Job Category: Operations
Location: Humacao, PR
Job ID: 825420-102959
Come as you are. Do what you love.
Microsoft are global company, located in over 100 countries, with revenues of over $70bn. Many people think Microsoft = software - but we also do hardware, services, research and more. Think Windows, Windows Server, Azure and Visual Studio. Online services such as Bing and MSN. Business solutions like Office and Exchange. And devices like Surface, Xbox, Kinect, Windows Mobile, and more. We're passionate about what we do. This means opportunities for Microsoft employees- to do things that impact the lives of millions, if not billions. So why not take a closer look at Microsoft? Explore what we do, where we do it, and what life is really like at Microsoft. You might be surprised.
We invite to explore the Security Compliance and Continuity Manager at Microsoft Operations Puerto Rico.
This is a key staff level role that ensures appropriate security, compliance and continuity of the environment, processes, systems and facilities within Microsoft Operations Puerto Rico. At implementation, this role requires substantial strategy and development as these mission-critical functions have been dispersed across the organization and, in some cases, have resided with vendors. Developing and implementing an approved strategy for the right mix of direct and dispersed responsibility in all areas will be key to success.
While a variety of resources, assigned and/or virtual, may be employed to accomplish the scope of the position, this position is accountable to the General Manager of Microsoft Operations Puerto Rico for development and delivery of all areas concerning security, compliance and business continuity.
- Ensuring appropriate and effective physical security for Microsoft Operations Puerto Rico (MOPR)
- Providing appropriate and effective interaction with all security-concerned groups including but not limited to Global Security, Supply Chain Security, Microsoft IT (MSIT) and Global Foundation Services (GFS)
- Ensuring full compliance with all auditable requirements for Microsoft Operations Puerto Rico including but not limited to ADP, ISO, S-Ox, TWC and GRC
- Producing and maintaining full disaster response and business continuity plans for Microsoft Operations Puerto Rico; this will include both physical and other (digital, release) aspects of the operation
- Determining and implementing appropriate models and future direction in all aforementioned areas
Ensure appropriate physical security measures are in place and maintained across Microsoft Operations Puerto Rico. This includes all requirements in the realm of both physical and digital operations, interaction and compliance with all groups that are concerned with all operations resident within MOPR. This will require working across multiple groups both within and outside of MOPR. Included in this requirement is any required production of documentation as well as retention and updating of associated documentation. At all times, full documentation for all aspects of MOPR’s operations must be available, accessible and current.
Producing and maintain full disaster response and business continuity plans for Microsoft Operations Puerto Rico; this will include both physical and other (digital, release) aspects of the operation. At all times, full documentation on procedures across the operation must be available, accessible and current. In the event of a business disruption, this position will serve as the site leader for disaster response and recovery
Ensure full compliance with all auditable standards across Microsoft Operations Puerto Rico. This will require working across multiple groups both within and outside of MOPR. Included in this requirement is any required production of documentation as well as retention and updating of associated documentation. At all times, full documentation for all aspects of MOPR’s operations must be available, accessible and current.
Develop and implement strategy for on-going compliance, regardless of changing business requirements, in all primary areas of responsibility (Security, Compliance and Business Continuity)
Role in Business and Job Scope:
- Build strong relationships with a variety of stakeholders across the MOPR facility and across multiple corporate groups such as Global Security, Supply Chain Security, Global Security, Supply Chain Security, Microsoft IT (MSIT), Global Foundation Services (GFS), ADP, ISO, S-Ox, TWC and GRC. In some cases, non-productive, adversarial and territorial relationships are in place today and have been allowed over several years. Working with the MOPR GM to properly establish ownership and accountability vs. responsibility or consultative / inform (RACI) will be a key to success.
- Build community across MOPR to ensure requirements across the realm of accountabilities within this position. It is important that this role do only what this role is required to do while leveraging subject matter expertise in specific areas (IT, S-Ox, etc.) to ensure full performance.
- In the 6-month time horizon, the occupant will be expected to have fully documented MOPR’s requirements in all areas of primary responsibility (Security, Compliance and Business Continuity). Within one year, a rhythmic approach to auditing and updating all aforementioned documentation will be in place.
- In the 2 year time horizon, the occupant will have a fully sustainable and transition-ready documentation set, processes for testing and updating and as much responsibility as possible resting within the subject matter expertise of business process owners.
- All of the primary functions of this position (Security, Compliance and Business Continuity) are mission-critical aspects of operations in Microsoft Operations Puerto Rico. An incident within any of these areas would cause significant damage to the reputation of the operation and its ability to continue to attract beneficial business to the operation.
- Microsoft Operations Puerto Rico is the source of more than $1b of Corporate benefit on an annual basis. Any escape of intellectual property, failure in compliance or significant business disruption could be extreme enough to materially impact Microsoft corporate-level financial performance.
- Collaborating with multiple teams previously discussed and working with the GM of MOPR, this position will be responsible and accountable for all decisions concerning the position’s primary areas of responsibility (Security, Compliance and Business Continuity).
- In some cases, the multi-participant environment (Global Security, Supply Chain Security, GFS, TWC, etc.) will require negotiation and determination of actual implementation within MOPR. Additionally, clarity regarding ownership must be established and maintained, conflicting with the perceived charters of some teams.
- Fully responsible and accountable for our practices in the primary areas of responsibility (Security, Compliance and Business Continuity). While this person will work with many people across many groups as well as the GM of MOPR, this position is responsible and accountable for performance in these areas.
- In worst case scenarios, there is non-productive, territorial behavior that could materially negatively impact the on-going operations of MOPR. This person will be responsible and accountable for assembling what exists, vetting and modifying as appropriate (and being able to make those types of decisions), developing processes and documentation in areas where it doesn’t exist, maintaining that documentation and providing a rhythmic approach to testing and updating said processes and documentation.
- There may be management of vendors/contractors. There will be many virtual relationships where the responsibility and accountability of this position will require very effective Collaboration as well as Influencing for Impact.
- As previously discussed, this position will interact with multiple areas of MOPR as well as several teams outside of MOPR. This is a direct report to the GM of MOPR with no direct reports assigned but likely responsibility for the performance of one or more vendors. Communication requirements will be extensive both within and outside of MOPR and will include but not be limited to requirements documentation and communication, status reports and escalations and resolution of multiple types of incidents.
- External to Microsoft communications will be limited to any determination of communication required in the event of a significant business disruption. Other than that, communications will be internal to Microsoft.
- These groups include but are not limited to Global Security, Supply Chain Security, Global Security, Supply Chain Security, Microsoft IT (MSIT), Global Foundation Services (GFS), ADP, ISO, S-Ox, TWC and GRC.
- The position will be accountable to all costs associated with the primary areas of responsibility (Security, Compliance and Business Continuity). These areas currently cost in excess of $1m per year and protect corporate benefit of more than $1b annually.
Must be able to successfully complete company background check as well as pre-employment drug screening.
- 8-10 years of related experience
- Bachelor’s Degree plus specialist Security credentials. Also, high level security clearance for government will be preferred.
- Security, compliance, disaster recovery certifications are a plus.
- Deep security knowledge and knowledge of business scenarios. Overall knowledge of aspects of physical security, information security, compliance and business continuity is required.
Microsoft is an equal opportunity employer and does not discriminate against individuals on the basis of race, gender, age, national origin, religion, marital status, veteran status, or sexual orientation.
Microsoft - 18 months ago
Microsoft Corporation develops, manufactures, licenses and supports a range of software products for computing devices. The Company's...