Business Program Manager ( Risk Management and Compliance )

Microsoft   •  

Redmond, WA

Industry: Software


Less than 5 years

Posted 398 days ago

Each day our world creates new technology. New devices, new apps, new services. Which means new ways to do things, new ways to connect, new things to learn. And while each holds the promise of helping us get more done, with less effort, too often they simply become one more thing competing for our scarce time and attention. That’s why we need to rethink the way we make technology, and not simply make more. That’s why we need to reinvent productivity. Microsoft is helping people achieve more by giving them the best possible tools for any moment.  

So how does Core Services Engineering help Business Program Managers? Core Services Engineering (CSE) has two roles at Microsoft. First is the traditional enterprise CSE role. We keep everything running smoothly, and ensure employees have a great experience as they collaborate with colleagues, customers and partners in over 100 countries. Second, we’re the company’s first commercial customer to deploy Microsoft software, services and hardware at scale.

We innovate using cloud, BI and Big Data, mobile, social and security software and services, deploy and manage it, then provide the feedback and advocate for our customers with the Microsoft product engineering teams. In the end, we showcase our work to the industry.   Core Services Engineering provides career growth opportunities, a rewarding and flexible work environment so you can better integrate your professional and personal life.

Core Services Engineering employees make global impact on hundreds of thousands of customers and employees who use Microsoft software and services.   Are you a Program Manager who is passionate about managing risk and safeguarding company assets? If yes, then this is the role for you!

Microsoft’s DigitalSecurity and Risk Engineering (DSRE) team is looking for a motivated individual to track remediation activities and monitor compliance enterprise-wide, across critical application and infrastructure systems.  

• The ideal candidate should have strong project management capabilities and experience with DigitalSecurity and Regulatory Compliance programs.

• This candidate must have excellent written and verbal communication skills and a passion for quality.  

• The key to being successful in this role is understanding when a critical problem arises and then demonstrating a structured and systematic approach to investigating and solving it.  

• Additionally, this candidate should be able to work collaboratively with technical Security Engineers to understand security issues and assist driving risk mitigation or remediation with the client.    

• This person will also be a key contributor to further enhance DSRE’s Compliance services and continual risk mitigation of Microsoft information assets.    

This role requires the ability to:    

• Drive timely response to security, regulatory and privacy findings across Core Services Engineering and the enterprise.  

• Triage and facilitate remediation plans and exception requests through the Risk Treatment process to ensure completeness, accuracy, and data quality to help management make risk-informed decisions.  

• Monitor and drive the timely closure of remediation plans and exception requests    

• Facilitate discussions between Customers and Security Analysts to drive clarity on security issues and next steps.  

• Prepare exception requests for senior management review and approval.  

• Submit change requests and perform UAT testing for enhancements to the Core Services Engineering instance of RSA Archer (EGRC) to increase the efficiency and effectiveness of the Risk Treatment process.  

• Support and sustain the accuracy and integrity of the Risk Treatment data  

• Manage metrics and executive dashboards for recurring management meetings.    

• Communicate key performance indicators on progress status and compliance reporting.  

• Maintain and enhance customer training materials and communications.  

Requirements/Qualifications and Previous Work and Related Experience (including educational requirements):  

•   Sound problem solving and attention to details.  

•   Excellent verbal and written communication skills.  

•   Strong cross group collaboration and team player.  

•   Ability to deal with ambiguity and complex problems.  

•   A BS/BA in Information Systems, Business or related field or 4years equivalent work experience.  

•   3+ years project management, help desk, or administrative assistance experience    

•   Knowledge of industry security standard frameworks, such as CISM, CISA, ISO27001, NIST is a plus.  

•   Applied understanding of common application/infrastructuresecurity and software development lifecycle is a plus.