Site Security Evaluation Manager, Apac

Cloud Operations + Innovation (CO+I) is the engine that powers Microsoft’s cloud platforms and services that millions of people use every day. With more than 95% of Fortune 500 business on Azure, 180 million using Office 365, and millions using other services - all running on Microsoft's cloud infrastructure - CO+I design, builds, and operates the foundation upon which Microsoft’s mission to empower every person and organization comes to life.

The CO+I Physical Security team is organized within the Core Operations Functions (COF) team and is dedicated to delivering the most trustworthy security program to protect the personnel, infrastructure, data, and confidential information foundational to the Microsoft Cloud. With more than 200 datacenters in 32 countries and millions of servers, our mission is to be the most reliable, rigorous, and trusted physical security provider of hyperscale cloud infrastructure. We are accountable stewards of the awesome responsibility we hold. We innovate to meet challenges and optimize to scale efficiently. We constantly create and maintain a collaborative ecosystem. We appreciate and act on opportunities to improve.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

**Responsibilities**:
**Security Risk Management**:

- Anticipates and addresses security threats by gathering, analyzing, and evaluating information about existing, or potential threats to determine the likelihood of a Microsoft infrastructure, business, people, and assets being targeted. Monitors and manages the development of current, emerging, and evolving threats with the likelihood to impact Microsoft infrastructure, business, people, and assets. Anticipates and addresses assets or operations where security is not adequate and can be exploited by a threat. Evaluates geopolitical activities and events and synthesizes key intelligence to inform internal and external stakeholder constituents or employees of potential threats. Informs, escalates, and manages the risks to appropriate teams.
- Identifies and interprets security risks to Microsoft infrastructure, business, people, and assets. Selects, implements, and manages measures to modify identified risks. Develops mitigation strategies and methods to measure the effectiveness of the actions taken for the risks.
- Designs, implements, and monitors controls to treat risks to infrastructure, business, people, and assets. Monitors and manages the effectiveness of measures taken to modify risks. Monitors and manages the security aspects of assets/projects throughout the asset or project lifecycle. Participate in discussions to develop plans of action and milestones to track and mitigate risks.

**Leadership**:

- Develop public, private, and supplier partnerships. Engages with the stakeholders (e.g., human resources [HR], suppliers, maintenance) and communicates risk assessment findings. Coordinates activities with HR, legal, and authorities having jurisdiction as appropriate.
- Consults stakeholders to provide security capabilities. Collaborates with teams to implement risk management frameworks for identifying and controlling security risks across the Microsoft portfolio. Anticipates and addresses global insecurity and security disruption (e.g., life safety, business operations, reputation) to drive decision-makers into mitigating risks and responding to residual risks. Summarizes and reports risk analysis findings to internal and external stakeholders and leaders. Advises on strategy to mitigate and respond to residual risks based on its team's anticipation of global insecurity and physical disruption (e.g., life safety, business operations, reputation) within Microsoft.

**Qualifications**:
**Required Qualifications**:

- 5+ years’ experience in Security Program or Program Management or related field.

**Preferred Qualifications**:

- Bachelor's Degree in Business Risks, or related field AND 12+ years’ experience in Security Program or Program Management
- OR equivalent experience.
- Certified Protection Professional (CPP) or equivalent Protection certification
- OR Physical Security Professional (PSP)
- OR equivalent Physical Security Certification