OverviewImplementing Government Cyber Security policy & providing guidance (i.e. NIST, NISPOM, DAAPM, etc.). Partner with facility FSO/CSSO to set establish goals, gather performance metrics, document and streamline relevant processes and execute strategies that enable business. Engage with engineers, program managers to perform assessments of systems and networks within an environment, identify deviations with DoD/DISA defined acceptable configurations or local policy. Ensure Information System (IS) assessments are achieved through passive evaluations such as compliance audits and active evaluations. The ISSM will also be accountable to lead efforts to establish strict program control processes to ensure mitigation of risks.
ResponsibilitiesBusiness Program Evaluation and Improvement- Oversees teams who collect and evaluate success criteria (e.g., ROI, SLAs, OKRs, KPIs) and performance metrics (e.g., acquisition, usage, impact, effectiveness, customer feedback), to use scorecards and dashboards to monitor programs and ensure all activities align with business and program objectives, and to report up to leadership and create leadership visibility. Ensures teams optimize data analytics (e.g., scenario analyses) to derive insights and training that help identify current and future program risks and mitigation plans and opportunities to streamline and optimize programs based on lessons learned that impact the broader unit and/or Microsoft, and plan to sunset programs that are no longer necessary or meeting objectives.
- Oversees teams who utilize direction and strategy from leadership advocate and influence sponsorship regarding business area of expertise in order to create and execute plans that shift current priorities to new organizational initiatives and objectives, and influences others to change behavior accordingly. Provides strategic guidance to help teams define vision and strategy for change, broad and specific impact, and the flow of communication and interaction with the organization to drive change management processes. Acts as a subject matter expert when helping teams ensure buy in and adoption of the new program or change by others in the organization using change management methodologies and techniques. Ensures teams develop the collateral required to enable key stakeholders and others to be onboard. Oversees teams who drive the identification of training and reskilling needs, and mapping of individuals in partnership with Human Resources (HR). Oversees teams on driving partnership with business process outsourcing (BPO) vendors to ensure that their contractors have the proper skills and capabilities Microsoft requires.
- Oversees teams who conduct cost-benefit analyses to examine performance to value drivers (e.g., profit and loss [P&L], return on investment [ROI]). Helps teams drive monthly business review (MBR) and helps teams run rhythms regularly to identify what is working and what is not and make improvements accordingly.
Business Program Excellence and Execution- Translates the strategy into team priorities when overseeing teams who evangelize the program to stakeholders, partners, and customers to gain buy in. Provides expert guidance to help teams leverage data and performance metrics (e.g., OKRs and KPIs) to demonstrate the value of the program and show business impact through storytelling and using scorecards and realtime dashboards. Ensures teams adapt communication style and storytelling strategy according to audience and business needs.
- Translates the organizational vision and direction into team priorities when overseeing teams who define and execute on a landing and communication plan (e.g., target audience(s), communication strategy) informed by Microsoft's security principles, and gets feedback from teams if communication has landed. Drives teams to maintain the rhythm of business (ROB) during plan execution to ensure participants and stakeholders are communicating and responding according to the necessary cadence. Oversees teams who work across teams (e.g., Landing, Design, Engineering, Supply Chain, Finance, Technical Program Management) to ensure all program requirements are understood and can be met.
Business Program Management- Oversees teams who overlook a portfolio of projects including the project plan, documentation of roles and responsibilities (e.g., responsible, accountable, consulted, informed [RACI] framework), timelines, milestones, financial management, performance metrics, and resource needs for programs. Ensures capacity of the team is aligned to project workload and complexity. Ensures teams communicate the program status to relevant stakeholders and holds them accountable for following the established schedule, risk mitigation plans, and processes. Establishes objectives and success criteria for the project in an inclusive collaborative manner with all stakeholders.
- Oversees teams who act as system architects to understand how systems work and impact one another using process flow mapping tools. Shares industry expertise to help teams work with other teams (e.g., Supply Chain, Engineering, Sales) and senior stakeholders to ensure program processes are rigorous, informed by security principles and executed efficiently. Ensures teams develop processes around scope and scheduled changes for programs, and provides strategic guidance and collaboration on how to communicate it to stakeholders. Ensures teams recognize process gaps/inefficiencies and drives strategies for optimization.
Business Program Planning and Design- Oversees teams who work with cross-functional (e.g., organizational, product, business) stakeholders (e.g., Engineering) to design security-, privacy-, and other regulatorily-compliant programs from initiation to delivery. Scales the delivery of collateral (e.g., proposals, strategy walking deck, internal and external pitch content) to incorporate stakeholder needs and ensure the business objectives are met. Simplifies complex inputs into program design.
