Job Details

Director, Azure Infrastructure Security

Microsoft Corporation
Atlanta, Georgia, United States

We are looking for a Director, Azure Infrastructure Security to partner with and report to the AHSI Governance General Manager (GM). This Director will be a valued member of the AHSI Security, Risk and Compliance Leadership Team (LT) and drive the progression of the security baseline for Azure hardware and systems.
You must have the ability to think strategically at a global level and effectively develop key processes, procedures and communications that facilitate cross-functional implementation of security processes. An experienced and motivated Security leader with risk management experience is needed to build a lead a matrixed team. The successful candidate has a track record of developing strong relationships, collaborating across teams, coordinating multiple time-lines, and managing complex, cross discipline projects.
Responsibilities will include:
Leading the investigative journey to identify the security efforts already underway across internal operations, procurement processes and members of our third-party supply chain
Partnering cross-functionally within AHSI and across Microsoft to establish and continually evolve the security baseline for physical, logical and information security of Azure hardware and systems
Develop the reporting for compliance with the security baseline
Establish tolerance levels for acceptable risk across all foundational aspects of the security baseline
Drive timely closure of action items
Drive a supplier security program that is focused on reducing this risk across Azure infrastructure and bring different groups and data together to make Microsoft more efficient and effective in this space
Continuously implement process improvements to simplify and improve the effectiveness of the Azure hardware and systems security program and outcomes


Required Qualifications:
BS/BA or higher in Electrical Engineering, Cybersecurity, Computer Science, Physics or related field or 8+ years' work experience in technology industry
10+ years in a Security Risk Management, Operational Security or Cybersecurity Program Management or related role
Foundational understanding of IT Hardware lifecycle
Preferred Qualifications:
Hardware and operational security knowledge (preferred = anti-counterfeit technology, silicon security, basic networking security)
Policy development, management, deployment and monitoring of conformity to policy
Awareness of physical security practices applicable to IT hardware manufacturing, logistics and transportation, end-of-life (eg TAPA, US Customs and Border Protection C-TPAT Program
Familiarity with Cyber Supply Chain Risk Management concepts (eg US NIST 800-171, ISO 20243,US NTIA S-BOM, NERC CIP 13 )
Familiarity with Data Privacy and data removal standards (eg NIST 800-88)
Experience with security audits, mitigations plans and driving operational improvements
Comfortable working in a highly matrixed enterprise environment, driving action through influence
History of driving and incentivizing 3rd party supplier action
Experience developing reporting models for performance against security mandates
Awareness of newly emerging technical practices for IT asset identity management (eg Public Blockchain, unclonable marking via plant DNA or Nanotechnology diamond dust)
Experience with integrated circuit/programable device security and networking security
Outstanding communication skills with the ability to clearly articulate complex issues
Ability to deal with ambiguity and agility to learn new skill-sets while delivering
Security Certifications ( CISSP, CISM, CEH, CISA, CRISC)

Send application

Mail this job to me so I can apply later

Apply With CV

You are not logged in. If you have an account, log in to your account. If you do not have an account, why not sign up? It only takes a minute!

latest videos

Upcoming Events