Microsoft Risk Manager 

United States, Texas, Irving 

809618109

Required/Minimum Qualifications

• 4+ years experience in Risk Management, Privacy, Security, Compliance, Government Intelligence, Operations, and/or Finance
  • OR Bachelor's Degree AND 2+ years experience in Risk Management, Privacy, Security, Compliance, Government Intelligence, Operations, and/or Finance
  • OR equivalent experience.

Citizenship & Citizenship Verification: This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations. As a condition of employment, the successful candidate will be required to provide proof of citizenship, U.S. permanent residency, or other protected status (e.g., under 8 U.S.C. § 1324b(a)(3)) for assessment of eligibility to access the export-controlled information. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable.

This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.

Additional or Preferred Qualifications

• Bachelor's Degree in Risk Management, Engineering, Government Intelligence, Security, or Information Technology, or related field AND 5+ years experience in Risk Management in the context of Operations, Engineering, Information Technology, Business Analyst, Consulting, Auditing, Privacy, Security, Compliance, Government Intelligence, and/or Finance
  • OR equivalent experience.
• Membership with a relevant risk domain area association including: International Association of Privacy Professionals (IAPP), International Information System Security Certification Consortium (ISC)2, and Information Systems Audit and Control Association (ISACA), Certified Internal Auditor (CIA), Society for Corporate Compliance and Ethics (SCCE), Disaster Recovery Institute (DRI), Certified Business Continuity Professional (CBCB), Committee of Sponsoring Organizations of the Treadway Commission (COSO), and Institute of Internal Auditors (IIA).

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

Microsoft will accept applications for the role until December 18, 2024.

Risk Assessment

• Executes the process and methodology for the risk management lifecycle (e.g., data collection and data analytic methods) for projects smaller in scope and duration.
• Gathers relevant internal and external information and/or reports (e.g., threat intelligence reports). Gathers and analyzes information from client team representatives and conducts interviews or focus groups with job incumbents to identify risks, determine the degree of risks within the work environment, identify any relevant data sources, and gather additional relevant context with guidance. Compiles information to understand the risk associated with the job, project, or process and root causes of the risks on routine projects.
• Scores risks and contributes to risk prioritization using appropriate risk profile scoring. Assists in the development of risk scorecard(s) by using weighted scores to identified risks leveraging risk management models and rating criteria with the guidance of others on routine projects.

Risk Governance

• Assists in presenting risk assessment information describing relevant behaviors, activities, or processes and the identified risks associated with them to ensure awareness and support, and gain approval from relevant stakeholders.
• Identifies ownership and helps determine accountability to stakeholders for top risks and top mitigating activities with minimal guidance. Reports on the level of risks continuously and supports updating the accountability owners on the status.

Risk Remediation

• Drafts mitigation plans and processes with minimal guidance, (including appropriate risk registers and controls on risks) and helps accountability owners understand the plans to reduce risk. Ensures alignment and agreement with risk reduction plans and processes, and that accountability owners have the capacity to drive the mitigation plan and adds friction to the policy, with minimal guidance. Coordinates across the different accountability owners to ensure teams are tracking and trending properly.
• Assists in the review of risk governance to ensure a particular risk area is receiving the appropriate amount of attention with minimal guidance. Identifies and escalates any concerns of related to risks being monitored.

Data Analytics and Risk Insights

• Obtains the appropriate datasets internally or externally to ingest into the risk assessment model with minimal guidance. Assists in determining what information is needed and how the information is applied in the model. Builds and sustains analytical models. Ensures appropriate data is available.
• Executes on work to identify the correct methodology and framework for risk modeling using templates. Leverages the appropriate datasets and up-to-date risk methodologies, and makes recommendations to update the model as necessary.
• Learns to identify pertinent information from risk assessment modeling output to gather risk insights on resource prioritization, root causes, risk identification, and top risk-related mitigation with minimal guidance.

Issue and Exception Management

• With guidance, identifies risk policy or procedure, risk ownership, or contractual language issues within a single business area from relevant stakeholders. Attends regular rhythm of business (RoB) meetings to gather insights on issues from others.
• Executes process for policy and procedure exception requests. Ensures understanding of the request rationale and presents any alternative options for compliance with minimal guidance. Provides recommendations for appropriate mitigation plans and timelines for exception expirations on routine projects with minimal guidance.

Other

• Embody our and