Policy & Controls Manager

Microsoft is on a mission to empower every person and every organization on the planet to achieve more.

Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day.

Growth mindset encourages each of us to lean in and learn what matters most to our customers, to create the foundational knowledge that enables us to make customer-first decisions in everything we do.

In doing so, we create life-changing innovations that impact billions of lives around the world.Microsoft’s Trust & Integrity Protection (TrIP) team is looking for an experienced and motivated individual to help expand our Risk and Compliance team (RCO) and enable our business stakeholders to better safeguard their environments.

TrIP defines processes for customers’ data protection including privacy, security, governance, risk, and compliance solutions, and provides guidance and oversight across the MCAPS (Microsoft Customer & Partner Solutions) organization.

MCAPS unifies the commercial go-to-market organization to accelerate our progress, stay true to the Microsoft mission, and empower our customers, partners, people, and Microsoft’s growth.

The goal of RCO is to manage and reduce risk while driving governance, policy, standards, controls, and compliance for MCAPS.RCO is looking for an experienced **Policy & Controls Manager** to drive policy lifecycle and controls management efforts across a number of critical multi-year technical projects.

The ideal candidate should have proven project management capabilities, experience with policy lifecycle management, and a background working in cloud environments, preferably Azure.

This candidate must have excellent written and verbal communication skills, strong attention to detail, and the ability to effectively engage with audiences of varying technical and business functions.

This candidate must be able to work well under pressure while being both agile and flexible, and have the ability to easily navigate ambiguity and change.

The successful candidate should also have experience working collaboratively with multiple teams and evaluate risk while driving towards conflict resolution.**Responsibilities****Creation**+ Work with team leaders and subject matter experts to understand new policy requirements and controls to translate into common-use, consumable business rules.+ Assign, assess, and monitor ownership for policies to ensure they are relevant at all times.+ Ensure all policies in your remit are written in a consistent format and language.+ Shepherd the policies through the approval phase and document approvals from end to end.**Communication**+ Publication: It is the responsibility of the Policy Manager to own and publish all relevant baselines for Trust & Integrity Protection and ensure that they are available and maintained on an accessible platform.+ Training: It is the responsibility of the Policy Manager to create content with the domain subject matter experts and coordinate any needed training rhythm of the business with our training resources.+ Attestation: It is the responsibility of the Policy Manager to create the process, procedures, and mechanisms (or leverage and improve existing ones) to demonstrate attestation.**Management**+ Enforcement: The Policy Manager will work with testing and auditing leads as well as the incident response team to incorporate feedback into any future policy and/or business rules iterations as required.+ Exception Mgmt: The Policy Manager ensure their work leverages the exception management process for Trust & Integrity Protection.**Maintenance**+ Improvement: It is the responsibility of the Policy Manager to hold annual reviews in which they discuss the relevant policy and business rules program(s) with domain subject matter experts and take feedback on the updates that need to occur.**Process Improvement**+ Understand how processes and their supporting technical requirements across Microsoft Customer & Partner Solutions diverge so that we can bring action plans to leadership to align (where required) on divergent processes/technical needs.+ Ensure that business partners do not have several different approaches to delivering the same standards of protection for the same organizations, products and services, processes.**Qualifications**+ 5+ years’ experience in project, program, and/or policy lifecycle management required; PMP certification a plus.+ 2+ years’ experience in configuring and maintaining cloud environments (e.g., Azure) preferred.+ Bias for action, complete ownership of your area of responsibility & the ability to work independently are key skills required in this space.+ Prior experience in risk management or quality management a plus+ Ability to think strategically, tactically, and proactively.+ Excellent verbal and written communication skills to diverse technical and functional audiences+ Strong cross-group collaboration and team player+ Ability to deal with ambiguity and complex problems+ Knowledge of industry security standard frameworks, such as COBIT/COSO, ISO27001, PCI, NIST, privacy are preferred but not required.+ The salary for this role in the state of Colorado is between $126900 and $190400.+ At Microsoft, certain roles are eligible for additional rewards, including annual bonus and stock.

These awards are allocated based on individual performance.

In addition, certain roles also have the opportunity to earn sales incentives based on revenue or utilization, depending on the terms of the plan and the employee’s role.+ Benefits/perks listed here may vary depending on the nature of your employment with Microsoft and the country where you work.

US-based employees gain access to healthcare benefits, a 401(k) plan and company match, short-term and long-term disability coverage, basic life insurance, and fitness benefits, among othersMicrosoft is an equal opportunity employer.

All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.

We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form (https://careers.microsoft.com/us/en/accommodationrequest) .Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.