The CO+I Engineering team is building an zero-trust-networking (ZTN) isolation framework, infrastructure, and validation program to drive world class security, sustainability and resilience of our Global Datacenter industrial infrastructure. Datacenters are massive industrial facilities full of both Information Technology as well as Operational Technology patterns. Assuring the security of the industrial technologies and facilities underpins our customer promises and their security commitment to deliver the #1 Trusted Cloud Platform in the world.
We are looking for a Director, Network Infrastructure Security to partner with and assist us on this journey. This Director will be a valued member of the CO+I Industrial IT/OT Leadership Team (LT) and drive the progression of the security baseline measurements for Microsoft Datacenter industrial security networks.
You must have the ability to think strategically at a global level and effectively develop key processes, procedures and communications that facilitate cross-functional implementation of security processes and zero-trust-network infrastructure. Be able to handle multiple high-priority situations and provide management push-back where appropriate. An experienced and motivated Security leader with broad background in network security, malware defenses, incident response, risk management, and operational security experience is needed to build and lead a matrixed dynamic network defense team. The successful candidate has a track record of developing strong relationships, collaborating across teams, coordinating multiple timelines, and managing complex, cross discipline projects.
Leading the effort to establish zero-trust-networking infrastructure for industrial connectivity scenarios spanning all Microsoft's datacenter sites, globally
Recruit, manage, and retain high-performing team of managers and technical talent to evolve and perform network security program roles and responsibilities.
Partnering cross-functionally within CO+I and across Microsoft to establish and continually evolve the security baseline for physical, logical and cyber security of datacenter industrial connectivity scenarios and systems
Establish tolerance levels for acceptable risk across all foundational aspects of the security baseline
Continuously implement process improvements to simplify and improve the effectiveness of network security program and outcomes
Develop the reporting for compliance with the network security program security baseline
Drive timely closure of action items
BS/BA or higher in Electrical Engineering, Cybersecurity, Computer Science, Physics or related field or 8+ years' work experience in technology industry
10+ years in a Security Risk Management, Operational Security or Cybersecurity Program Management or related role
5+ years in a Network Security, Network Operation or Infrastructure management or related role
5+ years implementing Zero-Trust-Networks, from requirements, to design to implementation
Foundational understanding of IT and OT Security
Preferred, not required:
Deep understanding of attacker tactics, techniques and the operational security knowledge, and control frameworks that can be leveraged to detect and defend against them
Deep understanding of Zero-Trust-Network infrastructure designs, technologies, and implementations
Experience performing threat modeling and analysis for both network infrastructure deployments and/or software security assurance
Policy development, management, deployment and monitoring of conformity to policy
Familiarity with Information Security and Control standards (eg NIST 800-53)
Familiarity with Operational Security and Control standards (eg NIST 800-82, ISA 62443)
Experience with security audits, mitigations plans and driving operational improvements
Comfortable working in a highly matrixed enterprise environment, driving action through influence
History of driving and incentivizing cross-organizational action
Experience developing reporting models for performance against security mandates
Experience with integrated circuit/programable device security and networking security
Outstanding communication skills with the ability to clearly articulate complex issues
Ability to deal with ambiguity and agility to learn new skill sets while delivering
Security Certifications (CISSP, CISM, CEH, CISA, CRISC)