Senior Security Program Manager
Location: Redmond, Washington
Job Type: Contract
Job Order Number: 16655
Do you want to work in a fun and challenging area with passionate and creative people dedicated to helping Microsoft protect its critical information assets and reduce risk? Do you want to have company-wide impact driving compliance with Microsoft’s Security Policy by driving remediation of high-risk security findings/issues across developer environments. If so, Microsoft’s Security Risk Management & Reduction (SRM&R) team is looking for a Senior Program Manager to remediate systemic issues in developer environment such as Azure DevOps (ADO).
The SRM&R team drives the identification, acknowledgement, reduction, and reporting of top enterprise information security risks; and increases productivity, accuracy, and effectiveness by implementing automation and action-oriented metrics. This position plays a critical role in improving the security health of these corporate functions to contribute to their journey towards more modern engineering practices.
The ideal candidate has experienced communication skills, well organized, and has experience in working with a diverse set of individuals such as engineers, program managers, and risk managers across different organizations.
Responsibilities will include:
• Leading remediation campaigns end to end targeted at securing the developer environment. This includes everything from campaign initiation/planning through execution, and close out.
• Partnering with infrastructure and service owners operating within the development environment on “stay green” security solutions to sustain risk mitigations after a remediation campaign has been closed out.
• Contributing to the strategic direction of the broader program to securing Microsoft’s developer environment and build pipelines.
• Conduct regular meetings with executive risk owners to inform and alert them of any risk arising from active remediation campaigns within their organization to influence action and decisions.
• Planning, preparing, and hosting technical support forums such as brown bags, office hours, and email correspondence intended to accelerate remediation across a diverse set Engineers and IT Professionals.
• 5+ years’ experience in Information Technology, Cybersecurity, or Compliance related engineering roles.
• 5+ years project management & program governance skills including hands-on experience leading cross org projects and sustaining a program.
• Proven experience working with developers to recognize insecure patterns and establishing innovate ways for developers to incorporate secure development practices (e.g. standard and automation) in every step of the software development life cycle.
• Comprehensive knowledge of the DevSecOps practices with an eye toward securing the DevOps collaboration service platforms such as ADO Services and GitHub.
• Ability to understand/discuss a broad range of technology and business issues with focus on supply chain security.
• Proven experience in delivering excellent verbal and written communications to middle management and senior leadership.
Preferred, not required:
• Experience using structured data tools such as Azure Data Explorer (Kusto), PowerBI, and Excel to gather, analyze, and report data.
• Experience using RSA Archer or similar GRC tools to support Issue Management and or Compliance workflows.
• Project Management Profession (PMP Certification)
• Privacy, or Information Security certifications such as CIPP, CISSP, CISA, CISM, CFE, CGRC, CRISC, CGEIT, etc.
• BS/BA in Computer Science, Business, or related field or equivalent experience.
• 3+ years software developer experience