CrawlJobs Logo

Compliance Manager, Supplier Security & Privacy Assurance

https://www.microsoft.com/ Logo

Microsoft Corporation

Location Icon

Location:
United States , Redmond

Category Icon
Category:
-

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

96500.00 - 188400.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

At Microsoft, trust is the foundation of every business relationship. This role offers an opportunity to join a dynamic team that programmatically helps Microsoft suppliers align with our values and meet rigorous standards for Privacy, Security, and Responsible AI. These standards address cybersecurity risk, regulatory obligations and data subject rights – reinforcing our commitment to the principle: “Microsoft runs on Trust”. The Supplier Security and Privacy Assurance (SSPA) program is a corporate control that sets requirements for global suppliers and drives compliance with these standards. As Compliance Manager, you will focus on enabling innovative operations while ensuring high-quality compliance records that provide assurance to the company and support auditors during certifications, audits and regulatory inquiries. You will partner with business groups across the company to understand priorities, balancing business enablement and conveying Privacy, Security and Responsible AI policy positions.

Job Responsibility:

  • Develop and execute compliance strategies, processes, and tools to anticipate emerging risks and drive scalability
  • Use understanding of policies, laws, and regulations to meet business needs
  • Partner with cross-functional teams to align compliance programs with business objectives and industry best practices
  • Establish trusted, collaborative relationships to accelerate decision-making
  • Provide requirements and strategic input for tools and systems that enable efficient, market-leading compliance programs
  • Define, test, and enhance controls to mitigate risks, identify failure points early, and implement innovative solutions
  • Translate compliance standards and processes into a relatable form for teams, business groups, and corporate senior leaders
  • Foster a culture of compliance through education, communication, and proactive risk management across the organization
  • Embody Microsoft’s culture and values

Requirements:

  • Bachelor's Degree in Science, Business, Engineering, or related field AND 4+ years experience in business, legal/regulatory, compliance, audit/consulting firm OR equivalent experience
  • Certified Information Systems Security Professional (CISSP) certification OR an International Association of Privacy Professionals (IAPP) Privacy Professional certification OR American Institute of Certified Public Accountants (AICPA) qualified auditor is preferred
  • Ability to obtain CISSP or IAPP certification within one year of hire required
  • 1+ years of experience in supplier or third-party management, focusing on compliance, performance, and risk
  • Communication, relationship-building, and problem-solving skills

Additional Information:

Job Posted:
January 10, 2026

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Microsoft Corporation - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon
PREMIUM
More languages and countries
+ Unlock 31694 hidden job offers
Languages
English Čeština Deutsch Ελληνικά Español Français +15
Countries
United States United Kingdom India Canada Australia +
See plans
Plans from $2.99 / month

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Compliance Manager, Supplier Security & Privacy Assurance

Program Management Analyst

The Program Management Analyst - C10 will be responsible for executing day-to-da...
Location
Location
India , Chennai
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 8 years of working experience in Financial services / Banking industry with strong knowledge of banking regulatory requirements
  • Preferred 3+ years of direct, relevant experience in third-party risk identification and management, operational risk management, compliance and/or audit
  • Knowledge of third-party management risk and control methodologies and best practices
  • Bachelor’s degree required
  • Master’s degree or any other equivalent is preferred
Job Responsibility
Job Responsibility
  • Facilitate Citi businesses’ ongoing compliance with Third Party Management requirements outlined in Citi policies and standards
  • Providing process guidance and support to Third Party Officers (TPOs), Business Activity Owners (BAOs) and other business stakeholders on end-to-end Third Party Management requirements and set up periodical review meeting with all the stakeholders
  • Execute various third party risk assessment controls as identified by the Third Party Risk Assessment Process and provides guidance to TPU Process Analysts on process execution
  • Verify if all critical data fields are captured accurately while onboard the suppliers into Master supplier database and Payment systems
  • Ensure that all suppliers are screened against the Negative/SDN list on a periodic basis and any positive matches are escalated to senior management
  • Verify if third parties’ policies and procedures are complaint to Citi’s policies and procedures. Identify and report gaps if any, to senior management
  • Partner with Sourcing and Business and provide approval to sign the contract once all Due diligence activities are completed and gaps if any are remediated
  • Undertake onsite Reviews and Video conferencing sessions with Third Parties to perform Risk Management activities
  • Review the contractual terms and conditions agreed between Citi and third party and perform controls checks to ensure that all contractual obligations are met by the third party
  • Perform Quality Check on the control assessments performed by TPU Risk Analyst I&II and provide guidance to the Analysts on performing assessments in line with policies and procedure
  • Fulltime
Read More
Arrow Right

