QualificationsIaaSAzureVisual StudioPaaSDevOpsBachelor’s degree
The Trust & Integrity Protection (TrIP) team is looking for a business first strategic thinking Director, Security Assurance for identifying, assessing, and reporting on cyber risks and driving compliance. The team is on a mission to earn customer trust and reduce risk by relentlessly protecting data and operational integrity across Microsoft customer and Partner solutions, and this role is critical to leading and transforming our security program to keep up with the threat landscape and partnering across the Microsoft enterprise in this critical area.
The Microsoft Customer and partner solutions (MCAPS) is a team of 95,000+ people across the globe that empowers our commercial and public sector customers around the world through digital transformation, by providing technical and industry expertise, enabling our partner ecosystem, and delivering high-quality solutions and services
The candidate is expected to have broad practical implementation knowledge of designing and running information security programs, building, and scaling large security capabilities, and working across organizational boundaries and with executive leadership to shape the security strategy for a large multi-national division to ensure the division upholds our promises to customers in every interaction. Our group values strong cross-team communication & collaboration, the ability to network and integrate across the Microsoft eco-system to inject value to the company at large and create meaningful lasting relationships with our business partners, stakeholders, and executive leaders. Responsibilities
Define our divisional long-term security objectives and strategies informed by enterprise-wide goals but tailored for the unique dimensions of security risk that a global sales, consulting, and support division may face when working with MS customers; be able to translate those into practical execution and plans to deliver against them.
Evolve current and design new future-forward information security capabilities while leveraging enterprise-wide centers of excellence and teams to accelerate our outcomes.
Establish, implement and monitor the cyber assurance program for assessing and managing cyber controls and compliance framework to meet legal and regulatory requirements
Building a team to deliver the next gen assurance capabilities with a vision to increase the depth and breadth of identifying risks with security, privacy, accessibility, and third-party capabilities.
Ability to drive comprehensive coverage of the entire ecosystem, inventory, and pipeline management to ensure the right process for assurance is enabled for building the confidence
Leading the proactive assessment with automation and Optimizing the assessment process to be effective to drive a compliance mindset and to deliver the maturity roadmap
Streamlining the issue management and remediation process to effectively minimize the risks for the business
Drive accountability with the business functions by establishing the security posture and metrics to help prioritize and manage risks.
Coach and lead our teams and programs focused on security risk and compliance, applications/services assessments, threat intelligence, detection and alerting programs, and incident response processes.
Defining Objectives and Key Results (OKRs), strategic risk indicators, and metrics/scorecards to understand current health and drive insights into future focus areas for the team/division before issues occur/risks are realized.
Engage with enterprise customers, regulators, and other external entities during sales, deal negotiations, and other scenarios to articulate our security and trust story. Qualifications
Required/Minimum Qualifications: Bachelor’s Degree in in Computer Science, Information Technology, or Computer Security or related field AND 8+ years work experience in software assurance, software development, and/or technical risk consulting work experience OR the equivalent experience. 6+ years management (e.g., people, project, process, vendor, change) experience or experience leading a team of security professionals in a fast-paced, technical organization. Experience in Security Assurance, Compliance, and Automation or related field. Ability to collaborate with other professionals, remove barriers to progress, and lead change to accomplish complex technical objectives. Direct experience with security testing capabilities, such as Application Static Analysis Testing, penetration testing, and threat modelling, with emphasis on Microsoft technologies. Understanding of contemporary cloud computing models (IaaS, PaaS, Saas) with emphasis on Microsoft technologies Location/Travel: You may be based anywhere in the United States; Remote Work. You can expect limited global travel, 0 – 25%, contingent upon Covid-19 restrictions.
Additional Preferred Qualifications: Demonstrated ability to perform complex process reviews, interpret the results and articulate the findings in a clear and concise manner Experience in software program management, Feature Program Manager, or equivalent. Working knowledge of and with: Security Development Lifecycle (SDL) and Software Development Life Cycle (SDLC), its stage gates and requirements ADO (Azure DevOps), VSO (Visual Studio Online) or other code management, release management, config tools Vulnerability categorization methodologies, such as MITRE CVE, OWASP Top Ten or similar
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form .
The salary for this role in the state of Colorado is between $144,600 and $216,600. At Microsoft, certain roles are eligible for additional rewards, including annual bonus and stock. These awards are allocated based on individual performance. In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee’s role.
Benefits/perks listed here may vary depending on the nature of your employment with Microsoft and the country where you work. US-based employees gain access to healthcare benefits, a 401(k) plan and company match, short-term and long-term disability coverage, basic life insurance, and fitness benefits, among others.
#TrIP #indsol