Senior Technical Program Manager - Cybersecurity Risk Analyst
 Microsoft | |
 United States, Washington, Redmond | |
 Sep 04, 2025 | |
|
OverviewThe Cloud & AI organization accelerates Microsoft's mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers' heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world. The Office of the Chief Information Security Officer (OCISO) is accountable for managing and prioritizing cybersecurity risk for Microsoft. This team oversees the company's overall cyber defense, including the security of Microsoft products and business operations, and collaborates with Engineering teams to advance Secure Future Initiative (SFI) objectives. The Chief Information Security Office (CISO) Governance, Risk, and Compliance (GRC) team, a key function within OCISO, focuses on ensuring regulatory compliance and effectively mitigating and reducing risk. The CISO GRC team is seeking a dedicated Senior Technical Program Manager - Cybersecurity Risk Analyst to strengthen enterprise cybersecurity risk management through exception oversight. This role will focus on reviewing and analyzing risk associated with exception management, evaluating high-risk scenarios, and driving program enablement across the CISO organization. Success in this role requires deep technical acumen, proficient risk analysis capabilities, and close collaboration with stakeholders across engineering, compliance, and governance teams to ensure exception-related risks are identified, assessed, and addressed effectively.Microsoft's mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.
ResponsibilitiesPerform risk assessments by analyzing submitted documentation and exception requests, focusing on identifying inherent and residual risks without relying on proposed future controls.Lead risk evaluation sessions with stakeholders (e.g., risk owners, subject matter experts), facilitating discussions around control gaps, data exposure, and mitigation strategies.Apply structured risk scoring methodologies (e.g., impact, likelihood, control effectiveness) in alignment with enterprise risk frameworks and tools such as risk calculators or assessment platforms.Document and monitor risk decisions, approvals, and remediation timelines using standardized templates and tracking systems, ensuring adherence to service-level expectations.Collaborate across teams to validate risk findings, support mitigation planning, and ensure consistency with internal control frameworks and compliance requirements.Drive accountability for risk disposition and remediation, including renewal or closure workflows, and provide timely follow-up based on leadership input or audit findings.Embody our Culture and Values | |