|Location:||Redmond, Washington, Reston, Virginia|
|Job Type:||Full Time|
Sr. Program Manager-IT Federal Compliance
Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!
This position leads the IT & Security Federal Compliance Program and oversees the execution and monitoring of Microsoft’s Federal IT & Security compliance program. The position leads the ongoing enhancement, engineering, management and operation of Microsoft’s IT & Security Federal Compliance Program using methods consistent with Department of Defense Programs, Instructions, and Manuals, National Institute of Standards and Technology guidelines, Microsoft’s internal policies, industry standards, and best practices. The goal of this program is to ensure a state of IT and security compliance. With Microsoft’s substantial current and continued growth in the federal business, this is an exciting role and team that will continue to grow and expand in responsibility. This is your opportunity to get in while the team is growing and drive and influence the future.
This is an individual contributor engineering PM role part of Microsoft’s Digital Security Risk Engineering’s (DSRE’s) Governance, Risk, Continuity and Compliance (GRCC) team. GRCC’s mission is to ensure risk reduction and accountability of high risks while driving compliance with Microsoft’s Security Policy and applicable regulations enterprise wide. The role will require an experienced individual to play a lead security & IT compliance role in our Federal environment as it continues to grow.
The ideal candidate will have a successful track record of managing and implementing IT and security federal compliance programs, leading the management, training and development of stakeholders and teams in federal programs of large enterprises or with government organizations, and measuring the effectiveness of the overall program. You should be a subject matter specialist in IT and security federal compliance requirements, Sarbanes-Oxley compliance, and have experience in setting and successfully executing against federal IT and security compliance obligations. Knowing how to influence others without authority, including leadership, is a skill that is critical to the success of this role. You should have a track-record and comfort working with a diverse set of individuals such as engineers, program managers, compliance and risk managers and using data to influence leadership in written and verbal communications.
Responsibilities will include:
- Lead the IT & Security Federal Compliance Program including but not limited to the identification, management, monitoring, operation, ongoing enhancements, and engineering of compliance requirements to enhance engineer’s ability to adhere to unclassified controlled information (CUI) and financial contract information (FCI) with a particular focus on Defense Federal Acquisition Regulation Supplement (DFARS), Cybersecurity Maturity Model Certification (CMMC) and Sarbanes-Oxley IT compliance (SOX).
- Provide stakeholders day-to-day federal IT and cybersecurity compliance, and SOX thought leadership, oversight with engineering technical reviews and the review of control system artifacts to ensure that cybersecurity and SOX requirements are incorporated early, that the implementation of the requirements is maturing across the acquisition life cycle, and driving controls automation.
- Set and maintain IT and security federal requirements, milestones, trainings and awareness needs, lead IT compliance change management initiatives to make change stick with engineers for existing applications and infrastructure as well as future needs.
- Facilitate and support implementation of information security measures and procedures, including the reporting of incidents and appropriate reporting chains and coordinating system-level responses to unauthorized disclosures in accordance with Reference DoD Manual 5200.01, Volume 4, DoD Information Security Program: Controlled Unclassified Information (CUI).
- Lead or support gap assessments, cybersecurity inspections, tests, control reviews and coordinate mitigation with affected parties.
- Drive project and program direction, measure and demonstrate program effectiveness, represent program and present results and risks to and influence senior leadership.
- Inspire the team and foster a workgroup environment of collaboration, excellence and efficiency.
- 5+ years’ experience driving large, complex security and IT or engineering compliance programs for a federal program or federal entity with a particular focus and subject matter expertise around Defense Federal Acquisition Regulation Supplement (DFARS), Cybersecurity Maturity Model Certification (CMMC) and/or Sarbanes-Oxley IT compliance.
- 3+ years’ experience with Azure or similar cloud-based services for enterprise or federal stakeholders / entities.
- 3+ years’ experience influencing middle management and senior leadership through delivering excellent verbal and written communications.
The successful candidate must be a U.S. Citizen.Citizenship Verification: This position requires verification of US Citizenship to meet federal government security requirements.
- 3+ years’ experience as a strong cross group collaborator and team player, dealing with ambiguity and complex problems, and resolving conflict.
- 5+ years’ experience with Department of Defense 8500.01: Cybersecurity; DoD Instruction 8510.01 Risk Management Framework for DoD Information Technology; DoD 8582.01: Security of non-DoD Information Systems Processing Unclassified Nonpublic DoD Information; and the Cybersecurity Maturity Model Certification process.
- 5+ year’s experience working with and applying internal control general computer control and risk management-based frameworks (e.g., COBIT, ISO 27001, NIST Special Publications 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems; 800-53: Security and Privacy Controls for Federal Information Systems and Organizations; 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations).
- 5+ years’ process and program improvement experience including measurement of value and benefits achieved.
- Relevant certification(s) (e.g., CRISC, CISM, CISSP, CAP, Sec+, CASP).
- Experience with Archer or similar governance, risk, and compliance platform/tools.
- An active security clearance.
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
- Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.