Overview

Microsoft’s Cloud business is experiencing explosive growth, and the Cloud Supply Chain (CSCP) organization is responsible for enabling the infrastructure underlying this growth. Our mission is to deliver the world’s computer with an industry-leading supply chain. CSCP is responsible for strategic sourcing, customer demand forecasting, capacity planning and management, supply chain planning and execution, capacity provisioning, and decommissioning and dispositioning of datacenter assets worldwide.

The Security, Risk & Compliance team is seeking a Senior Risk Program Manager with proven project management experience, organization and communication skills, attention to detail and the ability to foster cooperation and trust across varying groups and management levels. This position will identify, assess, action, monitor, and control risks, support projects, influence policies, and support the operational cadence of third-party supplier compliance and risk assessments. The Senior Risk Program Manager will have experience leading by influencing cross-functionally without direct authority. They will actively engage with business partners and suppliers to evaluate risks, provide subject matter expertise, and measure a supplier’s maturity and inherit risks. This role will focus on environmental and conflict minerals governance and risks.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

Responsibilities

Risk Assessment

• Develops the process and methodology for the risk management lifecycle (e.g., data collection and data analytic methods). Reviews relevant internal and external information and/or reports (e.g., threat intelligence reports). Gathers and analyzes information from client team representatives and conducts interviews or focus groups with job incumbents within a business unit to identify risks, determine the degree of risks within the work environment, identify any relevant data sources, and gather additional relevant context independently. Independently analyzes the information to understand the risk associated with the job, project, or process and root causes of the risks.

• Scores risks using appropriate risk profile scoring and leverages scores to determine risk prioritization. Contributes to development of risk scorecard(s) by assigning weighted scores to identified risks by leveraging risk management models and rating criteria.

Risk Governance

• Manages relationship with stakeholders from a single line of business. Independently presents risk assessment information describing relevant behaviors, activities, or processes and the identified risks associated with them to ensure awareness and support. Explains risk related terms and concerns and connects them to appropriate business spaces. Collaborates with the stakeholders to determine an appropriate course of action.

• Identifies ownership and determines accountability to stakeholders for top risks and top mitigating activities. Reports on the level of risks continuously and updates the accountability owners on the status. Ensures that the risks are being mitigated and any issues that arise are being addressed in a timely manner.

Risk Remediation

• Drafts mitigation plans and processes (including appropriate risk registers and controls on risks) and helps accountability owners understand the plans to reduce risk. Ensures alignment and agreement with risk reduction plans and processes, and that accountability owners have the capacity to drive the mitigation plan independently. Holds accountability holders responsible for driving risk down. Coordinates across the different accountability owners to ensure teams are tracking and trending properly.

• Reviews risk governance to ensure a particular risk area is receiving the appropriate amount of attention. Identifies any concerns related to risks being monitored and reviews any related output.

Data Analytics and Risk Insights

• Senior Risk Program Manager contributes to the development of the risk assessment model. Obtains the appropriate datasets internally or externally to ingest into the risk assessment model. Determines what information is needed and how the information is applied in the model independently. Builds and sustains analytical models. Ensures appropriate data is available.

• Identifies the correct methodology and framework for risk modeling independently. Leverages the appropriate datasets and up-to-date risk methodologies, determines critical information to include in the model(s), and makes in-depth recommendations to update the model as necessary.

• Leverages pertinent information from risk assessment modeling output to gather risk insights on resource prioritization, root causes, risk identification, and top risk-related mitigation.

Issue and Exception Management

• Assesses policy and procedure exception requests. Ensures understanding of the request rationale and presents any alternative options for compliance independently. Determines appropriate mitigation plans and timelines for exception expirations for projects.

Other

• Embody our culture and values

Qualifications

Required Qualifications

• 6+ years experience in Risk Management, Privacy, Security, Compliance, Government Intelligence, Operations, Auditing, and/or Finance

• OR Bachelor's Degree AND 4+ years experience in Risk Management, Privacy, Security, Compliance, Government Intelligence, Operations, Auditing, and/or Finance

• OR equivalent experience.

• 3+ years’ experience with environmental, social, and governance (ESG) standards and guidelines

Other Requirements

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications

• Bachelor's Degree in Risk Management, Engineering, Government Intelligence, Security, Cybersecurity, or Information Technology, or related field AND 8+ years experience in Risk Management in the context of Operations, Engineering, Information Technology, Business Analyst, Consulting, Auditing, Privacy, Security, Compliance, Government Intelligence, and/or Finance

• OR Master's Degree in Risk Management, Engineering, Government Intelligence, Security, or Information Technology, or related field AND 6+ years experience in Risk Management in the context of Operations, Engineering, Information Technology, Business Analyst, Consulting, Auditing, Privacy, Security, Compliance, Government Intelligence, and/or Finance

• OR equivalent experience.

• Membership with a relevant risk domain area association including: International Association of Privacy Professionals (IAPP), International Information System Security Certification Consortium (ISC)2, and Information Systems Audit and Control Association (ISACA), Certified Internal Auditor (CIA), Society for Corporate Compliance and Ethics (SCCE), Disaster Recovery Institute (DRI), Certified Business Continuity Professional (CBCB), Committee of Sponsoring Organizations of the Treadway Commission (COSO), and Institute of Internal Auditors (IIA).

Risk Management IC4 - The typical base pay range for this role across the U.S. is USD $94,600 - $183,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $122,000 - $200,500 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until XXX, XX,XXX.

#cscpjobs

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .