Principal Compliance Technical Program Manager

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate.  Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. 

The Microsoft Security Compliance Program team educates and empowers the Microsoft Security organization to meet these regulations and build customer trust. The Compliance Program team ensures that Security products and services comply with Microsoft cybersecurity and privacy requirements while also leading efforts to deliver enterprise-wide cutting-edge compliance solutions. We are seeking an experienced Principal Compliance Technical Program Manager to help lead our compliance by design and engineering efforts (Shift-left strategy).  This role provides you with the leadership opportunity to effect change that will have market-wide impacts.

The ideal candidate could have an engineering or compliance background, understanding of engineering best practices, and experience in designing and implementing controls automation at scale. This candidate needs to have experience providing guidance and direction to technical audiences, ability to drive towards the “big picture” while managing details, and the ability to build relationships with key partners. 

Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Successful candidates can be located anywhere in the U.S.

Required Qualifications:

• Bachelor's Degree AND 6+ years experience in engineering, security operations, compliance, audit, product/technical program management, data analysis, or product development 
  • OR equivalent experience.
• 3+ years of experience managing cross-functional and/or cross-team projects. 

Other Requirements:

The ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings: 

• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Preferred Qualifications:

• Bachelor's Degree AND 10+ years experience in engineering, security operations, compliance, audit, product/technical program management, data analysis, or product development 
  • OR equivalent experience.
• 8+ years of experience managing cross-functional and/or cross-team projects. 
• Experience with and awareness of emerging privacy and data governance related regulations.

Technical Program Management IC5 - The typical base pay range for this role across the U.S. is USD $137,600 - $267,000 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $180,400 - $294,000 per year.

Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:

Microsoft will accept applications for the role until January 17, 2025.

#MSFTSecurity #MSFTCompliance #SHPE24MSFT

• Establish “shift left” strategy of building compliance into our engineering processes, drive controls and tooling automation.
• Embrace a “compliance by design” mindset; proactively identify systemic gaps that should be integrated into program design and elevate them to the appropriate owners. Prevent local/one-off solutioning whenever possible.
• Understand the business priorities and strategies when it comes to training and education of security policies and engineering practices to enable durable customer trust. 
• Ability to identify opportunities to embed compliance controls within development processes, tools, and practices, ensuring they are an integral part of the product development workflow.
• Work with security teams to define best practices to navigate and meet regulatory requirements, ensuring the organization achieves and maintains necessary certifications ((e.g., such as ISO/IEC 27x, FedRAMP, SOC, PCI DSS, HIPPA)
• Provide guidance and support to internal teams on compliance-related matters, including policy development, risk management, and incident response.
• Lead cross-functional teams to address compliance-related issues and drive continuous improvement in the organization's compliance posture.
• Stay up to date with the latest regulatory changes and industry best practices and ensure the compliance program is continuously updated to reflect these changes.
• Conduct regular assessments to ensure compliance with relevant regulations and standards.
• Accountable for delivery of measurement frameworks, processes, and maturity models to both understand and improve the bar of technical compliance across the portfolio that meets needs of the rhythm of business with exec leadership.
• Monitor and report on the effectiveness of the compliance program, identifying areas for improvement and implementing corrective actions as needed.
• Serve as a subject matter expert on compliance and regulatory matters, providing strategic advice and guidance to senior leadership.
• Coordinate with other privacy, compliance, and risk management leaders in the company to ensure Microsoft Security’s programs are aligned and partner closely with governance owners, including Privacy Regulatory Affairs and Corporate External Legal Affairs Front Line.
• Embody our and