Microsoft Operational Risk Manager 

United States, Washington 

499232993

If you love the pursuit of excellence and are inspired by the challenges that come through driving innovations thathow the world lives, works and plays, then we invite you to learn more about Microsoft Business Operations (MBO) - and the value we deliver across Microsoft and to our customers and partners. We offer unique opportunities to work on interesting global projects in an environment that appreciates diversity, focuses on talent development, and recognizes and rewardsgreat work.

, assessing, managing andaccountability for the most critical risks facing the company. Microsoft has a sizable community of talented individuals in dedicated risk management roles whoare responsible for.Operations is uniquely positioned within the company, supporting almost every product Microsoft offers which presents upstream and downstream dependencies.

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Required/Minimum Qualifications

• 6+ years experience in Risk Management, Privacy, Security, Compliance, Government Intelligence, Operations, Auditing, and/or Finance

  • OR Bachelor's Degree AND 4+ years experience in Risk Management, Privacy, Security, Compliance, Government Intelligence, Operations, Auditing, and/or Finance

  • OR equivalent experience.

qualifications

• Relevant Certificationand/or Membership with a relevant riskand compliancedomain area association(e.g., International Organization for Standardization [ISO] Lead Auditor, IInternational Association of Privacy Professionals (IAPP), International Information System Security Certification Consortium (ISC)2, and Information Systems Audit and Control Association (ISACA), Certified Internal Auditor (CIA), Society for Corporate Compliance and Ethics (SCCE), Disaster Recovery Institute (DRI), Certified Business Continuity Professional (CBCB), Committee of Sponsoring Organizations of the Treadway Commission (COSO), and Institute of Internal Auditors (IIA)).

  • The skills set and ability to use power platform suite is a plus.

Risk Management IC4 - The typical base pay range for this role across the U.S. is USD $94,600 - $183,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $122,000 - $200,500 per year.Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:Microsoft will accept applications for the role until September 24, 2024.

Compliance

• Utilize understanding of policies, laws, and regulations to make judgments with minimal guidance.
• Collaborate on compliance strategies, execute compliance tasks, andassistin developing compliance tools and processes.
• Define and test controls,identifyareas for improvement, and ensure delivery of regulations across teams.
• Conduct routine and complex audits, perform quality data checks, and contribute to compliance reporting with some guidance.

• Utilizes knowledge of policies, laws, and regulations to make informed decisions independently, aligning with business needs. May interpret this information to safeguard Microsoft and its customers while advancing the business.Identifiesnon-conformance issues, escalates them to management, and adheres to program guidelines based on corporate policies.

• ownership and accountability for key risks and mitigation activities with minimal guidance.

• Continuously reports on risk levels and updates accountability owners on their status.

• Assistsin presenting risk assessment information, detailing relevant behaviors, activities, processes, and associated risks to ensure stakeholder awareness, support, and approval.

Controls

• Assesses end-to-end operational processes and dependencies for efficiency and effectiveness opportunities. Recommends process and control improvements (e.g., preventative/detective and automated/manual) to mature the control environment.

• controlstodeterminetheir effectiveness andidentifiesareas for improvement, offering design adjustment suggestions with minimal guidance.

• identifypotential failure points, and ensure routine issues are addressed during the design process with minimal guidance.

• Conducts periodic reviews of existing controls to ensure theyremaineffective and relevant to the current riskenvironment. Providesfeedback on control performance and suggests enhancements to improve efficiency and effectiveness.

• Ensures that controls are aligned with industry standards and regulatory requirements,making adjustmentsas necessary to stay compliant.

Consult/Advise/Educate

• Collaborates across teams to ensure consistent application and delivery of regulations and standards, delivering training and beginning to take ownership of training aspects.

• Advises on compliance of products, processes, and programs.

• Educates teams on compliance requirements, reviewsresult, conducts informal assessments, andmonitorscompliance within specific areas. Translates compliance standards and processes into relatable formats for teams.

Risk Assessment

• Executes the risk management lifecycle process andmethodfor smaller projects, including data collection and analysis.

• Gathers and analyzes relevant internal and external information, threat intelligence reports, and conducts interviews or focus groups toidentifyrisks, assess risk levels, and gatheradditionalcontext with guidance.

• Compiles information to understand job, project, or process risks and their root causes for routine projects.

• Scores risks and contributes to risk prioritization usingappropriate riskprofile scoring.Assistsin developing risk scorecards using weighted scores and risk management models with guidance.

Risk Remediation

• Reviews risk governance to ensureappropriate attentionto specific risk areas with minimal guidance.Identifiesand escalates concerns related tomonitoredrisks.

• Drafts mitigation plans and processes, including risk registers and controls, helping accountability owners understand and implement plans to reduce risk with minimal guidance.

• Ensures alignment and agreement on risk reduction plans and processes, confirming accountability owners'capacityto drive mitigation efforts, and introduces necessary policy adjustments with minimal guidance.

• Coordinates across accountability owners to ensure proper tracking and trending of risk management activities.

Knowledge and

The ability to understand, interpret, and apply complex regulatory requirements and standards. This includes stayingup to datewith changes in laws and regulations, analyzing their implications for the organization, andensuring that compliance and risk management practices align with current legal requirements.

Ethical Judgment

to make ethical decisions and foster a culture of integrity within the organization. This includesand addressing ethical issues, promoting ethical behavior, and ensuring that compliance practices uphold the highest standards of honesty and accountability.

Risk Assessment and Mitigation

The ability to systematically, evaluate, and prioritize risks. This includes developing and implementing strategies to mitigate identified risks through controls, policies, and procedures, and regularlythe effectiveness of these measures.

Stakeholder Engagement

The skill to effectively collaborate with various stakeholders, business units, and external partners, to ensure a comprehensive understanding and management of risk. This includes the ability to communicate risk issues and strategies in a way that gains stakeholder buy-in and support.

Process Improvement

The ability to analyze existing control processes,inefficiencies or weaknesses, and implement enhancements. This involves understanding control frameworks, using data analytics to pinpoint areas for improvement, and designing optimized processes that strengthen overall control effectiveness while reducing complexity and cost.

Technical Proficiency

An understanding of relevant software and tools used intesting and optimization, such as data analytics software, and compliance monitoring tools. This skill includes the ability tothese technologies to automate testing procedures, analyze large datasets for anomalies, and track control performance over time.

Attention to Detail

A meticulous approach to reviewing documents, reports, and systems to ensure accuracy and compliance with regulatory standards. This involves the ability to spot inconsistencies, errors, and potential areas of non-compliance, ensuring that all aspects of risk and controls management are thoroughly examined.

Reporting Skills

Preparing comprehensive reports, presenting findings, and providing actionable recommendations in a concise and understandable manner.

and address issues related to risk and compliance proactively. This involves developing innovative solutions to mitigate risks, improve control environments, and enhance overall compliance. The ability to think critically and creatively to resolve complex problems efficiently is essential in this role.

Embody our and