The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.
We are looking to hire a Senior Program Manager to support strategic security and compliance initiatives by analyzing complex security issues, driving risk-informed remediation, and enabling cross-functional alignment across product, engineering, and GRC (Governance, Risk, and Compliance) teams. This role is pivotal in enhancing enterprise security posture while ensuring alignment with frameworks such as NIST 800-53, ISO 27001, PCI DSS, SOC 2, and HITRUST.
The ideal candidate will bring a blend of technical expertise, regulatory awareness, and program management skills to identify high-impact vulnerabilities, design secure cloud-native (Azure) solutions, and support security reviews and audit readiness. They will help develop and operationalize compliance programs that meet internal governance requirements and external audit expectations.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

REQUIRED/MINIMUM QUALIFICATIONS

• Bachelor’s Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 4+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
• OR Master’s Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 3+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
• OR equivalent experience
• 4+ Years experience in compliance, security assurance, regulatory governance, or information technology audit.
• 2+ years experience in product/service/project/program management
• 2+ years Define, test and implement controls aligned with NIST 800-53 or ISO 27001 or SOC 2 or PCI DSS or HITRUST frameworks.
• 1+ Year experience analyzing complex security issues using multiple data sources to uncover root causes and unmitigated vulnerabilities.

OTHER REQUIREMENTS:

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings:
-

Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

• Citizenship & Citizenship Verification: This role will require access to information that is controlled for export under export control regulations, potentially under the U.S. International Traffic in Arms Regulations or Export Administration Regulations, the EU Dual Use Regulation, and/or other export control regulations. As a condition of employment, the successful candidate will be required to provide either proof of their country of citizenship or proof of their U.S. permanent residency or other protected status (e.g., under 8 U.S.C. 1324b(a)(3)) for assessment of eligibility to access the export controlled information. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport. Lawful permanent residents, refugees, and asylees may verify status using other documents, where applicable.
• Citizenship & Citizenship Verification: This position requires verification of citizenship due to citizenship-based legal restrictions. Specifically, this position supports United States federal, state, and/or local government agency customers and is subject to certain citizenship-based restrictions where required or permitted by applicable law. To meet this legal requirement, and as a condition of employment, the successful candidate’s citizenship will be verified with a valid passport.

Additional or preferred qualifications

• Bachelor’s Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 8+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection (enterprise experience)
• OR Master’s Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 6+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection (enterprise experience)
• OR equivalent experience.
• Ability to work independently and collaboratively in a fast-paced and dynamic environment.

Security Assurance IC4 - The typical base pay range for this role across the U.S. is USD $119,800 - $234,700 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $158,400 - $258,000 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay
Microsoft will accept applications for the role until August 11, 2025

MSFTSecurity #securityjobs #cybersecurity

Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations

• Analyze complex security issues using multiple data sources to uncover root causes and unmitigated vulnerabilities.
• Identify, prioritize, and remediate complex security risks with technically sound, auditable, and standard-aligned solutions.
• Support large-scale security reviews across Azure and hybrid environments, ensuring compliance rigor and technical depth.
• Define, track, and report compliance metrics and audit findings to support both internal governance and external reporting.
• Facilitate cross-functional collaboration to clarify security priorities, manage risk dependencies, and drive alignment across teams.
• Conduct secure architecture design and planning in consideration of product schedules, dependencies, and risk assessments.
• Maintain deep subject matter expertise in cloud security, vulnerability management, and compliance tooling.
• Stay current with regulatory changes and emerging technologies, providing guidance, mentorship, and documentation to support organizational learning.
• Contribute to internal and external security communities to promote best practices and share actionable insights.
  Embody our culture and values