policy changes and health
•Excellent verbal and written communication skills to a diverse audience
•Strong cross group collaboration and team player
•Ability to deal with ambiguity and complex problems
•Excellent interpersonal communication, executive presence, and presentation skills
•Experience driving business transformations and process improvement expertise
•Proven business and IT acumen
•Proven track-record influencing without authority, resolving conflict, and driving results
•Demonstrated experience with controls based information security frameworks (e.g., ISO 27001, NIST CSF, NIST 800-53, COBIT)
•Leading a policy management program for information security
•Experience creating training and communications plans and matrices
•Experience with Archer or similar GRC platform
•Demonstrated experience with controls based information security frameworks (e.g., ISO 27001, NIST CSF, NIST 800-53, COBIT) and/or Enterprise Risk Management frameworks (e.g., COSO ERM, ISO 31000) Microsoft is an equal opportunity employer.

All qualified applicants will receive consideration for employment without regard to race, color, gender, sexual orientation, gender identity or expression, religion, national origin, marital status, age, disability, veteran status, genetic information, or any other protected status.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to askstaff@microsoft.com.

A little about us:
Microsoft offers training and employment opportunities to help you turn your military experience and skills into a civilian technology career.

Know someone who would be interested in this job? Share it with your network.