Microsoft Operational Risk Manager

Job Details

Posted date: Sep 10, 2024

Category: Governance, Risk, & Compliance

Location: Redmond, WA

Estimated salary: $147,550
Range: $94,600 - $200,500

Employment type: Full-Time

Work location type: Up to 50% work from home

Role: Individual Contributor


Description

If you love the pursuit of excellence and are inspired by the challenges that come through driving innovations that impact how the world lives, works and plays, then we invite you to learn more about Microsoft Business Operations (MBO) - and the value we deliver across Microsoft and to our customers and partners. We offer unique opportunities to work on interesting global projects in an environment that appreciates diversity, focuses on talent development, and recognizes and rewards great work.

We are looking for an Operational Risk Manager to join the team . In this role, you will enable business strategy through a programmatic and global approach to risk management, by methodologically determining, assessing, managing and establishing accountability for the most critical risks facing the company. Microsoft has a sizable community of talented individuals in dedicated risk management roles who are responsible for making our business objectives more likely to be realized and to protect one of the world’s most valuable brands. Operations is uniquely positioned within the company, supporting almost every product Microsoft offers which presents upstream and downstream dependencies.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Compliance

Utilize understanding of policies, laws, and regulations to make judgments with minimal guidance. Collaborate on compliance strategies, execute compliance tasks, and assist in developing compliance tools and processes. Define and test controls, identify areas for improvement, and ensure delivery of regulations across teams. Conduct routine and complex audits, perform quality data checks, and contribute to compliance reporting with some guidance. Governance

Utilizes knowledge of policies, laws, and regulations to make informed decisions independently, aligning with business needs. May interpret this information to safeguard Microsoft and its customers while advancing the business. Identifies non-conformance issues, escalates them to management, and adheres to program guidelines based on corporate policies. Determines ownership and accountability for key risks and mitigation activities with minimal guidance. Continuously reports on risk levels and updates accountability owners on their status. Assists in presenting risk assessment information, detailing relevant behaviors, activities, processes, and associated risks to ensure stakeholder awareness, support, and approval.

Controls

Assesses end-to-end operational processes and dependencies for efficiency and effectiveness opportunities. Recommends process and control improvements (e.g., preventative/detective and automated/manual) to mature the control environment. Test controls to determine their effectiveness and identifies areas for improvement, offering design adjustment suggestions with minimal guidance. Collaborates with the team to define controls, identify potential failure points, and ensure routine issues are addressed during the design process with minimal guidance. Conducts periodic reviews of existing controls to ensure they remain effective and relevant to the current risk environment. Provides feedback on control performance and suggests enhancements to improve efficiency and effectiveness. Ensures that controls are aligned with industry standards and regulatory requirements, making adjustments as necessary to stay compliant.

Consult/Advise/Educate

Collaborates across teams to ensure consistent application and delivery of regulations and standards, delivering training and beginning to take ownership of training aspects. Advises on compliance of products, processes, and programs. Educates teams on compliance requirements, reviews result, conducts informal assessments, and monitors compliance within specific areas. Translates compliance standards and processes into relatable formats for teams.

Risk Assessment

Executes the risk management lifecycle process and method for smaller projects, including data collection and analysis. Gathers and analyzes relevant internal and external information, threat intelligence reports, and conducts interviews or focus groups to identify risks, assess risk levels, and gather additional context with guidance. Compiles information to understand job, project, or process risks and their root causes for routine projects. Scores risks and contributes to risk prioritization using appropriate risk profile scoring. Assists in developing risk scorecards using weighted scores and risk management models with guidance.

Risk Remediation

Reviews risk governance to ensure appropriate attention to specific risk areas with minimal guidance. Identifies and escalates concerns related to monitored risks. Drafts mitigation plans and processes, including risk registers and controls, helping accountability owners understand and implement plans to reduce risk with minimal guidance. Ensures alignment and agreement on risk reduction plans and processes, confirming accountability owners' capacity to drive mitigation efforts, and introduces necessary policy adjustments with minimal guidance. Coordinates across accountability owners to ensure proper tracking and trending of risk management activities.

Regulatory Knowledge and Interpretation

The ability to understand, interpret, and apply complex regulatory requirements and standards. This includes staying up to date with changes in laws and regulations, analyzing their implications for the organization, and ensuring that compliance and risk management practices align with current legal requirements.

Ethical Judgment

The ability to make ethical decisions and foster a culture of integrity within the organization. This includes identifying and addressing ethical issues, promoting ethical behavior, and ensuring that compliance practices uphold the highest standards of honesty and accountability.

Risk Assessment and Mitigation

The ability to systematically identify, evaluate, and prioritize risks. This includes developing and implementing strategies to mitigate identified risks through controls, policies, and procedures, and regularly monitoring the effectiveness of these measures.

Stakeholder Engagement

The skill to effectively collaborate with various stakeholders, business units, and external partners, to ensure a comprehensive understanding and management of risk. This includes the ability to communicate risk issues and strategies in a way that gains stakeholder buy-in and support.

Process Improvement

The ability to analyze existing control processes, identify inefficiencies or weaknesses, and implement enhancements. This involves understanding control frameworks, using data analytics to pinpoint areas for improvement, and designing optimized processes that strengthen overall control effectiveness while reducing complexity and cost.

Technical Proficiency

An understanding of relevant software and tools used in controls testing and optimization, such as data analytics software, and compliance monitoring tools. This skill includes the ability to utilize these technologies to automate testing procedures, analyze large datasets for anomalies, and track control performance over time.

Attention to Detail

A meticulous approach to reviewing documents, reports, and systems to ensure accuracy and compliance with regulatory standards. This involves the ability to spot inconsistencies, errors, and potential areas of non-compliance, ensuring that all aspects of risk and controls management are thoroughly examined.

Reporting Skills

Preparing comprehensive reports, presenting findings, and providing actionable recommendations in a concise and understandable manner.

Problem-Solving

The ability to identify and address issues related to risk and compliance proactively. This involves developing innovative solutions to mitigate risks, improve control environments, and enhance overall compliance. The ability to think critically and creatively to resolve complex problems efficiently is essential in this role.

Other

Embody our culture and values



Qualifications

Required/Minimum Qualifications

6+ years experience in Risk Management, Privacy, Security, Compliance, Government Intelligence, Operations, Auditing, and/or Finance

OR Bachelor's Degree AND 4+ years experience in Risk Management, Privacy, Security, Compliance, Government Intelligence, Operations, Auditing, and/or Finance

OR equivalent experience.

Additional qualifications

Relevant Certification and/or Membership with a relevant risk and compliance domain area association (e.g., International Organization for Standardization [ISO] Lead Auditor, I International Association of Privacy Professionals (IAPP), International Information System Security Certification Consortium (ISC)2, and Information Systems Audit and Control Association (ISACA), Certified Internal Auditor (CIA), Society for Corporate Compliance and Ethics (SCCE), Disaster Recovery Institute (DRI), Certified Business Continuity Professional (CBCB), Committee of Sponsoring Organizations of the Treadway Commission (COSO), and Institute of Internal Auditors (IIA)).

The skills set and ability to use power platform suite is a plus. Risk Management IC4 - The typical base pay range for this role across the U.S. is USD $94,600 - $183,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $122,000 - $200,500 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Microsoft will accept applications for the role until September 24, 2024.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.



Check out other jobs at Microsoft.