GOVERN. RISK & COMP DIR

Job Category: Customer Service & Support
Location: Redmond, WA, US
Job ID: 831874-107749
Division: Services & Support

Director - Governance, Risk and Compliance Director
Location - United States, WA Redmond
Microsoft Worldwide Services' Information Protection & Governance Team ( IPG ) is responsible for driving customer trust, confidence and loyalty by building and implementing a world class data protection program, and ensuring compliance with the privacy and security commitments Embedded in that program. This includes accounting for and addressing legal and policy considerations, as well as customer expectations.

We are looking for a seasoned professional to direct the governance, risk and compliance ( GRC ) elements of the global Services Data Protection Program. The Director will run the GRC program and take responsibility for all associated tools, controls, processes, and monitoring for WW Services. The individual will also drive integration of all relevant lines of business with the program. In addition, the Director will help prepare other groups to participate in various audits and achieve various certifications (ISO 27001, FISMA, HIPAA, EU Model Clauses, etc.).

Our group values strong cross-team communication & collaboration. We are looking for a candidate that is both a thinker and a doer, as well as very strong in working across teams to lead and build consensus, resolve conflicts, and create positive long term working relationships. You should also be able to work in a quickly changing environment and be able to represent IPG to customers, partners, and internal or external leadership.

The successful candidate will have experience building programs and GRC strategies that are aligned with business priorities; will have established him or herself as a strategic and trusted partner and GRC expert across a large, matrixed, global organization. The candidate will be a multi-tasker with the ability to manage several complex projects at the same time; will be a self-motivated, high energy, self-confident, proven achiever with the ability to drive for results and will demonstrate an ability to analyze complex problems, think creatively, communicate recommendations, influence change and be able to drive process and structure into an extremely dynamic environment; will have the ability to work closely with executive-level leadership within the company to inform, influence, and collaborate; be skilled at collaborating effectively across multiple groups and to influence outside of the organization.

Responsibilities:
Lead a high performing team, and deliver against an aggressive set of commitments
Partner with other team members and business leaders across division to define strategy and operationalize
Work closely with other organizations across Microsoft to drive efficiencies and share solutions; bring change management skills and methodologies to bear in driving organizational change
Build and manage incident response framework
Develop and manage the annual budget
Define performance metrics, establish measurement capabilities, and demonstrate business impact.
Set up regular review mechanisms with business leadership through a defined performance metric program to ensure measurement, evangelism and education.
Provide challenging assignments to develop skills for individual contributors. Help develop annual recruiting, hiring and employee retention plans for team.
Help prioritize project work and improvement programs based on team resources, capabilities, time and team focus.
Create a working environment that motivates and inspires others to accomplish business goals.
Quickly gain an in-depth understanding of the technology used within the organization
Design and effectively implement simple and scalable compliance controls frameworks, security controls, processes, and policies to ensure compliance with legal regulations, corporate policies, and customer commitments.
Identify trends in compliance activities and execution and when appropriate implement effective mitigation strategies with groups across the organization.
Continuously monitor the status and effectiveness of compliance across service offerings, providing reporting and escalation when needed.
Create plans to scope, execute and reconcile periodic pre-audits.
Will be required to perform complex process reviews, interpreting the results and understanding cost impacts.
Work with other teams to track and report on current and future compliance issues.
Drive and report on remediation activities related to non-compliance
Prepare impact/risk analysis for management assessment of implementation impacts of security control, initiative and policy recommendations to business requirements.
Collaborate with LCA, TWC, MSIT and other information governance organizations to monitor emerging requirements globally to determine the impact to existing business practices and represent Services on cross-company security response efforts.
Communicate program status to stakeholders.

Qualifications:
Minimum 10+ years' experience in the IT or software industry or in business/IT consulting services
10+ years of solution, project, process, operations, and/or change management with proven track record of successful delivery
5+ years senior-level management experience leading very large mission critical programs that involve driving significant technology or process change
Minimum BS/BA degree in Information Systems, related field; MBA or JD preferred but not required
In-depth understanding of information security and privacy standards, laws, and regulations, security risk management, control protocols, methodologies, and practices. In particular, exposure to ITIL methodology, ISO27001, FISMA, NIST 800-53, FedRAMP standards and controls
Very strong verbal and written communication skills, strong interpersonal skills
Proven ability to influence and communicate at senior levels
Very strong cross-group collaboration skill
Excellent written and verbal communication skills, and the ability to represent Microsoft externally
Business process design methodology and implementation
Relevant professional certifications desired (CISSP, CISM and/or CISA).

Interested in learning more about Customer Service & Support? Follow us on Twitter @MicrosoftCSSjob, become a fan on Facebook under "Microsoft Customer Service and Support", and find our blog at http://blogs.msdn.com/b/peoplefirst.

SS:CS
SS:MCSS