Risk Manager- Cybersecurity


Location: Atlanta, Georgia, Austin, Texas, Charlotte, North Carolina

Job Type: Full time


The most difficult thing is the decision to act, the rest is merely tenacity.
- Amelia Earhart

Microsoft’s Cloud business is experiencing explosive growth, and the Capacity, Supply Chain & Provisioning (CSCP) organization is responsible for enabling the infrastructure underlying this growth. Our mission is to deliver the world’s computer with an industry-leading supply chain. CSCP is responsible for strategic sourcing, customer demand forecasting, capacity planning and management, supply chain planning and execution, capacity provisioning, and decommissioning and dispositioning of datacenter assets worldwide.

Are you interested in enhancing one of the most exciting products in Microsoft, passionate about exceeding customer expectations and advancing Microsoft's cloud first strategy?

 The Microsoft Capacity & Supply Chain Provisioning Organization’s (CSCP) Security, Risk & Compliance team is building an architecture and validation program to drive world class security, sustainability, and risk of our Azure infrastructure.

We are looking for a Senior Risk Manager – Cyber & IT. The Senior Risk Manager – Cyber & IT will, in conjunction with the team, drive the progression of the risk baseline for Azure hardware and systems.

You must have the ability to think strategically at a global level and effectively develop key processes, procedures and communications that facilitate cross-functional implementation of compliance processes and risk reporting. An experienced and motivated risk and compliance individual contributor is needed to work across a matrixed team in place today and growing in the future. The successful candidate has a track record of developing strong relationships, collaborating across teams, coordinating multiple timelines, and managing complex, cross discipline projects.


Drive initiatives tied to Supplier Security across various business teams that deal with information technology

Manage incidents in Azure cyber supply chain at third parties

Partner with business groups to manage security requirements at third-party locations

Meet with stakeholders to gather and integrate feedback and evangelize the program

Create metrics and measure progress and compliance

Author case-studies or whitepapers highlighting gaps, lessons learned, and recommendations

Provide supply chain security assessment remediation oversight.


Required Qualifications:

  • 2 to 5 years minimum experience in Cybersecurity, Risk Management, Supply Chain security, or related role
  • BS/BA in Cybersecurity, Information Technology, Computer Science, Physics or related field or equivalent work experience

Preferred Qualifications:

  • Strong written/oral communication skills required, along with desire and ability to communicate with business and engineering teams through all levels of the organization
  • Familiarity with Cyber Risk Management concepts and controls (e.g., US NIST 800-171, US NIST 800-53, ISO 27000 series, SOC 2, CIS Controls)
  • Familiarity with Data Privacy and data removal standards (e.g., NIST 800-88)
  • Experience with security audits, mitigation plans and driving operational improvements
  • Strong written/oral communication skills required, along with desire and ability to communicate with business and engineering teams through all levels of the organization
  • Ability to partner with engineering and business teams to build credibility and trust while driving alignment around common strategy
  • Proven capability to make quick, thoughtful, and defensible decisions from a position of ambiguity
  • Experience with information technology and products and cloud environments
  • CISSP, CCSP, CEH, CISA CRISA or similar, related certification


Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

You’ve got this!