Job Description

Cloud Operations + Innovation (CO+I) is the engine that powers Microsoft’s cloud platforms and services that millions of people use every day. With more than 95% of Fortune 500 business on Azure, 180 million using Office 365, and millions using other services – all running on Microsoft's cloud infrastructure – CO+I designs, builds and operates the foundation upon which Microsoft’s mission to empower every person and organization comes to life.

The CO&I Physical Security team is organized within CO+I and falls under its Core Operations Functions (COF) team. The CO+I Physical Security team is dedicated to delivering the most trustworthy and efficient physical security services to protect the personnel, infrastructure, data and confidential information foundational to the Microsoft Cloud. Our vision is to be the most reliable, rigorous and trusted industry provider of hyperscale cloud physical security.

The Role: We are seeking a mission-driven security leader to be accountable for physical security operations at our datacenters. The position will be supported by a vendor team who supports Microsoft security operations across the globe. The successful candidate will be responsible for communications regarding security events and programs, contribute to the development of Site Specific Post Orders (SSPOs), coordination with regional security resources (Evaluation/Assessment, Design and Program Managers) and regional leadership as well as partner with our security services vendors to ensure protection of critical information, personnel and facilities. As the sole on-site COF representative, this position will also facilitate EGRC (enterprise governance, risk and compliance) initiatives to include assurance reviews and audits.

In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.

Responsibilities

Responsibilities The selected candidate will lead formal and ad-hoc teams of Microsoft and Supplier partners to deliver and continuously improve security operations at Microsoft datacenters. Responsibilities include, but are not limited to the following: Internal:

• Oversee the implementation of physical security policies and procedures, ensuring Microsoft’s physical security vendor has the resources and information to deliver physical security services that exceed Microsoft and customer requirements to protect people, information and critical infrastructure
• Partner with datacenter operations, security systems and other Microsoft stakeholders to ensure secure and continuous operations while maintaining a One Team, One Microsoft environment
• Continuously improve the efficiency and maturity of the overall physical security program at Microsoft datacenters, seeking data and recommending strategies and ideas to reduce churn, optimize resources, implement creative solutions to problems, scale, automate and simplify process whenever possible
• Demonstrate and promote a Microsoft culture within the workplace that supports the ability to attract, develop and retain talent; deliver results through teamwork; role model our Microsoft values with a passion for diversity and inclusion
• Partner with vendor guard force management at site to drive a training objective of providing enhanced industry leading and ‘certified’ dedicated Datacenter Security Protection Professionals (ex: Corporate/ASIS/DCPRO certifications)

External:

• Function as a physical security subject matter expert who can operate on their own and represent the overall (multi-disciplinary) regional physical security team
• Partner and collaborate closely with regional peer leaders and stakeholders, focused on maintaining a One Team, One Microsoft environment
• As the on-site COF representative, ensure the operations team and all related security vendors successfully represent Microsoft during internal, external and customer audits for all COF teams (EH&S, EGRC, etc)
• Provide a holistic security program (end-to-end) approach to oversight, providing integrated support to regional evaluation, design, project management and operational leadership resources from conception to decommissioning
• Facilitate and support field site visits to assess the state and health of physical security, safety and other COF teams; collaborate with peer colleagues at other datacenters to review, assess and share “best practices;” document issues identified during those visits requiring improvement; and follow through on recommendations/actions to resolution
• Receive escalations/notifications of physical security and business impacting events and appropriately triage, ensure that regional leadership is kept informed through regular communication as appropriate and that the necessary personnel for managing an incident respond effectively
• Direct, in-person SME engagement with security integrators supporting the physical security system maintenance and trouble shooting

Insider Threat:

• Provide localized expertise to recognize key indicators of an insider threat
• facilitate analysis with regional and program-level resources of the local environment to identify specific threat profiles and actors
• Provides an independent (human) two-factor authentication and authorization for all activity on site (Factor 1 = Data Center Operations Manager, Factor 2= DSOM)
• Promote an environment of awareness and continuous learning to mitigate insider threat, promoting empowerment of the work force to be force multipliers in an ‘all’ organisation holistic mitigation strategy
• Focus policies, procedures and training to continually enhance Microsoft’s prevention, deterrence, and advanced detection capability to create a program “differentiator” from our competitors

Qualifications

Basic Qualifications
Demonstrated capability to:

• Oversee delivery of physical security services to Microsoft data center security operations, including oversight of contract guard operations, alarm investigation and incident reporting and coordination with regional security disciplinary specialists on projects, expansions and other security-related efforts
• Evaluate and drive continuous improvement of contract guard operations through the use of key performance indicators and collaborative improvement plans
• Close coordination with security vendor management to ensure continuous improvement of security team skills through targeted training, practical exercises and the documentation and application of lessons-learned
• Coordination with local emergency services in an effort to develop, maintain and practice/test cross-functional emergency response procedures for the datacenters
• Assess and communicate risk and mitigation strategies to non-security audiences, supporting operational needs and maintaining security compliance

Preferred Qualifications:

• Experience working in datacentre/ contruction environments would be a plus
• Working knowledge of facility security systems to include alarms, locks and management of access control personnel
• Experience developing and documenting standard operating plans, procedures and processes
• Experience with or exposure to regulatory and industry compliance frameworks and audits
• Confident and skilled in preparing and delivering presentations and briefings to customers, stakeholders and senior leaders
• Experience making and influencing good decisions that impact a mission-critical, 24x7 operations environment
• Strong work and compliance ethic with the ability to effectively prioritize and execute tasks
• Analytical and process improvement skills to produce data driven insights and associated process change
• Ability to change plans, goals, actions and priorities in response to an evolving business environment with awareness to operate as a champion for course corrections when necessary
• Proficient in the use of Microsoft Office products for business
• Thought leader and subject matter expert capable of delivering one or more large programs and services simultaneously while increasing standardization, simplification and automation
• Bachelor’s degree in a security or management related discipline, or equivalent experience

Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter. #COICareers

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form.

Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.