Security & Compliance Program Manager Microsoft
Redmond, WA

Job Description

It is an exciting time to be with Microsoft 365! The M365 Trust team is looking for highly-driven PMs to deliver on compliance obligations - arguably the most crucial component of Microsoft's long-term success.

THE TEAM:

We are a high-performing group of self-motivated individuals. We each have specializations that make us critical to the team. We have clearly defined roles, and everyone is highly accountable for results in their area. We laugh at ourselves, and we have fun with each other, and every person sincerely respects everyone else on the team. We root for each other, we cover each other's backs, and we bounce ideas off each other. But above all else, we are 100% honest with ourselves and each other

Qualifications:

* 3+ years of Program Management experience with baseline management
* 3+ years of Program Management experience running a technical vulnerability remediation program (patching, web app vulns, network vulns, etc.)
* 3+ years in data analytics (advanced SQL skills a must)
* 1+ year creating Power BI reports
* Clear focus on pragmatic solutions to practical problems
* Demonstrated ability to use data to influence & drive decisions
* BS/MS in computer science or related field or equivalent work experience
* Stellar cross group collaboration (soft skills)
* Ability to communicate with external customers (i.e. those with a customer service background have excelled here in the past).
* Ability to work independently in highly ambiguous environments
* Previous experience with compliance certifications and audits would be helpful (ISO 27001, FISMA/FedRAMP, SOC, etc.)

Candidates must be able to meet security screening requirements for this role, which may include specialized agency background checks (national and local) and fingerprinting. All employees hired into roles supporting Cloud Offerings will also be required to pass Microsoft Cloud background checks prior to the start of employment and every two years thereafter. Ability to meet Microsoft, customer, and/or government security screening requirements is required for this role.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

THE JOB:

You will be responsible for (re)architecting and overseeing Microsoft 365's compliance/configuration baseline program. This includes overseeing configuration baselines for USGCB, CIS, STIGs and others that apply to technologies like SQL, IIS, and Windows Server. Initially this role will focus on redefining the position of baseline management as it relates to audit standards and customer expectations. Longer term, you will build out and head a comprehensive baseline management program. This includes working with teams to come up with remediation plans, approving/denying exceptions and downgrades, and presenting output to auditors and customers. You will also opportunistically look for ways to take the output of the baseline program to benefit other related programs (for example, applying baseline data to risk downgrades in other areas).

IDEAL CANDIDATE:

We are looking for an optimistic and positive team member who focuses on what is possible and doesn't get stuck with what is wrong. We need someone who is pragmatic and who can accept (and is excited) that each day brings new challenges. Configuration baselines is a huge undertaking in a complex environment, so we also need someone who can prioritize and focus.

This position favors a data analyst with a technical security background. We're looking for someone who understands Group Policy, and is comfortable talking about Windows registry keys, but also someone who can think broadly about problems, put them into context, and assert the true risk associated with defined configurations. You should also have experience working with large SQL data sets and analyzing them with tools like Power BI.

Lastly, you should have experience (and enjoy) working directly with demanding external customers. While this is not a daily part of the role, our broad customer base may not always agree with our baseline positions (for example, different regions of the world have different, conflicting baseline requirements). You'll work directly with customers (mostly government agencies) to articulate our position on baselines, and to discuss concerns they may have regarding potential vulnerabilities as it relates to baseline configurations.