Senior Risk Manager, IT in Redmond, WA


TitleSenior Risk Manager
CategoryInformation technology (IT) & operations
LocationRedmond, WA
DivisionIT
Date AddedMarch 28, 2015
Open Positions2

Information Security and Risk Management (ISRM) is an organization within Microsoft IT that is responsible for delivering secure and available IT solutions and services that drive innovation and business value. ISRM's vision is to ensure all information and services are protected, secured, and available for appropriate use through innovation and a robust risk framework.

The Enterprise Business Continuity Management (EBCM) and Governance, Risk & Compliance (GRC) team supports the Company's ability to deliver on promises to stakeholders by strengthening continuity and resiliency through reducing risk in a robust, efficient, and pragmatic manner; and, by providing enterprise information security and privacy policies and standards and enabling compliance processes and activities ensuring the security Microsoft's business information.

Do you want to work in a fun and challenging area with passionate and creative people dedicated to helping Microsoft protect its critical information assets and drive risk optimization? Do you want to make company-wide impact through a role that provides incredible opportunities for learning and visibility? If so, the Microsoft Information Security and Risk Management (ISRM) group is looking for an accomplished Program Manager for its Enterprise Business Continuity Management (EBCM) and Governance, Risk and Compliance (GRC) team.

As a key member of our Information Risk Management Council (IRMC) PMO team, you will be responsible for managing and driving processes that enable cross-team collaboration, communication, and risk-reduction for both the direct team and indirect teams across ISRM and the Company. You will take on cross-group, strategic projects based on evolving business needs of Microsoft. This is a highly collaborative and highly visible role, requiring close alignment and communication with various groups within ISRM, Microsoft IT, and across Microsoft. This position requires extensive cross-group coordination at all levels, excellent oral and written communication skills. As this role focuses on reducing risk, the ability to formulate issues and recommendations clearly is a requirement.

Attention to detail, excellent project management skills, and a highly organized, process-focused aptitude are required to manage the variety of responsibilities and deliverables. The successful candidate will be able to work well under pressure and deadlines, must be flexible and have the ability to manage through ambiguity and uncertainty. You will need to think strategically, be able to develop and drive processes and procedures that facilitate consistent, efficient management of business processes, and land these processes via effective communications strategies with leaders at all levels of the organization. You will need to be comfortable working and communicating with all levels of the organization. You will need to have broad risk management experience and information security knowledge.

Primary job responsibilities for this an organization include:

Drive behaviors within Microsoft needed to reduce enterprise risk through the Information Risk Management Council (IRMC).

Enable the IRMC to drive toward outcomes and decisions through effective and relevant meetings.
o Partner with the Governance Lead and rest of the PMO to prep content and support IRMC meetings, including Monthly Core Team Meetings, Quarterly Executive Sponsor Meeting, Extended Team Meetings, and Semi-Annual Offsites.
o Ensure meetings focus on timely, engaging, and relative topics, and drive towards outcomes, decisions, and business value.
o Drive timely closure of action items.

Improve Information Security Governance (Processes and Procedures): Partner with the Governance Lead to seek out and implement process improvements designed to simplify and improve the efficiency, agility, excellence in execution, effectiveness, and transparency of the operation of the IRMC.
o Collect annual feedback in the form of stakeholder interviews and surveys to use results to drive improvements into the service.
o Perform an annual refresh of the IRMC program collateral, including the Portfolio, Processes, and Documentation.

Drive risk reduction and risk programs across the Company.

Identify and reduce enterprise risk by driving cross-organizational collaboration through IRMC-sponsored working groups and initiatives.
o Ensure efforts are prioritized, aligned to common risks, and have clear ownership.
o Drive transparency through clear project baselines, roadmaps and adherence to the PMO processes.
o Understand the details of the working group goals, progress, and status.
o Own and drive working groups or risk management initiatives across the Company including
? Manage working group including setting charters, establishing membership and goals
? Ensure group meets defined risk management goals
? Report on status and issues

Enhance the ability for senior leadership to make responsible and informed risk based decisions.

