for Program Manager 2

Job Description

Application Risk Program ManagerThe Trust & Integrity Protection (TrIP) team has an immediate opening for an Application Risk Program Manager to help shape and implement data protection requirements across our vast tools and technology ecosystem. TrIP develops strategies, architects solutions, and executes programs that enable customer data protection including privacy, security, governance, risk, & compliance solutions, and provides guidance and oversight across the Worldwide Commercial Business.In this role, you will act as a member of the TrIP team to review and improve application and infrastructure security across the worldwide commercial business. This is a technical PM role, so you will use structured analysis and innovative software technology to improve the security of our business.Our team values collaboration, and proactively sharing best practices to help make our whole team better. You will work with a team of collaborative security professionals who will value you as an individual and support your professional development.In this role, you will work independently, or as part of a team to provide thought leadership and subject matter expertise related to the security and privacy of tools in WCB. Key to this role is the technical aptitude and operational ability to leverage a risk-based mindset to highlight risks and impacts. Also critical are proficient program management skills, the ability to influence cross-discipline projects, to work in a quickly changing area, and be able to represent your work to partners and leadership.Responsibilities
• Perform thorough, documented control reviews of applications and platforms, to identify security, privacy, continuity, fraud protection and compliance-related gaps.
• Design and develop assessment measures for the Software Assurance Program as it applies to applications and services to achieve clear and measurable outcomes for the business.
• Lead cross-organizational teams to create and maintain application risk guidance
• Drive programmatic change across WCB to improve the overall risk posture of our technology stack
• Build and nurture positive working relationships with stakeholders and leadership, and be engaged as a trusted advisor
• Consult on Protective Measures once gaps are identified in the data protection process
• Actively create opportunities for synergies across customer, partner, and internal groups to drive long-term solutions and shared roadmaps in the application risk space.
• Develop Reporting and metrics to enhance tracking inside the application risk program
• Work closely with various Engineering organizations and Tool owners to support programmatic initiatives
• Maintain hours of core availability between 14:00 and 17:00 UTC.
,Minimum Qualifications:
• 6+ years of combined technical risk management, technical risk consulting, and/or software security work experience.
• Demonstrated ability to incorporate diverse perspectives to thoroughly address complex business issues.
• Ability to collaborate with other professionals, remove barriers to progress, and lead cross organizational teams to accomplish complex technical objectives.
• Understanding of data security concepts, such as Application Static Analysis Testing, encryption mechanisms, and network security controls with emphasis on Microsoft technologies.
• Understanding of contemporary cloud computing models (IaaS, PaaS, Saas) with emphasis on Microsoft technologies
• Bachelor s degree in Computer Science, Information Technology, or Computer Security.
Additional Qualifications:
• Demonstrated ability to perform complex process reviews, interpret the results and articulate the findings in a clear and concise manner
• Experience in software program management, Feature Program Manager, or equivalent.
• Working knowledge of and with:
  • Various data protection frameworks and regulatory/compliance requirements such as NIST, COBIT, Cloud Security Alliance, ISO27001/27018, GDPR
  • Security Development Lifecycle (SDL) and Software Development Life Cycle (SDLC), its stage gates and requirements
  • ADO (Azure DevOps), VSO (Visual Studio Online) or other code management, release management, config tools
  • Vulnerability categorization methodologies, such as MITRE CVE, OWASP Top Ten or similar
• Familiarity of 1CS (One Compliance System), ServiceTree, Liquid (Requirements Catalog), eGRC, and/or other compliance-related tools preferred
• Excellent written and oral communication skills with the ability to tailor communications based on audience
• Ability to analyze complex problems, think creatively, communicate recommendations, influence change and drive process and structure into an extremely dynamic environment
Location: Hyderabad, Andra PradeshTravel: Will not normally be required.Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form .Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

Keyskills :
agileprogram managementproject managementdeliverymanagement