If you love the pursuit of excellence and are inspired by the challenges that come through driving innovations that impact how the world lives, works and plays, then we invite you to learn more about Microsoft Business Operations (MBO) - and the value we deliver across Microsoft and to our customers and partners. We offer unique opportunities to work on interesting global projects in an environment that appreciates diversity, focuses on talent development, and recognizes and rewards great work.  Operational Risk Management professionals enable business strategy through a programmatic and global approach to risk management, by methodologically determining, assessing, managing and establishing accountability for the most critical risks facing the company. Microsoft has a sizable community of talented individuals in dedicated risk management roles who are responsible for making our business objectives more likely to be realized and to protect one of the world’s most valuable brands. Operations is uniquely positioned within the company, supporting almost every product Microsoft offers which presents upstream and downstream dependencies.  Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.   **Responsibilities** **Governance**   + Utilizes knowledge of policies, laws, and regulations to make informed decisions independently, aligning with business needs. May interpret this information to safeguard Microsoft and its customers while advancing the business. Identifies non-conformance issues, escalates them to management, and adheres to program guidelines based on corporate policies.  + Determines ownership and accountability for key risks and mitigation activities with minimal guidance.  + Continuously reports on risk levels and updates accountability owners on their status.  + Assists in presenting risk assessment information, detailing relevant behaviors, activities, processes, and associated risks to ensure stakeholder awareness, support, and approval.    **Controls**   + Assesses end-to-end operational processes and dependencies for efficiency and effectiveness opportunities. Recommends process and control improvements (e.g., preventative/detective and automated/manual) to mature the control environment.  + Test controls to determine their effectiveness and identifies areas for improvement, offering design adjustment suggestions with minimal guidance.  + Collaborates with the team to define controls, identify potential failure points, and ensure routine issues are addressed during the design process with minimal guidance.  + Conducts periodic reviews of existing controls to ensure they remain effective and relevant to the current risk environment. Provides feedback on control performance and suggests enhancements to improve efficiency and effectiveness.  + Ensures that controls are aligned with industry standards and regulatory requirements, making adjustments as necessary to stay compliant.  **Consult/Advise/Educate**   + Collaborates across teams to ensure consistent application and communication of regulations and standards, delivering training and beginning to take ownership of training aspects.  + Advises on compliance of products, processes, and programs.  + Educates teams on compliance requirements, reviews result, conducts informal assessments, and monitors compliance within specific areas. Translates compliance standards and processes into relatable formats for teams.  **Risk Assessment**   + Executes the risk management lifecycle process and method for smaller projects, including data collection and analysis.  + Gathers and analyzes relevant internal and external information, threat intelligence reports, and conducts interviews or focus groups to identify risks, assess risk levels, and gather additional context with guidance.  + Compiles information to understand job, project, or process risks and their root causes for routine projects.  + Scores risks and contributes to risk prioritization using appropriate risk profile scoring. Assists in developing risk scorecards using weighted scores and risk management models with guidance.  **Risk Remediation**   + Reviews risk governance to ensure appropriate attention to specific risk areas with minimal guidance. Identifies and escalates concerns related to monitored risks.  + Drafts mitigation plans and processes, including risk registers and controls, helping accountability owners understand and implement plans to reduce risk with minimal guidance.  + Ensures alignment and agreement on risk reduction plans and processes, confirming accountability owners' capacity to drive mitigation efforts, and introduces necessary policy adjustments with minimal guidance.  + Coordinates across accountability owners to ensure proper tracking and trending of risk management activities.  **Qualifications** **Required Qualifications**   + 4+ years experience in Risk Management, Privacy, Security, Compliance, Government Intelligence, Operations, and/or Finance + OR Bachelor's Degree AND 2+ years experience in Risk Management, Privacy, Security, Compliance, Government Intelligence, Operations, and/or Finance + OR equivalent experience + 1+ Years of experience in Process Improvement and/or Change Management **Preferred Qualifications**   + Bachelor's Degree in Risk Management, Engineering, Government Intelligence, Security, or Information Technology, or related field AND 5+ years experience in Risk Management in the context of Operations, Engineering, Information Technology, Business Analyst, Consulting, Auditing, Privacy, Security, Compliance, Government Intelligence, and/or Finance + OR equivalent experience + Membership with a relevant risk domain area association including: International Association of Privacy Professionals (IAPP), International Information System Security Certification Consortium (ISC)2, and Information Systems Audit and Control Association (ISACA), Certified Internal Auditor (CIA), Society for Corporate Compliance and Ethics (SCCE), Disaster Recovery Institute (DRI), Certified Business Continuity Professional (CBCB), Committee of Sponsoring Organizations of the Treadway Commission (COSO), and Institute of Internal Auditors (IIA) Risk Management IC3 - The typical base pay range for this role across the U.S. is USD $76,800 - $151,900 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $100,800 - $168,000 per year. Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay Microsoft will accept applications for the role until August 29th, 2025. Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .