San Francisco, CA, United States
Jan 06, 2021
Apr 21, 2021
Engineering Program Manager/Compliance Manager
Group: Digital Security Risk Engineering (DSRE) – Governance Risk Continuity & Compliance (GRCC), Federal GRCC Team
Please note: This role may have the ability to work remotely.
Core Services Engineering builds and manages the critical products and services that Microsoft runs on. We boldly pursue big ideas that power transformational advances at Microsoft and for our customers, while helping Microsoft teams work smarter, faster, and more securely every day. Core Services Engineering employees have deep technical and business expertise, customer insights, and a clear point of view that comes from first-hand, large-scale experience with Microsoft and industry solutions. We are engineers, technology leaders and experts, digital transformation change agents, and customer advocates. We have exciting opportunities for you to innovate, influence, transform, inspire, and grow within our organization and we encourage you to apply to learn more!
Do you have a passion for cybersecurity, compliance, and engineering? Like working across a complex organization while influencing different teams? Enjoy solving complex problems and difficult challenges? Are you an excellent communicator who loves to write for, and present to senior leaders? Are you good at clarifying complex ideas? Microsoft is looking for an experienced program manager to drive compliance and audit readiness with our Federal engineering teams as part of our Federal Governance, Risk, Continuity, and Compliance (GRCC) Team.
The Federal GRCC Compliance Manager will be responsible for overseeing, coordinating, and communicating compliance efforts to the CSEO Engineering teams building, maintaining, and supporting the Federal environments for Microsoft. This will include maintaining an awareness and effective management of business, technology, and information risks, issues, and opportunities within the environment. Working the Federal GRCC Lead and team members you will help execute the strategic direction for the program, setting and providing requirements for engineers via user stories, and providing advice and guidance to the senior leaders and engineers to enable the Federal environment to meet regulatory requirements and customer commitments. As a part of the Federal team, you will be expected to help identify and drive process changes to better manage risk and compliance in an open, collaborative environment where new ideas and modern technical solutions. In this role, you will apply your attention to detail, proactive thinking, problem solving, engineering know-how, collaboration, and communication skills to explain, influence, and enable compliance to Federal cybersecurity regulations.
The ideal candidate has excellent organizational, and communication skills, in-depth experience working with federal cybersecurity and privacy regulations (e.g. CMMC, DFARS, DoD SRG, FedRAMP, NIST 800-171, ITAR), and an engineering or service engineering background, command of engineering best practices, and experience in raising the quality of existing solutions. Qualified candidates will have experience dealing with auditors, preferably in the federal services industry, and working with engineers – ideally from a risk/compliance perspective. The role demands a focused individual who thrives in a fast-paced, dynamic, and collaborative team environment. Candidates must also display strong judgment, leadership, and integrity.
Core responsibilities will include:
Drive Engineering Compliance and Audit Readiness for the Federal GRCC program:
Understand and integrate with all the federal compliance and engineering programs at Microsoft.
Drive the Federal GRCC compliance program across impacted teams.
Stay current on the changing regulatory environment and understand the impacts to the organization.
Understand regulatory and customer requirements and develop user stories based on requirements to support the engineers’ ability to be compliance across the Federal services.
Create and manage audit plans including activities (plans to assess control compliance), timelines, and dependencies.
Coordinate and manage internal and external audits/certifications.
Maintain program reporting and dashboards (status, milestones, etc.)
Drive cross-organizational collaboration:
Coordinate with various federal teams within GRCC and work with Engineering Groups, Legal, Technical Operations, and Cybersecurity teams to collect materials needed to meet the audit requirements.
Interact directly with senior leaders and cross-functional teams to explain audit requirements.
Partner, interact, and support internal delivery teams and provide guidance on policies, standards, and procedures.
Create and drive requirements to the security & risk engineering team to ensure the on-going development of required tool to support the Federal GRCC program.
Support program management activities across the different federal programs at Microsoft.
Represent Microsoft with Customer and Auditors
Ensure audits are appropriately planned and coordinated.
Work with relevant engineering and risk teams to prepare documentation for audits.
Facilitate and support discussions and respond to auditor and customer inquiries.
Ensure all audit and customer follow ups are addressed and completed.
Improve processes and procedures:
Analyze information to proactively identify risks, trends, and process improvements, support reporting on risk topics to management.
Continuously seek out and implement technology and process improvements designed to simplify and improve the efficiency, agility, effectiveness, transparency, and relevance of the program.
Perform review of control design for gaps and weaknesses and drive control improvement.
Proficient and structured problem solving and effectively leading others in root cause corrective action analysis.
BS/BA in Cybersecurity, computer science, risk management, auditing, or related field or equivalent work experience.
6 years of experience in Engineering Program Management, Cybersecurity Risk Management, Compliance, or a related role.
The successful candidate must be a U.S. Citizen.Citizenship Verification: This position requires verification of US Citizenship to meet federal government security requirements.
Ability to deal with ambiguity and agility to learn new skill sets while delivering.
Experience in participating in/contributing to major audits or working with auditors (particularly government audits).
Proven ability to drive complex programs across business and engineering teams with high collaboration and leadership.
Outstanding communication skills with the ability to clearly articulate complex issues.
High-level of executive maturity and experience working with leadership
Deep knowledge and understanding about industry compliance and security standards including one or more of the following: CMMC, DFARS, DoD SRG, FedRAMP, NIST 800-171.
Information Security & Compliance certifications (CISSP, CISA, CISM, etc.).
Direct experience working with cloud platforms and solutions.
Diverse knowledge of control methods, techniques, and standards.
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
- Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
- Citizenship Verification: This position requires verification of US Citizenship to meet federal government security requirements.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form at https://careers.microsoft.com/us/en/accommodationrequest .
Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.