Risk Manager

Microsoft   •  

Redmond, WA

Industry: Software


5 - 7 years

Posted 395 days ago

The Core Services EngineeringDigitalSecurity & Risk Engineering (DSRE) team is looking for a risk management professional to actively engage and lead enterprise wide information security projects that reduce Microsoft’s Top Information Security Risks. The role reports into DSRE’s Governance, Risk, Compliance, and Continuity (GRCC) team. GRCC’s mission is to ensure risk reduction and accountability of high risks while driving compliance with Microsoft’s Security Policy and applicable regulations enterprise wide.

As an Information Security Risk Manager, you will have an opportunity to drive projects that focus on reducing the enterprises most impactful information security needs.     The candidate must have proven Project Management capabilities, IT acumen breadth, and strong information security knowledge. This candidate must have excellent written and verbal communication skills, strong attention to detail, and the ability to effectively communicate and present to senior executives.  

Additionally, you must be able to work well under pressure while being both agile and flexible, and have the ability to easily navigate ambiguity and change. Key to being successful in this role is the ability to influence, collaborate, and empower individual’s enterprise wide to focus on risk reduction and the protection of Microsoft’s information assets.


Core responsibilities will include:  

•Partnering with teams to identify risk patterns across the enterprise in a data driven way to enable identification and reduction of the enterprises most impactful information security needs  

•Facilitating the development of remediation/mitigation plans by partnering with key stakeholders    

•Preparing content to senior leadership to make risk based decisions on the remediation of risks  

•Driving timelines and execution of remediation plans     Measuring, proactively reporting, and tracking status of remediation plans  


•A BS/BA in Information Systems, Business or related field or the equivalent experience  

•5+ years experience in Information Security or related fields    

•5+ years experience in project management  

•3+ years experienceworking with risk management frameworks, 5+ years a plus  


•Excellent verbal and written communication skills to a diverse audience  

•Strong cross group collaboration and team player  

•Ability to deal with ambiguity and complex problems  

•Excellent interpersonal communication, executive presence, and presentation skills  

•Experience driving business transformations and process improvement expertise  

•Proven business and IT acumen  

•Proven track-record influencing without authority, resolving conflict, and measuring results  

•CRISC, CISM, or CISSP certification preferred  

•PMP certification preferred  

•Management or consulting experience in establishing or managing 3rd party risk management programs a plus