The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world. As a Principal Program Manager, you will use your understanding of policies, laws, and regulations to make independent judgments that meet business needs. The ideal candidate will bring a blend of technical expertise, regulatory awareness, and program management skills to identify high-impact vulnerabilities, design secure cloud-native (Azure) solutions, and support security reviews and audit readiness. They will help develop and operationalize compliance programs that meet internal governance requirements and external audit expectations. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day. **Responsibilities** As a Principal Program Manager, individuals will gain deep experience in strategic compliance leadership, cross-functional collaboration, and security risk management while driving impactful business outcomes. - Drive strategic compliance initiatives and cross-functional collaboration to achieve impactful business outcomes. - Develop and implement tools, strategies, and controls to ensure compliance with ISO27001 and SOC2 standards. - Lead internal and external audits, manage documentation, and oversee corrective actions. - Resolve complex security issues using data-driven risk assessments and stakeholder analysis. - Educate teams on regulations, coordinate compliance efforts, and communicate metrics effectively. - Conduct and optimize security architecture and design reviews while managing escalations. - Interpret laws and regulations to make independent judgments that protect the company and support business goals. **Qualifications** 1. Educational Background o A Bachelor's degree (or foreign equivalent) in Computer Science, Engineering, Mathematics, Information Systems, or a related field, or equivalent work experience. 2. Experience Requirements o Senior-level experience in program management, with mid-level experience in GRC or security-related roles. o Proven track record in leading complex technical programs focused on risk management, vulnerability management, and third-party risk 3. Technical and Regulatory Expertise o Risk & Compliance Strategy: Translate complex regulatory concepts into actionable program strategies o Tool Proficiency: Microsoft S360, Azure DevOps, Purview, Compliance Manager, Power BI o Data Analysis: Analyze complex risk data, build dashboards, identify trends and gaps o Collaboration: Partner with engineering and technical stakeholders to embed controls into architecture and development lifecycles 4. Communication and Leadership o Strong collaboration and stakeholder engagement skills across cross-functional teams. o Strong written and verbal communication – Ability to explain complex compliance topics to internal stakeholders and leadership. o Ability to lead risk reviews, remediation efforts, and governance structures. o Ability to communicate and manage external audit engagements, providing measurable status reporting, timely evidence collection and program documentation Preferred Qualifications Certifications o CRISC (Certified in Risk and Information Systems Control) o CISA (Certified Information Systems Auditor) o CISM (Certified Information Security Manager) o CGEIT (Certified in the Governance of Enterprise IT) o PMP or PMI certifications for project management. Knowledge of PCI DSS, SOC 2 Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations (https://careers.microsoft.com/v2/global/en/accessibility.html) .