Senior Risk Manager

Last updated 8 days ago
Location:Redmond, Washington
Job Type:Full Time

While you’ve heard about Microsoft’s Digital Transformation and how it’s leading our industry to the cloud, have you ever thought about becoming a key member of the team that powers this strategic effort in our company?

Core Functions Engineering (CFE) is part of Core Services Engineering responsible for building and managing the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates.

We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!

Microsoft’s Corporate Functions Engineering (CFE) team is looking for an experienced and motivated individual to help drive the continued evolution of the CFE Regulatory Compliance program. The CFE Regulatory Compliance team facilitates adherence to internal and external CFE regulatory requirements & standards through control automation, control monitoring and embedding requirements into modern engineering practices. The team works with thousands of CFE engineers, auditors, and leaders helping them attain IT regulatory requirements. The position will be part of a team that drives and monitors controls and compliance across a large and complex IT and business environment with a focus on managing and reducing enterprise risk.

The ideal candidate will have a successful track record of managing and implementing global IT controls and compliance programs, overseeing the management, training and development of IT controls & compliance for business teams in large enterprises, and measuring the effectiveness of the overall program. You should have experience in setting and successfully executing against big-picture compliance strategy. The successful candidate will be able to understand the current strategy – but also be able to envisage where we need to go to support an ever-changing company and risk environment. You should have many years’ experience with running and executing (i) IT regulatory compliance programs and (ii) IT general computer controls. You will have experience being an ambassador for a program – knowing how to communicate clearly, succinctly and influence others without authority is a critical skill. You will have experience easily navigating ambiguity and change and quickly growing a network. You should have experience working with a diverse set of individuals such as engineers, program managers, compliance and risk managers and senior leaders, and have a good understanding of current technology.


Responsibilities will include:

  • Driving CFE organizations awareness and day-to-day adherence to IT regulatory compliance requirements (e.g., ITGC SOX, CMMC, DFARS).
  • Providing IT regulatory compliance expertise, thought leadership, and trainings.
  • Leading improvements and design of innovative industry-wide IT compliance and controls automation strategies/solutions and working with engineers to ensure they’re built as designed.
  • Implementing CFE Regulatory Compliance team strategic initiatives.
  • Partner with engineering teams daily to reduce and mitigate risks.
  • Leading IT compliance related change management initiatives within the team and across the organization. Experience handling complex issues with internal and external auditors.
  • Defining & enhancing program metrics, measuring and demonstrating program effectiveness, representing the program, and presenting results and risks to and influencing senior leadership.
  • Contributing to an environment that fosters innovation and enables continuous improvement of the CFE Regulatory Compliance Program.


Required Qualifications:

  • 8+ years expertise driving large, complex IT controls / IT regulatory compliance programs (e.g., SOX, IT general computer controls) with a proven track record of delivering results on time and to budget.
  • 8+ years expertise as a Sarbanes-Oxley IT general computer controls subject matter professional and experience with industry security standard frameworks (e.g., COBIT, ITIL, ISO 27001, NIST).
  • 5+ years process and program improvement experience including measurement of value and benefits achieved.
  • 1+ years of experience working with or in an engineering and/or IT environment.

Preferred Qualifications:

  • Process improvement or project management or ISO or Six sigma certification(s) or relevant certification(s) (e.g., CRISC, CISA, CISM, CIA).
  • 5+ years experience working with and applying internal control general computer control and risk management-based frameworks (e.g., COBIT, ISO 27001, NIST CSF, COSO ERM, ISO 31000).
  • 3+ years experience implementing and measuring change and expertise in change management principles.
  • Experience with Azure or similar cloud-based services for enterprise customers.
  • Proven experience in delivering excellent verbal and written communications to middle management and senior leadership.
  • Proven experience as a strong cross group collaborator and team player, dealing with ambiguity and complex problems, resolving conflict, and influencing senior executives.
  • Proven business and IT acumen.



Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.