In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day and we need you as a Datacenter Security Operations Manager.
The CO&I Physical Security team is organized within CO+I and falls under its Core Operations Functions (COF) team. The CO+I Physical Security team is dedicated to delivering the most trustworthy and efficient physical security services to protect the personnel, infrastructure, data and confidential information foundational to the Microsoft Cloud. Our vision is to be the most reliable, rigorous and trusted industry provider of hyperscale cloud physical security.
The Role
We are seeking a mission-driven security leader to be accountable for physical Security Operations at our datacenters. The position will be supported by a vendor team who supports Microsoft Security Operations across the globe. The successful candidate will be responsible for communications regarding security events and programs, contribute to the development of Site Specific Post Orders (SSPOs), coordination with regional security resources (Evaluation/Assessment, Design and Program Managers) and regional leadership as well as partner with our security services vendors to ensure protection of critical information, personnel and facilities. As the sole on-site COF representative, this position will also facilitate EGRC (enterprise governance, risk and compliance) initiatives to include assurance reviews and audits.
Responsibilities:
The selected candidate will lead formal and ad-hoc teams of Microsoft and Supplier partners to deliver and continuously improve Security Operations at Microsoft datacenters. Responsibilities include, but are not limited to the following:
Internal:
- Oversee the implementation of physical security policies and procedures, ensuring Microsoft’s physical security vendor has the resources and information to deliver physical security services that exceed Microsoft and customer requirements to protect people, information and critical infrastructure
- Partner with datacenter operations, security systems and other Microsoft stakeholders to ensure secure and continuous operations while maintaining a One Team, One Microsoft environment
- Continuously improve the efficiency and maturity of the overall physical security program at Microsoft datacenters, seeking data and recommending strategies and ideas to reduce churn, optimize resources, implement creative solutions to problems, scale, automate and simplify process whenever possible
- Demonstrate and promote a Microsoft culture within the workplace that supports the ability to attract, develop and retain talent; deliver results through teamwork; role model our Microsoft values with a passion for diversity and inclusion
- Partner with vendor guard force management at site to drive a training objective of providing enhanced industry leading and ‘certified’ dedicated Datacenter Security Protection Professionals (ex: Corporate/ASIS/DCPRO certifications)
- Function as a physical security subject matter expert who can operate on their own and represent the overall (multi-disciplinary) regional physical security team
- Partner and collaborate closely with regional peer leaders and stakeholders, focused on maintaining a One Team, One Microsoft environment
- As the on-site COF representative, ensure the operations team and all related security vendors successfully represent Microsoft during internal, external and customer audits for all COF teams (EH&S, EGRC, etc)
- Provide a holistic security program (end-to-end) approach to oversight, providing integrated support to regional evaluation, design, project management and operational leadership resources from conception to decommissioning
- Facilitate and support field site visits to assess the state and health of physical security, safety and other COF teams; collaborate with peer colleagues at other datacenters to review, assess and share “best practices;” document issues identified during those visits requiring improvement; and follow through on recommendations/actions to resolution
- Receive escalations/notifications of physical security and business impacting events and appropriately triage, ensure that regional leadership is kept informed through regular communication as appropriate and that the necessary personnel for managing an incident respond effectively
- Direct, in-person SME engagement with security integrators supporting the physical security system maintenance and trouble shooting
- Provide localized expertise to recognize key indicators of an insider threat
- facilitate analysis with regional and program-level resources of the local environment to identify specific threat profiles and actors
- Provides an independent (human) two-factor authentication and authorization for all activity on site (Factor 1 = Data Center Operations Manager, Factor 2= DSOM)
- Promote an environment of awareness and continuous learning to mitigate insider threat, promoting empowerment of the work force to be force multipliers in an ‘all’ organisation holistic mitigation strategy
- Focus policies, procedures and training to continually enhance Microsoft’s prevention, deterrence, and advanced detection capability to create a program “differentiator” from our competitors
Required Qualifications:
- 4+ years experience in Security Program or Program Management or related field or demonstrated transferrable skills.
Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings:
- Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
- Citizenship Verification: This position requires verifcation of Australian Citizenship to meet federal government security requirements.
- NV1 Clearance Assessment: This position may require an enhanced background check conducted through the Australia Goverment Security Vetting Agency.
- Bachelor's Degree in Business Risks, or related field AND 8+ years experience in Security Program or Program Management
- OR Physical Security Professional (PSP)
- OR equivalent Physical Security Certification. * Proficient in the use of Microsoft Office products for business.
Ability to commute to multiple datacenters within the same city or metropolitan area as needed.
Ability to be on-call 24x7x365 and to travel periodically as planned or unplanned within or outside of assigned city/metropolitan area. * Working knowledge of facility security systems to include alarms, locks, and management of access control personnel.
- Experience developing and documenting standard operating plans, procedures, and processes.
- Experience with or exposure to regulatory and industry compliance frameworks and audits.
- Experience making and influencing good decisions that impact a mission-critical, 24x7 operations environment.
- Ability to change plans, goals, actions, and priorities in response to an evolving business environment with awareness to operate as a champion for course corrections when necessary.