Address
Form of work
SalarySuccessful business relationships are built on trust and shared values – this is an opportunity to join the team that programmatically helps Microsoft suppliers understand our values and data protection expectations. We hold suppliers to a set of privacy and security standards that consider cybersecurity risk, regulatory obligations and personal data rights, so that our customers can use our products and services with confidence.
This is an opportunity to bring your security thought leadership to interactions with suppliers and security colleagues so that you can integrate updated security controls into compliance processes to reduce risk to the company.
You will build out well-tested and piloted requirements before adding them to production and will then help suppliers meet these standards by providing practical guidance. To improve security practices across the supplier base you will develop or re-purpose training collateral to fit your security education strategy. You’ll engage with incident response colleagues to hear impacts firsthand and together outline mitigation strategies during incident retrospectives.
We are looking to hire a Security Policy Manager
to join our team.
This role is for a skilled communicator, you will hold discussions with supplier security leaders where you take a security position with confidence, explain it in clear terms, listen to all views and can frame your perpectives and recommendations.This is a security standards and compliance role, integral to an assurance program.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.
Responsibilities
- As our security subject matter expert (SME), you will lead the team on security-related compliance escalations, working with Procurement colleagues, suppliers and business owners.
- Build relationships with security colleagues to continually learn about the threat landscape so that you can drive targeted changes to the set of security standards we manage. Recommend proactive supplier strategies to minimize events
- Establish a training strategy aimed at improving supplier awareness of threats and how to mitigate to protect their own companies and by extension, Microsoft.
- Help with the foundational work to build next generation compliance management processes using AI Technologies that secure automations to enable the program to broaden coverage.
- Stay informed about emerging cybersecurity regulations, Executive Orders, industry certifications and new security technologies bringing recommendations to the team early in response.
- Develop own our incident response playbook for privacy and engage with the Privacy incident response community as our point of contact (POC). Organize and lead our response v-team refining our approach as needed.
- Uphold program integrity and standards as a compliance manager, you’re comfortable consulting others to peer review your thinking making cohesive judgement calls that build a trusted supplier base.
Other
- Embody our culture and values
Qualifications
Required/Minimum Qualifications
- Bachelor's Degree in Science, Business, Engineering, or related field AND 6+ years experience in business, legal/regulatory, compliance, audit/consulting firm
- OR equivalent experience.
Preferred Qualifications
- 5+ year’s work experience in a security role or related background field required.
- Security Professional (CISSP) certification or relevant certification
- Ability to manage and influence difficult conversations with ease
- A background in a related field such as IT system
- Experience with administration, software development, large scale computing, incident management, security assessments or Security Policy development.
Compliance IC5 - The typical base pay range for this role across the U.S. is USD $112,200 - $194,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $142,200 - $213,200 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