- Applies subject matter expertise when overseeing teams who define and track the success criteria (e.g., return on investment [ROI], service level agreements [SLAs], objectives and key results [OKRs] and key performance indicators [KPIs]) and performance metrics (e.g., quality, adoption, usage, impact, effectiveness) for the program, and identify which data will result in data-driven decision making.
- Oversees teams who identify and scope opportunities to develop new programs and improve current ones impacting the broader unit and/or Microsoft. Acts as an industry subject matter expert to help teams identify and resolve root problems (e.g., root-cause analysis), define the program strategy, establish and maintain alignment with stakeholders/leaders, gather program requirements, identify resource needs, create the project plan and targets, and work across teams to align on the plan of record. Drives teams to improve operations of existing programs by identifying appropriate methodologies and best practices, defining and diagnosing program issues, assessing various scenarios, and selecting the optimal scenario to resolve issues. Contributes to or sets strategy to drive clarity in complex program issues and strive for simplification. Holds team accountable for driving the incorporation of security principles into all planning processes.
- Oversees teams who perform program landscape research and analysis (e.g., internal and/or external market, sales, delivery), forecasting, and examine business insights and trends (e.g., customer feedback and expectations) to identify stakeholders and program scope, stay current, agile, and competitive, drive clarity, and deliver energy and results of outcomes impacting the broader unit and/or Microsoft. Oversees teams solving complex problems and synthesizing across organizational boundaries. Provides strategic direction to help teams demonstrate thought leadership when contributing to overall business goals, objectives, and strategies, as well as short- and long-term business priorities (e.g., artificial intelligence [AI], security, efficiency, quality). Ensures teams understand and identify current program risks, impact, and develops mitigation plans impacting the broader unit and/or Microsoft.
People Management- Managers deliver success through empowerment and accountability by modeling, coaching, and caring. Model: Live our culture. Embody our values. Practice our leadership principles. Coach: Define team objectives and outcomes. Enable success across boundaries. Help the team adapt and learn. Care: Attract and retain great people. Know each individual's capabilities and aspirations. Invest in the growth of others.
Security Program Governance and ComplianceProgram control processes or content for assessment artifacts in scope will include:
- Manage COMSEC accounts, equipment lifecycle and COMSEC custodians
- Manage a small team of ISSM/ISSO/COMSEC custodians.
- Process and maintain system security plans (SSP)
- Maintain knowledge in system controls for system accreditations
- Collaborate with FSOs, CSSOs, and C-PSOs as a part of secure workspace management
- Understand engineering requirements to apply controls in compliance of the NIST of the Risk Management Framework (RMF).
- Coordination with engineering leadership to enable delivery of Microsoft products & services and provide effective incident response.
- Execution of investigations to meet Federal requirements.
- Develop, create, implement, and support physical and operations security (OpSec) policies, plans, processes and training material that position the FSO and offices to operate in a manner that is compliant with relevant U.S. Government (and/or other unique environment) security standards and requirements for the physical design, construction, and operation of highly confidential and regulated projects.
- Document and improve processes around confidentiality, security, and compliance to ensure the work that is being done is conducted per Government standards.
QualificationsRequired/minimum qualifications- Bachelor's Degree in Business, Operations, Finance, or related field AND 8+ years experience in program management, process management, or process improvement
- OR equivalent experience.
- 6+ years management (e.g., people, project, process, vendor, change) experience.
Other RequirementsSecurity Clearance Requirements: Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
- The successful candidate must have an active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation(SSBI) with Polygraph. Ability to meet Microsoft, customer and/or government security screening requirements are required pre-offer and post-hire for this role. Failure to maintain or obtain the appropriate U.S. Government clearance and/or customer screening requirements may result in employment action up to and including termination.
Clearance Verification: This position requires successful verification of the stated security clearance to meet federal government customer requirements. You will be asked to provide clearance verification information prior to an offer of employment.
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Citizenship & Citizenship Verification: This position requires verification of U.S citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a
valid passport, or other approved documents, or verified US government clearance.
Preferred qualifications- Master's Degree in Business, Operations, Finance, or related field AND 12+ years experience program management, process management, or process improvement OR Bachelor's Degree in Business, Operations, Finance, or related field AND 15+ years experience in program management , process management, or process improvement
- OR equivalent experience.
- 8+ years people management experience.
Business Program Management M6 - The typical base pay range for this role across the U.S. is USD $130,900 - $277,200 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $165,600 - $303,600 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
This position wi
