Senior Supply Chain Security Program Manager
Microsoft
Senior Supply Chain Security Program Manager
Redmond, Washington, United States
Save
Overview
Microsoft’s Cloud business is expanding, and the Cloud Supply Chain (CSCP) organization is responsible for enabling the infrastructure underlying this growth including AI! CSCP’s vision is to empower customers to achieve more by delivering Cloud Capacity Differentiated at Scale. Our mission is to deliver capacity for all cloud services predictably through intelligent systems driven by continuous learning and a world class organization. The CSCP Organization is responsible for traditional supply chain functions such as Plan, Source, Make, Deliver, but also manages supportability (spares), decommissioning and disposition of Data center assets worldwide. We deliver the core infrastructure and foundational technologies for Microsoft's over 200 online businesses including Bing, MSN, Office 365, Xbox Live, Skype, OneDrive and the Microsoft Azure platform for external customers. Our infrastructure is comprised of a large global portfolio of more than 200 datacenters supporting services for more than 1 billion customers in over 90 countries worldwide.
The Security, Risk & Compliance team is looking for a motivated and experienced leader to join our team. We are hiring a Sr. Supply Chain Security Program Manager. The Sr. Supply Chain Security Program Manager will be part of the risk management team responsible for identifying, assessing, actioning, monitoring, and driving control testing effectiveness, specifically focused on supply chain security risks. This role will influence policies and support the operational cadence of third-party supplier compliance and risk assessments. Therefore, this leader must have experience leading cross-functionally without direct authority. This role will engage with business partners and suppliers to evaluate risks, provide subject matter expertise, and measure the maturity and inherent risks of our supply chain hardware security. You will have the unique opportunity to contribute to the creation of an advanced Supply Chain attack and threat modeling program that will improve supply chain threat awareness. Additionally, this role must collaborate closely with other Microsoft and Azure Cloud security teams to mitigate risks and enhance the overall security posture of our suppliers and hardware.
Qualifications
Required Qualifications:
- 4+ years experience in Security Program or Program Management or related field.
Other Requirements:
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
- Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Preferred Qualifications:
- Bachelor's Degree in Business Risks, or related field AND 8+ years experience in Security Program or Program Management
- OR equivalent experience.
- Certified Protection Professional (CPP) or equivalent Protection certification
- OR Physical Security Professional (PSP)
- OR equivalent Physical Security Certification.
Security IC4 - The typical base pay range for this role across the U.S. is USD $94,600 - $183,800 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $122,000 - $200,500 per year.
Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until January 2, 2025.
#cscpjobs
Responsibilities
- Anticipates and addresses security threats by gathering, analyzing, and evaluating information about existing or potential threats to determine the likelihood of Microsoft hardware or hardware suppliers being targeted. Monitors and manages the development of current, emerging, and evolving threats that could have an impact. Identifies and addresses assets or operations where security is inadequate and could be exploited by a threat. Evaluates geopolitical activities and events, synthesizing key intelligence to inform internal and external stakeholders or employees of potential threats. Informs, escalates, and manages risks to the appropriate teams.
- Identifies and interprets security risks. Select, implements, and manages measures to mitigate identified risks. Develop strategies and methods to measure the effectiveness of these actions. Drafts mitigation plans and processes, including appropriate risk registers and controls, and helps accountable owners understand and implement these plans. Ensures alignment and agreement with risk reduction plans and processes, and that accountable owners have the capacity to drive the mitigation plan independently. Holds accountable owners responsible for reducing risk and coordinates across different teams to ensure proper tracking and trending.
- Designs, implements, and monitors controls to treat risks. Monitors and manages the effectiveness of measures taken to modify risks. Monitors and manages the security aspects of assets/projects throughout the asset or project lifecycle. Participate in discussions to develop plans of action and milestones to track and mitigate risks.
- Performs analysis to detect advanced security threats, alerts, or risks. Leverages data to deliver actionable insights and drive our threat management and security risk management strategy.
- Contributes to the development of the risk assessment model. Obtains the appropriate datasets internally or externally to ingest into the risk assessment model. Determines what information is needed and how the information is applied in the model independently. Builds and sustains analytical models. Ensures appropriate data is available. Identifies the correct methodology and framework for risk modeling independently. Leverages the appropriate datasets and up-to-date risk methodologies, determines critical information to include in the model(s), and makes in-depth recommendations to update the model, as necessary. Leadership
- Develops public, private, and supplier partnerships. Engages with the stakeholders and communicates risk assessment findings. Coordinates activities with stakeholders as appropriate.
- Consults stakeholders to provide security capabilities. Collaborates with teams to implement risk management frameworks for identifying and controlling security risks across the CSCP Universe of Risks. Anticipates and addresses global security disruption to drive decision-makers in mitigating risks and responding to residual risks. Summarizes and reports risk analysis findings to internal and external stakeholders and leaders. Advises on strategy to mitigate and respond to residual risks based on its team's anticipation of global and physical disruption.
- Facilitate discussions with internal and external program leaders to establish a strategic vision and service model to improve security operations. Communicates security-related strategy to the respective suppliers and internal stakeholders. Identifies innovation and technology improvements and contributes to the development of new security delivery-related applications and processes. Develops strategy to mitigate and respond to residual risks based on its team's anticipation of global and physical disruption.
- Other