Microsoft Corporation Risk Manager in Issaquah, Washington

Microsoft Services' Information Protection and Governance (IPG) team is seeking a Risk Manager to help shape and implement data protection initiatives and operational integrity across the Supplier landscape (Third Parties). The charter of Microsoft Services is to build and iterate a people and process capability that enables our sales and delivery teams to execute with confidence and achieve more for our customers. Our priorities are to deliver valuable employee and customer-facing services and insights, identify and solve for simplification opportunities, and plan and deliver new operational motions that accelerate our digital transformation. The Services operations model leverages best-in-class global partners to deliver internal and external services. If you are a dynamic, driven person who loves to partner with teams from around the world to make our employee and customer experience better while ensuring we operate a simple yet highly effective Supplier Risk Management framework, we have a career opportunity for you!

The successful candidate will architect and implement a comprehensive risk management program that integrates data protection, compliance, and other critical IPG capabilities. Key to this role is the ability to design, develop, articulate, and translate technical risks and concerns to business risks and impacts. Also very important is effective stakeholder management, and being able to tailor communications to various levels of the division. Understanding the Suppliers risks and opportunities facing our division, assessing exposure, and effectively responding, will help IPG achieve our overall objectives.

To be successful, you must possess broad data protection and compliance expertise accented with technical proficiency and risk-focused methodologies. Also crucial are strong program management skills, the ability to influence without authority, to work in a quickly changing area, and be able to represent the team to partners and leadership.

Our team values strong cross-team communication and collaboration, and proactive sharing of learnings and best practices to help make our whole team stronger. At the same time, to be successful in this role you need to be a self-motivated driver who can succeed with limited direction.

Travel will not normally be required.


• Own and develop the Supplier risk management program globally across Microsoft Services to drive risk reduction, including the onboarding and vetting of Suppliers

• Develop Supplier risk management framework to include security, privacy, anti-corruption, and compliance domains

• Collaborate and integrate with other Supplier risk management programs to evaluate the current state of Supplier risk, determine appropriate levels of mitigation, provide recommendations and strategies by collaborating with our Data Protection discipline and SME teams

• Lead a variety of Supplier risk assessments for applications and systems, business process engineering, and customer data flow within the environment; architect mitigation strategies to reduce risk and enable the business, and determine effective monitoring solutions.

• Develop Supplier risk definitions, criteria and assessment templates for use internally and external to IPG

• Collaborate with Microsoft Services Supplier Relationship Managers, Procurement, Finance and CELA to ensure risks are understood, measured, monitored and reported out

• Establish and report relevant Supplier metrics and KPIs to communicate status, demonstrate progress and build awareness of program

• Build and nurture positive working relationships with stakeholders and leadership, and be engaged as a trusted advisor


• Knowledge of and familiarity with various data protection frameworks and regulatory/compliance requirements such as NIST, COBIT, ITIL, ISO27001, EU Data Protection Directive, etc.

• Knowledge of and familiarity with anti-corruption, third party risk management and contractual workflows

• Ability to perform complex process reviews, interpret the results and articulate the findings in a clear and concise manner

• Excellent written and verbal communication skills with the ability to tailor communications based on audience

• Strong project management abilities, driving projects and deliverables, and measuring results

• Self-motivated with ability to work with little supervision

• Ability to analyze complex problems, think creatively, communicate recommendations, influence change and drive process and structure into an extremely dynamic environment

• B.S. degree or equivalent work experience in risk management, business management, information systems or other relevant field.

• 5+ years of combined risk management, risk consulting, and/or data protection work experience.

• Advanced knowledge and understanding of a wide range of relevant core data protection technologies, and information security and privacy standards, laws and regulations is preferred

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.