Microsoft Cloud Infrastructure and Operations is the engine that powers Microsoft's cloud services. The team is responsible for designing, building and operating our unified global datacenters; managing the demand planning and capacity utilization of our unified infrastructure; and responsible for all of the operations needed to run the physical infrastructure (including supply chain, hardware, power, security, and workflow teams). We focus on smart growth with an emphasis on automation, data driven engineering, cost-effectiveness and environmental sustainability.
We deliver the core infrastructure and foundational technologies for Microsoft's over 200 online businesses including Bing, MSN, Office 365, Xbox Live, Skype, OneDrive and the Microsoft Azure platform. Our infrastructure is comprised of a large global portfolio of more than 100 datacenters and 1 million servers. Our portfolio is built and managed by a team of subject matter experts working 24x7x365 to support services for more than 1 billion customers and 20 million businesses in over 90 countries worldwide.
We are looking for a passionate, high energy individual to help build the network that powers the world’s largest online services.
Are you looking for a challenge that puts you at the center of Microsoft's Devices and Services strategy? Are you passionate about solving the reliability, security, privacy and compliance challenges of Cloud Computing? The Online Services Security & Compliance (OSSC) team within GFS is in need of a well-organized compliance professional to help tackle these important challenges. OSSC is responsible for the security and compliance of Microsoft's Online Services and Cloud infrastructure and we are looking for a compliance program manager to join our team. This role would be responsible for helping shape the strategy by which GFS pursues and maintains certifications required by governments and the marketplace. You'll work with subject matter experts (SMEs) across the company including security and privacy champs to represent their security and compliance capabilities in order to enable customers and hosting partners to meet their compliance requirements. You will coordinate audits with internal and external auditors, review and assess service capabilities for gaps, and manage teams to achieve and sustain compliance with different standards/certifications. You will also have the opportunity to work with the business to focus the business value driven by the compliance program and interact with company-wide divisions.
This role requires an individual with proven security compliance, communication, and project management skills who can manage and enable the success of projects and drive a cross discipline project to successful completion. The position requires a person that understands and works well with different groups and that can navigate and understand different perspectives and processes. You must be able to work in a fast paced and agile environment. We are looking for someone who has the technical depth required to effectively communicate with SMEs from engineering, operations, support, and other disciplines.
Roles and responsibilities
As an information security compliance generalist, build a program around assigned audit standard including long-term strategy, milestones, partner/vendor/auditor management and final annual deliverables. PCI DSS, ISO 27001, SSAE/SOC 1 and 2 experience most valuable.
Provide internal teams with guidance, based on prior audit experience, on what to expect during an audit, of a variety of key industry and regulatory audits through all phases of the operational compliance program
Represent Microsoft's controls over regulatory requirements to external vendors, assessors, external customers and regulatory bodies
Select, manage and lead discussions with external regulators to ensure that compliance obligations are achievable in a fast-paced cloud computing environment
Select and manage key vendors to assist with the interpretation and preparation of audit activities.
Help identify and evolve audit strategy to ensure compliance program keeps pace with GFS rapid growth while reducing the impact on operational teams
Facilitate cross company collaboration in regulatory compliance by establishing partnerships with other Microsoft security teams with the overarching goal of improving trust of Microsoft and its products
Provide subject matter expertise to internal engineering groups (EG) and product teams with understanding of various compliance obligations, and working with them to develop roadmaps to achieve these compliance requirements
Influence and provide input into the development of industry security compliance standards as a Microsoft representative and subject matter expert when possible
Skills and qualifications
Strong project management skills for managing multiple concurrent deliverables/audits/certifications
Strong communication skills that can tailor content and concepts based on audience (internal stakeholders and with external customers).
Ability to translate taxonomy and apply relevant details to maximize understanding.
Ability to self-regulate through conflict management and negotiations to promote an inclusive environment and achieve the best results for all involved
The ability to work both independently and in a multi-disciplinary team environment
The ability to analyze ambiguous technical and customer situations and to determine appropriate solutions as necessary
CISA, CISSP, ISO 27001 or other compliance related certifications are a plus
A BS/BA in Information Systems, Business or related field or equivalent experience
A strong technical understanding and hands-on experience of Microsoft's GFS infrastructure is a plus.
Basic qualifications
Strong project management skills for managing multiple concurrent deliverables/audits/certifications
Strong communication skills that can tailor content and concepts based on audience (internal stakeholders and with external customers). Ability to translate taxonomy and apply relevant details to maximize understanding. Ability to self-regulate through conflict management and negotiations to promote an inclusive environment and achieve the best results for all involved
The ability to work both independently and in a multi-disciplinary team environment
The ability to analyze ambiguous technical and customer situations and to determine appropriate solutions as necessary
CISA, CISSP, ISO 27001 or other compliance related certifications are a plus
A BS/BA in Information Systems, Business or related field or equivalent experience
A strong technical understanding and hands-on experience of Microsoft's GFS infrastructure is a plus.
Experience required
?A minimum of 4 years of experience executing security compliance program
A minimum of 3 years of direct experience with organizing and conducting information security audits.
Direct experience with security, compliance and regulatory frameworks- including PCI DSS, ISO 27001, SSAE/SOC 1 and 2, FedRAMP, Privacy, NIST certification and accreditation processes.
Direct experience interpreting industry and regulatory requirements and authoring supporting controls
A solid track record of achieving success through teamwork and collaboration, resolving conflict, and measuring results.
A career trajectory that shows consistent, excellent performance in challenging and evolving roles.
Strong project management skills for managing multiple concurrent deliverables/audits/certifications
Strong communication skills that can tailor content and concepts based on audience (internal stakeholders and with external customers). Ability to translate taxonomy and apply relevant details to maximize understanding. Ability to self-regulate through conflict management and negotiations to promote an inclusive environment and achieve the best results for all involved
The ability to work both independently and in a multi-disciplinary team environment
The ability to analyze ambiguous technical and customer situations and to determine appropriate solutions as necessary
CISA, CISSP, ISO 27001 or other compliance related certifications are a plus
A BS/BA in Information Systems, Business or related field or equivalent experience
A strong technical understanding and hands-on experience of Microsoft's GFS infrastructure is a plus.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, gender, sexual orientation, gender identity or expression, religion, national origin, marital status, age, disability, veteran status, genetic information, or any other protected status.
XGFSXOSSC:CHWE*LI
O:MSGFS
EmoticonEmoticon