Support the primary owners of the CIO/COO risk reviews by helping to:
Deliver timely and quality content for Executive Leadership Risk Reviews.
o Partner with the CISO Leadership Team to prep content and facilitate Risk Review meetings, including monthly CIO Risk Reviews, quarterly COO Risk Reviews, and associated prep / QC meetings.
o Ensure meetings focus on timely, engaging, and relative topics, and drive towards outcomes, decisions, and business value.
o Collaborate with content owners to improve quality of presentation content.
o Drive timely closure of action items.

Support the alignment of CIO/COO Risk Reviews with the OERM schedule.
o Manage work-back schedule a minimum of 6 months out.
o Ensure meeting invitations have appropriate attendees.

ISRMSecJobs

ISRMJobs

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, gender, sexual orientation, gender identity or expression, religion, national origin, marital status, age, disability, veteran status, genetic information, or any other protected status.
Apply for this job at Microsoft
Microsoft IT is for those IT professionals and business technology professionals who want to be strategic partners to the business and be the first place to create innovative solutions using all of Microsoft's products and services. Microsoft IT provides career growth opportunities, a rewarding and flexible work environment so you can better integrate professional and personal life. Inspiring what's next, Microsoft IT employees make global impact on thousands of customers and thousands of employees who use Microsoft software and services. Information Security and Risk Management (ISRM) is an organization within Microsoft IT that is responsible for the data protection of Microsoft assets, business and enterprise. ISRM's vision is to ensure all information and services are protected, secured, and available for appropriate use through innovation and a robust risk framework.

The Enterprise Business Continuity Management (EBCM) team is a group within ISRM that supports the Company's ability to deliver on promises to stakeholders by strengthening continuity and resiliency by reducing risk in a robust, efficient, and pragmatic manner.

Are you a Program Manager with strong technical leadership and delivery skills? Are you systems and process oriented? Do you like really big challenges and the chance to make a difference? If you answered 'yes' to these questions, then this job is for you.

This position requires you to understand the strategy and requirements of our business partners and execute on existing IT processes and solutions to optimize their portfolio of work. The Enterprise Business Continuity Management (EBCM) is looking for you to help drive recoverability and resiliency in to the IT enterprise to improve the recovery capability of critical business processes, services and applications. Your knowledge of the designing, testing and building resilient systems in cloud will help drive our programs to the next level of maturity as we drive all of the IT applications to the cloud services and infrastructure thru the adoption of PaaS, SaaS and IaaS across the application portfolio. Your ability to comprehend and communicate key practices in designing for resiliency to the IT service operations community will help drive the maturity.

You will be:
o Developing and updating guidelines and key attributes relating to business continuity, disaster recovery and resiliency
o Demonstrating your ability to execute program plans and testing for business continuity, disaster recovery, plus resiliency
o Sharing your knowledge of data center operations and technologies and Microsoft Azure/cloud technologies
o Working with service engineering management, PM and Managers to drive recovery, stability, and resilience into the architecture and design
o Exercising your strong communication and collaboration skills to work with people from a variety of technical backgrounds for inclusion of resiliency attributes in solution designs
o Working with the Microsoft IT enterprise architecture team to develop roadmaps and execute a service resiliency testing program to verify capabilities
o Leveraging your practical knowledge to execute the business continuity and disaster recovery methodology to increase readiness to recover scores for each BPU and MSIT overall
o Execute disaster recovery and service resiliency testing programs to verify capabilities.
o Work with engineering groups within IT and groups such as Azure and Office 365 to develop end-to-end service resiliency capabilities and maintain program consistency
o Participate in service resiliency standards development and other related cross-company efforts to ensure inclusion of infrastructure strategy and experience
o Develop guidelines and recommendations around failure analysis tools and approaches such as Failure Mode and Effects Analysis (FMEA) to build and improve resiliency
o Training service engineering and development staff on resiliency and disaster recovery implementation tactics as needed
o Ensuring cross company collaboration in all aspects of service resiliency by establishing partnerships with other Microsoft teams involved with IT "first and best" product adoption with emphasis on highly available, geo-diverse, resilient service design, deployment and testing.
o Efforts will include the development and maintenance of a service resiliency strategy in partnership with engineering groups and key stakeholders across IT business process units

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, gender, sexual orientation, gender identity or expression, religion, national origin, marital status, age, disability, veteran status, genetic information, or any other protected status.
Apply for this job at Microsoft