At Microsoft's Cloud Operations + Innovation (CO+I) division, we are the driving force behind the cloud platforms and services utilized by millions daily, including a significant portion of Fortune 500 businesses and users of Azure and Microsoft 365. Our team's work is foundational to Microsoft’s mission: empowering every person and every organization on the planet to achieve more. CO+I builds the physical datacenters, networks, fiber paths, and satellite base stations around the world that support Microsoft’s entire cloud business strategy. In the role of Director Risk Governance within the CO+I Risk Management team, you'll assume a pivotal role in shaping and implementing risk governance processes, mitigating strategic and operational risks through stakeholder engagement, and ensuring compliance with industry, regulatory, and legal obligations. Your contributions will be instrumental in managing risks across our global portfolio, collaborating closely with diverse teams and experts within Microsoft, and influencing critical business decisions to help CO+I build and operate secure, compliant, and resilient cloud infrastructure at scale.This role offers flexibility, allowing you to collaborate with your manager to tailor your work environment—whether that means working from the office or remotely. Join us in this dynamic role, where you'll drive impactful change and contribute significantly to Microsoft's cloud business strategy. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day. As employees we come together with a growth mindset, innovate to empower others and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. ResponsibilitiesPeople Management
Managers deliver success through empowerment and accountability by modeling, coaching, and caring.
Model - Live our culture; Embody our values; Practice our leadership principles.
Coach - Define team objectives and outcomes; Enable success across boundaries; Help the team adapt and learn.
Care - Attract and retain great people; Know everyone’s capabilities and aspirations; Invest in the growth of others.
Risk Governance
Design robust risk governance frameworks, processes and stakeholder engagement strategies tailored to our organization's specific needs and regulatory requirements.
Operationalize risk governance to ensure seamless integration into daily operations and decision-making processes.
Influence stakeholder adoption of risk management standard guidelines for risk ownership identification and assignment of accountability for top risks and top mitigating activities at appropriate levels.
Establish reporting and updating procedures with accountability owners and ensure they are followed.
Develop and implement performance metrics to measure the effectiveness of risk governance activities.
Collaborate with cross-functional teams to embed a culture of risk awareness and accountability throughout the organization.
Provide training and support to stakeholders on utilizing risk governance tools and interpreting data insights effectively.
Educate employees on risk management principles, processes, and their responsibilities; foster a risk-aware culture within the organization by promoting awareness and understanding of risk management across all levels.
Drive continuous improvement initiatives to enhance the efficiency and effectiveness of risk governance processes.
Keep abreast of industry trends, regulatory developments, and emerging technologies to innovate and evolve our risk governance capabilities.
Risk Remediation
Oversee creation of mitigation plans and processes, incorporating risk registers and controls on risks, and helping accountability owners understand the plans to reduce risk.
Collaborate with cross-functional governance teams/risk management owners to ensure mitigation implementation strategies are appropriately established and accountability holders are held responsible.
Coordinate with different accountability owner's leadership to ensure teams are tracking and trending properly.
Ensure risk areas are receiving the appropriate amount of attention and oversee process on any necessary follow-ups.
Set best practices for identifying risk policy or procedure, risk ownership, or contractual language issues from relevant stakeholders for a portfolio of projects and/or risks.
QualificationsMinimum Qualifications:
8+ years experience in Risk Management, Privacy, Security, Compliance, Government Intelligence, Operations, Auditing, and/or Finance
OR Bachelor's Degree AND 6+ years experience in Risk Management, Privacy, Security, Compliance, Government Intelligence, Operations, Auditing, and/or Finance
OR equivalent experience.
Experience initiating and/or managing programs or projects in a rapidly changing or ambiguous environments that led to substantial improvements in risk.
1+ years of people management experience.
Other Requirements:
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Preferred Qualifications:
Bachelor's Degree in Risk Management, Engineering, Government Intelligence, Security, Cybersecurity, or Information Technology, or related field AND 15+ years’ experience in Risk Management in the context of Operations, Engineering, Information Technology, Business Analyst, Consulting, Auditing, Privacy, Security, Compliance, Government Intelligence, and/or Finance
Membership with a relevant risk domain area association including: International Association of Privacy Professionals (IAPP), International Information System Security Certification Consortium (ISC)2, and Information Systems Audit and Control Association (ISACA), Certified Internal Auditor (CIA), Society for Corporate Compliance and Ethics (SCCE), Disaster Recovery Institute (DRI), Certified Business Continuity Professional (CBCB), Committee of Sponsoring Organizations of the Treadway Commission (COSO), and Institute of Internal Auditors (IIA).
Risk Management M6 - The typical base pay range for this role across the U.S. is USD $124,800 - $266,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $159,000 - $292,200 per year.Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay#COICareersMicrosoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .
