Job Information
Microsoft Corporation Senior Security Compliance Program Manager - CTJ - Poly in Annapolis Junction, Maryland
The Global CO&I Physical Security team is organized within CO+I and falls under its Cloud Infrasolution and Services, Security, Safety and Governance (CISS) team. The Global CO+I Physical Security team is dedicated to delivering the most trustworthy and efficient physical security services to protect the personnel, infrastructure, data and confidential information foundational to the Microsoft Cloud. Our vision is to be the most reliable, rigorous and trusted industry provider of hyperscale cloud physical security.
This position falls under the US AGC Compliance and Security group within the Global CO+I Physical Security organization. The US AGC Compliance and Security team combines Microsoft’s extensive datacenter security experience with the rigorous standards of our U.S. Government partners to create the most secure cloud computing environments anywhere, enabling the mission-critical capabilities needed to keep our nation at the forefront of technology. Microsoft runs on trust and a robust physical security program is essential to meeting our customer commitments to secure their data.
We are seeking a motivated and talented Senior Security Complicance Program Manager to partner with Datacenter Development (DCD), Datacenter Engineering (DCE), and Security Design and Delivery teams to ensure that datacenter facilities supporting secure Government operations are designed in compliance with ICD705, NISPOM, and other applicable U.S. Government standards. Additionally, this individual will ensure that the above teams and CO+I at large (and their suppliers) remain compliant with internal and external, including federal government-established, security requirements. Specifically, the role holder will help ensure compliance during the procurement, pre-construction, construction, and operational lifecycle phases of datacenter programs supporting unique customers and initiatives, including projects and programs for the U.S. Government. Preferably, the individual will have significant experience working within/for U.S Government programs that require a security clearance, and subject matter expertise in integrating U.S. Government requirements into the private sector, preferably in companies that have a diverse workforce and design, construct, and operate facilities.
This position reports to the Director, Secure Build and Compliance within the US AGC Compliance and Security team and must be an experienced thought leader and a team player, possess strong communication, collaboration, and relationship management skills, and effectively manage a demanding workload in the execution of multiple concurrent projects and work streams across organizational boundaries.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
Develop, create, implement, and manage physical security policies, plans, processes and training material that position CO+I to operate in a manner that is compliant with relevant U.S. Government (and/or other unique environment) security standards and requirements for the physical design, construction, and operation of highly confidential and regulated projects.
Review datacenter architectural, electrical, and security systems designs, ensuring compliance with U.S. Government security standards required for customer compliance.
Review contactor submittals and verify compliance with contract specifications and U.S. Government security standards.
Continuously improve the efficiency and maturity of the overall compliance program, seeking data and recommending strategies and ideas to reduce churn, optimize resources, implement creative solutions to problems, scale, automate and simplify process whenever possible
Conduct field site visits to assess the state and health of security compliance; document issues identified during those visits requiring improvement; and follow through on recommendations/actions to resolution
Collaborate across internal groups, external suppliers, and customers.
Oversee assigned projects to ensure they are delivered in accordance with established requirements, deadlines, and applicable compliance obligations, laws, standards, regulations, and company policy.
Maintain confidentiality, information and material handling, and privacy without exception.
Represent Microsoft in engagements with external entities and the U.S. Government.
Other:
- Embody the Microsoft One culture and values .
Qualifications
Required / Minimum Qualifications:
4+ years experience in Security Program or Program Management or related field.
Ability to travel approximately 25% of the time in both planned and unplanned scenarios.
Other Requirements:
Security Clearance Requirements: Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
The successful candidate must have an active U.S. Government Top Secret Clearance with access to Sensitive Compartmented Information (SCI) based on a Single Scope Background Investigation (SSBI) with Polygraph. Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. Failure to maintain or obtain the appropriate U.S. Government clearance and/or customer screening requirements may result in employment action up to and including termination.
Clearance Verification : This position requires successful verification of the stated security clearance to meet federal government customer requirements. You will be asked to provide clearance verification information prior to an offer of employment.
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Citizenship & Citizenship Verification: This position requires verification of U.S citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local United States government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, citizenship will be verified via a valid passport, or other approved documents, or verified US government clearance.
Preferred / Additional Qualifications:
Bachelor's Degree in Business Risks, or related field AND 8+ years experience in Security Program or Program Managemento OR equivalent experience.
Experience working to deliver campus or multi-site security operations for facilities housing U.S. Government classified and other sensitive information.
Assess and communicate risk and mitigation strategies to non-security audiences, supporting operational needs and maintaining security compliance.
Working knowledge of ICD705, NISPOM and other standards for the protection of U.S. Government information.
Experience developing and documenting standard operating plans, procedures and processes.
Experience in construction oversight, ensuring designs and methods comply with U.S. Government standards, including ICD705
Confident and skilled in preparing and delivering procedures, training, presentations and briefings to vendors/suppliers, customers, senior leaders, and executives.
Experience making and influencing good decisions that impact mission-critical, 24x7 operations environment.
Trusted work and compliance ethic with the ability to effectively prioritize and execute tasks in a dynamic and high-pressure environment.
Analytical and process improvement skills to produce data driven insights and associated process change.
Ability to change plans, goals, actions and priorities in response to an evolving business environment with awareness to operate as a champion for course corrections when necessary.
Proficient in the use of Microsoft Office products for business.
Security IC4 - The typical base pay range for this role across the U.S. is USD $94,600 - $183,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $122,000 - $200,500 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until December 24, 2024
Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .