1. Job search
  2. Redmond jobs
  3. Director for Enterprise Security Governance
Director for Enterprise Security Governance
MicrosoftRedmondUpdate time: December 14,2019
Share Save Job Follow this company
Job Description

Director for Enterprise Security Governance, GRCC

 

Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire and grow within our organization and we encourage you to apply to learn more!

 

Do you have a passion for supply chain risk management and cybersecurity?  Like working across a complex organization while influencing different teams? Enjoy solving complex problems and difficult challenges? Are you an excellent communicator who loves to write for, and present to senior leaders? Are you good at clarifying complex ideas? Microsoft is looking for an experienced security leader to be the Director of our Enterprise Security Governance (ESG) Team. This role includes managing the team that is the Program Management Office (PMO) for our Information Risk Management Council (IRMC) and our new and growing team running Supplier Security Governance for Microsoft.

 

In the supplier security space, this role includes identifying the tops risks and gaps across the company, working with the various teams and our Information Risk Management Council (IRMC) to agree on priorities to address the risks, and determining the best way to consistently measure and improve our capabilities in this space.  

 

In the program management/governance space, this role includes understanding our enterprise security scorecard and helping to deliver insights from the metrics, developing new metrics, and providing actionable guidance. Running the IRMC meetings. Working with the IRMC to identify our top security risks and then determining how we will address them. This leader will work directly with our Chief Information Security Officer to oversee the preparation of reports, and presentations for our Executives and our Board of Directors. Additionally, this Director will manage the newly formed Supplier Security Governance team to help bring together various programs and drive consistent risk reduction in this area. This role requires working across all organizations at the Company and understanding their security posture. This position requires extensive cross-group coordination at all levels, excellent oral and written communication skills, exceptional organizational and process skills, and the ability to formulate issues and recommend clear solutions.

 

The ESG Director role is critical to ensuring that the security teams across the Company are aligned and driving toward consistent solutions. An experienced and motivated Security leader with risk management experience is needed to lead the team. The successful candidate has a track record of developing strong relationships, collaborating across teams, coordinating multiple time-lines, and managing complex, cross discipline projects.

Responsibilities

Responsibilities will include:

 

Oversee the Enterprise Security Governance team:

  • Enable the IRMC to drive toward outcomes and decisions through effective and relevant meetings.
  • Provide a perspective on how we can continuously improve our meetings and work with the Council.
  • Ensure relevant content and facilitate IRMC meetings, including Monthly Meetings with both the Core Council, the security executives and executive sponsor, extended team meetings, and regular meetings with the CEO and senior leadership team (SLT).
  • Drive all meetings except for the SLT meeting – support the CISO in these meetings.
  • Ensure meetings focus on timely, engaging, and relative topics, and drive toward outcomes, decisions, and business value that helps us to reduce our top security risks.
  • Drive timely closure of action items.
  • Prepare and deliver updates to the IRMC and leadership on the program status and supplier risk 

Drive cross-organizational collaboration through IRMC and lead the Supplier Security Governance work:

  • Drive clear project baselines, road-maps and adherence to plans.
  • Understand ownership and progress against top risks.
  • Understand the current supplier security programs at Microsoft and determine the top gaps and risks.
  • Review past governance programs for supplier security and determine how the program should be governed in the future across the various business groups.
  • Drive the strategy for both the IRMC PMO and the Supplier Security Governance teams. 

Deliver risk reduction:

  • Drive a supplier security program that is focused on reducing this risk across the company and bringing different groups and data together to make us more efficient and effective in this space.
  • Review past governance programs for supplier security and determine how the program should be governed in the future across the various business groups.
  • Ensure the that IRMC is focused on relevant risks and driving risk reduction (based on measurement).
  • Agree with the IRMC on the areas of focus and come up with recommendations on which teams should own these programs and what they should achieve. 

Improve processes and procedures:

  • Continuously seek out and implement process improvements designed to simplify and improve the efficiency, agility, effectiveness, transparency and relevance of ESG and IRMC.
  • Collect regular feedback from stakeholders to drive improvements into the service.
  • Oversee the annual refresh of the IRMC program collateral, including Charter/Walking Deck, SharePoint, DLs, and Templates/Branding. 

Support incident response efforts:

  • Ensure that the team has a consistent incident response process for supplier security related issues that is integrated into the Corporate Security Incident Response Process.
  • Be available and ensure team is trained to support indents that relate to supplier security. 

People Management and Talent Development:

  • Manage a team of high performing individual contributors to help with their on-going development.
  • Provide real-time team feedback and coaching.
  • Participate in Manager meetings and offer insights into how ISRM management can improve.
  • Complete all HR people manager requirements.

 

Qualifications

Required Qualifications:

  • BS/BA in Cybersecurity, Computer Science or related field or equivalent work experience. 
  • 10+ years in a Program Management, Cybersecurity Risk Management, Cybersecurity or related role.

Preferred Qualifications:

  • Experience working in security at Microsoft or similar environment.
  • Proven ability to drive large scale complex programs with high collaboration and leadership.
  • Outstanding communication skills with the ability to clearly articulate complex issues.
  • High-level of executive maturity and experience working with leadership. 
  • The ability to analyze problems and make appropriate decisions quickly.
  • Ability to deal with ambiguity and agility to learn new skill-sets while delivering.
  • Supplier Security or Supply Chain Security experience.
  • Security certifications (e.gs., SISSP, CISM, CEH).

#DSRE

#CSEO

 

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.  We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

 

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

Apply on Company WebsiteSee all jobs at Microsoft

Get email alerts for the latest"Director for Enterprise Security Governance jobs in Redmond"