|Job Type:||Full Time|
Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!
Do you have a passion for cybersecurity and compliance? Like working across a complex organization while influencing different teams? Enjoy solving complex problems and difficult challenges? Are you an excellent communicator who loves to write for, and present to senior leaders? Are you good at clarifying complex ideas? Microsoft is looking for an experienced security leader to be the Director of our Federal Governance, Risk, Continuity, and Compliance (GRCC) Team. This role includes managing the team that is responsible for the execution of GRCC services for federal environments at Microsoft.
The Federal Audit and PMO Director will be responsible for overseeing and coordinating the Governance, Risk, Continuity, and Compliance (GRCC) processes, which involve socializing GRCC across Core Services Engineering to promote awareness and effective management of business, technology, and information risks, issues, and opportunities. As the Director of Federal efforts, you will be responsible for crafting and driving execution against the strategic direction for the program, and providing advice and guidance to the senior leaders to enable the business to meet regulatory requirements. You will act as a leader working across the organization and with enterprise risk groups to develop and implement risk management solutions to ensure continued stability and success. You will be expected to drive organizational change to better manage risk in an open, collaborative environment where new ideas and solutions are welcomed. In this role, you will apply your strategic leadership, proactive thinking, problem solving, collaboration and communication skills and the ability to adapt to change quickly.
The ideal candidate has excellent organizational, and communication skills and in-depth experience working with federal cybersecurity and privacy regulations (e.g. CMMC, DFARS, DoD SRG, FedRAMP, NIST 800-53 Appendix J, etc.). Qualified candidates will have experience dealing with auditors, preferably in the federal services industry. Candidates should also have experience interacting with and influencing senior executives. The role demands a focused individual who thrives in a fast-paced, dynamic, and collaborative team environment. Candidates must also display strong judgment, leadership, and integrity.
Candidate must be able to travel nationally, as required.
Responsibilities will include:
Oversee the Federal Audit and PMO:
- Understand and integrate with all the federal compliance programs at Microsoft.
- Drive the federal GRCC program strategy across impacted teams.
- Stay current on the changing regulatory environment and understand the impacts to the organization.
- Create and manage audit plans including activities (plans to assess control compliance), timelines, and dependencies.
- Coordinate and manage internal and external audits/certifications.
- Maintain program reporting and dashboards (status, milestones, etc.)
Drive cross-organizational collaboration:
- Coordinate with various federal teams within GRCC and work with Engineering Groups, Legal, Technical Operations, and Cybersecurity teams to collect materials needed to meet the audit requirements.
- Interact directly with executives, senior leaders, and cross-functional teams to explain audit requirements.
- Partner, interact, and support internal delivery teams and provide guidance on policies, standards, and procedures.
- Support program management activities across the different federal programs at Microsoft.
Represent Microsoft with Customer and Auditors
- Ensure audits are appropriately planned and coordinated.
- Work with the team to prepare documentation for audits.
- Lead discussions and respond to auditor and customer inquiries.
- Ensure all audit and customer follow ups are addressed and completed.
Improve processes and procedures:
- Analyze information to proactively identify risks, trends, and process improvements, support reporting on risk topics to management.
- Continuously seek out and implement process improvements designed to simplify and improve the efficiency, agility, effectiveness, transparency, and relevance of the program.
- Enhance the risk strategy to minimize the overall impact to the enterprise.
- Perform review of control design for gaps and weaknesses and drive control improvement.
- Proficient and structured problem solving and effectively leading others in root cause corrective action analysis.
People Management and Talent Development:
- Help build and manage a team of high performing individual contributors to help with their on-going development.
- Provide real-time team feedback and coaching.
- Participate in Manager meetings and offer insights into how ISRM management can improve.
- Complete all HR people manager requirements.
- BS/BA in Cybersecurity, computer science, risk management, auditing, or related field or equivalent experience.
- 10+ years in a Program Management, Cybersecurity Risk Management, Compliance, or related role.
- Experience driving major audits or working with auditors (particularly government audits).
The successful candidate must be a U.S. Citizen.
Citizenship Verification: This position requires verification of US Citizenship to meet federal government security requirements.
Proven ability to drive large scale complex programs with high collaboration and leadership.
- Outstanding communication skills with the ability to clearly articulate complex issues.
- High-level of executive maturity and experience working with leadership.
Candidate must be able to travel nationally, as required.
- Ability to deal with ambiguity and agility to learn new skill sets while delivering.
- Deep knowledge and understanding about industry compliance and security standards including one or more of the following: CMMC, DFARS, DoD SRG, FedRAMP, NIST 800-53 Appendix J.
- Information Security & Compliance certifications (CISSP, CISA, CISM, etc.).
- Direct experience working with cloud platforms and solutions.
- Diverse knowledge of control methods, techniques, and standards.
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
- Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.