Job Description

We are looking for an engineer who excels at working across teams to drive compliance for the industry solutions we are building across the Microsoft Cloud - Dynamics 365, Power Platform, Azure, and Microsoft 365 - to help drive digital transformation in industries.

The urgency for entire industries to transform at scale has never been greater. In response, we, at Microsoft, have accelerated our efforts to support and co-innovate with customers and partners with industry-specific cloud offerings that can provide a launchpad for further innovations. In Feb 2021, we announced three new industry-specific cloud offerings: Microsoft Cloud for Financial Services, Microsoft Cloud for Manufacturing, and Microsoft Cloud for Nonprofit, in addition to an update for Microsoft Cloud for Healthcare and a Preview for Microsoft Cloud for Retail.

We created the Microsoft Industry Clouds by bringing together common data models, cross-cloud connectors, workflows, APIs, and industry-specific components and standards, with the breadth of Microsoft's cloud services, including Microsoft 365 and Teams, Azure, Microsoft Power Platform, Dynamics 365, and security solutions. Through these Industry Clouds, we aim to empower everyone to deliver value faster, adapt quickly to changing conditions, build for the future, and do all of this with security at the core.

Are you interested in joining us on this journey? We are looking for an engineer who can work with products across the Microsoft Cloud - Dynamics 365, Power Platform, Azure, and Microsoft 365 - to ensure that our Industry Clouds meet strict compliance requirements for security, privacy, accessibility, and other industry-specific requirements.

Responsibilities

* Coordinate the GRC (Governance, Risk, and Compliance) workstreams for all Industry Clouds across the Business Applications Group, M365, and Azure to present a holistic view for each Industry Cloud.
* Lead E2E Industry Cloud compliance reviews with legal or C&E and Office for security, privacy, AI, industry-specific certifications, and accessibility reviews where applicable.
* Coordinate the documentation and messaging for Microsoft Solution Center, Microsoft Trust Center, and any other public facing resources related to compliance.
* Maintain current status and roadmap of all compliance workstreams across all Clouds and report the same in shiprooms and Dev Ops.
* Ensure signoff on the compliance requirements in the product launch criteria from Azure and Office, for Preview and GA launches.
* Specific workstreams could include but not limited to the following:
* Security Reviews:
* Threat modeling and security reviews: you will review the design of services from a security perspective to identity vulnerabilities and weaknesses in the architecture. Collaborate with the service team, guiding them to implement those recommendations and helping them to succeed with a security mindset.
* Penetration testing: you will examine chosen target systems in detail, looking for vulnerabilities and weaknesses, and, in collaboration with other penetration testing and red teams around the company, demonstrate the value of an assume breach mentality.
* Emerging threat and vulnerability research: you will have opportunities to identify and evaluate new areas for research, perform analysis into emerging threats, including proactive security research on the technologies that Azure and our customers utilize and depend on.
* Privacy Reviews
* Coordinate privacy reviews of E2E customer scenarios across Dynamics, Power Platform, Azure, and M365.
* Understand customer pain points and requirements by region, language, and type of Cloud (Public, Fairfax, Jedi), by industry vertical across all Industry Clouds, and ensure appropriate reviews take place.
* Lead technical and compliance conversations with engineering teams, legal, marketing, and preview customers/partners where applicable, on privacy, data residency, and related compliance topics.
* Collaborate with privacy program managers on privacy and compliance policy.
* Participate in privacy councils and represent Industry Cloud engineering.
* Industry Certifications
* Lead the investigation of industry-specific certifications, such as HIPAA and HI-TRUST for Healthcare and PCI DSS for FSI.
* Lead the technical discussions and documentation.

Qualifications

* 5+ years' experience in a hands-on security and/or privacy role, with demonstrable software engineering skills and mastery of multiple classes of security defects
* Bachelor's degree in Digital Security, Information Technology, Information Assurance, Computer Science, or a related field, or equivalent alternative education, skills, and/or practical experience
* Experience with Microsoft Secure Development Lifecycle requirements
* Hands-on experience with Service Tree, S360, Privacy Manager, and related tools
* Experience with security events (including large-scale breaches) is a must, as is the ability to identify themes and trends through large scale data analysis
* Ability to gather stakeholder feedback and incorporate that into strategies that support business outcomes.

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check. This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

BAGjobs BASjobs BizAppsSolutions