Risk Manager - Access and Security

Company: Microsoft Corporation
Location: Redmond
Posted on: June 9, 2021

Job Description:

Do you have a passion for enabling privacy and data governance best practices, building strategic partnerships across teams, and empowering people? If so, an opportunity to lead access and security risk management for the HR organization may be for you!

The Global HR Services organization provides end-to-end operational and support services for Microsoft HR, serving 160,000+ employees in over 100+ countries. The primary areas of focus include employee, manager & candidate support services, core HR services (HR hire-to-retire processes), business process optimization, HR solutions, consulting, and project management. The success of the HR Services organization is critical to the overall effectiveness of HR and our ability to ensure consistent, predictable, and transformative employee and manager experiences.

HR Business Excellence is a global function that provides overall governance, risk management, compliance monitoring, privacy and security assessments, and continuity and response services for all of HR. HR Risk & Compliance is a function of the HR Business Excellence organization - Our mission is to partner with our HR stakeholders to protect the Microsoft Mission and promote a culture of Risk Management and Compliance.

The vision for the Risk Manager - Access and Security on the HR Risk & Compliance team is to champion the access principle of least privilege so that all HR employees, external staff, and engineering (IT) partners supporting HR, have all the right levels of access, to all the right systems, tools, and data, at all the right times. The Risk Manager will lead to enable that vision, taking a risk based approach to identify immediate and long term risks, and building strategic partnerships with HR, IT, and Compliance teams to enhance the access and security management posture for the HR organization through process, control, and automation design.

Required:

• 7+ years of experience driving risk management and compliance programs, with a combination of the following: HR Operations, Risk Management and Compliance, External or Internal Audit, Identity and Access Management, or related field.
• 5+ years expertise as a IT general computer controls subject matter professional with experience driving operational and/or regulatory compliance (e.g., SOX, HIPAA, GDPR).
• 3+ years experience delivering excellent verbal and written communications to middle management and senior leadership.

Preferred:

• Ability to ramp up quickly to systems and technologies supporting access provisioning processes.
• Ability to design projects to govern role based permissions and promote process automation.
• Proven experience defining and presenting strategic roadmaps to HR and IT leadership.
• Proven experience as a strong cross group collaborator and team player, dealing with ambiguity and complex problems, resolving conflict, and influencing senior executives.
• Experience engaging with Business, IT, and Compliance partners, able to drive cross group analysis of end to end process flows and identification of controls.
• Experience aligning role based permission strategies to broader risk management, data governance, privacy, and business continuity objectives.
• Experience with HR organizational processes such as recruiting, employee data lifecycles, HR service delivery, compensation and benefits programs, diversity & inclusion, learning, and/or HR consulting.
• Experience with SAP SuccessFactors HR tool suite, including Employee Central.
• Experience remediating findings from Internal and External Audit engagements.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

• Risk Management Program: Drives formal risk assessments with HR stakeholders at the global, regional, and local level to identify, assess, and evaluate risks; makes recommendations to address risks and non-compliance; designs and monitors a risk register to centrally track compliance risks, trends, and mitigating action plans.
• Strategic Partnerships: Builds partnerships to gather and prioritize tool and process feedback from key operational stakeholders in partnership with HR program subject matter experts, vendors, and IT partners; drives the identification of systemic efficiencies and process improvements for large-scale or high-stakes HR programs.
• Role Based Access and Security Design: Proactively partners with HR groups to understand HR business users data and associated access needs. Establishes and drives guidelines for segregation of duties. Leads efforts to automate role based permissioning processes and controls across employee, external staff, and HR IT access lifecycle scenarios.
• Project Management: Creates project charters and success criteria for large-scale projects, identifies resource needs; creates project plans and leads project team meetings; tracks progress and deliverables, risks, and action items; communicates with relevant stakeholders/project sponsors/steering committee (e.g., business leaders, HR and IT partners) about project status and impacts.
• Access Governance: Leads access governance committee to establish strategic priorities with cross functional and organizational HR, IT, Business, Federal, and Compliance leaders to define, monitor, and prioritize remediation of HR access and security risks.

Keywords: Microsoft Corporation, Redmond , Risk Manager - Access and Security, Other , Redmond, Washington