Security Architect Consultant

As a Security Architect Consultant at NTT DATA, you will play a pivotal role in ...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Awareness and understanding of industry security frameworks and guidance such as NIST CSF, NIST 800-53, NCSC CAF and other NCSC guidelines
  • Good knowledge of networking (switching, routing, firewalls)
  • Awareness or limited experience with the design concepts associated with adoption of Cloud platforms (AWS and/or Microsoft Azure)
  • An understanding of the native security capabilities and some practice within Cloud platforms (AWS and/or Microsoft Azure)
  • Understanding of modern security concepts, common attack vectors, malware, security analytics and threat intelligence.
  • A understanding of security testing and vulnerability management is important (including pen testing/ITHC, CVSS/CVE)
  • Some experience working with security standards such as ISO 27001, 27002, 27017, 27108 etc
  • Minimum of 5 years of experience in Cyber Security
  • Any One of the certifications (CISSP, CISM, CCSP, CRISC) or equivalent experience
  • Good knowledge covering at least 2of the following examples (this list is not exhaustive): AD, Cryptography, End User Computing, IAM, PKI, Server hardening, SIEM, SOAR, virtualization (VMware)
Job Responsibility
Job Responsibility
  • Contribute to the design, implementation and ongoing development of the security architecture of the client's IT systems.
  • Identify business objectives, user needs, risk appetite and cyber security obligations
  • Identify vulnerabilities, perform threat modelling, undertake risk assessment, evaluate the effectiveness of security controls
  • Verify and evidence alignment to 'Secure by Design' principles, corporate security policy/standards as well as industry recognised frameworks and best practice
  • Contribute to deliver and continually enhance a coherent approach to the design of secure client end-to-end solutions
  • Contribute to secure conceptual, logical and high level designs by identifying appropriate security controls to be embedded in solutions that meet business requirements whilst evidencing alignment to the target risk appetite.
  • Contribute to the design and be able to articulate and justify design recommendations at security architecture assurance gates
  • Contribute to design documentation, options papers, risk assessments, stakeholder presentations and be able to effectively communicate these to both senior technical and non-technical stakeholders
  • Contribute to reference architecture of established patterns, principles and guidelines
  • Contribute to the development of the Security Practice skills and capabilities to ensure consistent high quality of service delivery and expertise. Active coaching and mentoring of junior members of the team
What we offer
What we offer
  • We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing.
  • Our Learning and Development team ensure that there are continuous growth and development opportunities for our people.
  • We also offer the opportunity to have flexible work options.
  • Fulltime
Read More
Arrow Right

Security Architect

The Security Architect will Contribute to the design, implementation and ongoing...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Awareness and understanding of industry security frameworks and guidance such as NIST CSF, NIST 800-53, NCSC CAF and other NCSC guidelines
  • Good knowledge of networking (switching, routing, firewalls)
  • Awareness or limited experience with the design concepts associated with adoption of Cloud platforms (AWS and/or Microsoft Azure)
  • An understanding of the native security capabilities and some practice within Cloud platforms (AWS and/or Microsoft Azure)
  • Understanding of modern security concepts, common attack vectors, malware, security analytics and threat intelligence
  • A understanding of security testing and vulnerability management is important (including pen testing/ITHC, CVSS/CVE)
  • Some experience working with security standards such as ISO 27001, 27002, 27017, 27108 etc
Job Responsibility
Job Responsibility
  • Identify business objectives, user needs, risk appetite and cyber security obligations
  • Identify vulnerabilities, perform threat modelling, undertake risk assessment, evaluate the effectiveness of security controls
  • Verify and evidence alignment to 'Secure by Design' principles, corporate security policy/standards as well as industry recognised frameworks and best practice
  • Contribute to deliver and continually enhance a coherent approach to the design of secure client end-to-end solutions
  • Contribute to secure conceptual, logical and high level designs by identifying appropriate security controls to be embedded in solutions that meet business requirements whilst evidencing alignment to the target risk appetite
  • Contribute to the design and be able to articulate and justify design recommendations at security architecture assurance gates
  • Contribute to design documentation, options papers, risk assessments, stakeholder presentations and be able to effectively communicate these to both senior technical and non-technical stakeholders
  • Contribute to reference architecture of established patterns, principles and guidelines
  • Contribute to the development of the Security Practice skills and capabilities to ensure consistent high quality of service delivery and expertise
  • Active coaching and mentoring of junior members of the team
What we offer
What we offer
  • A range of tailored benefits that support your physical, emotional, and financial wellbeing
  • Continuous growth and development opportunities
  • The opportunity to have flexible work options
Read More
Arrow Right

Local ISO

The Local ISO is functionally reporting to the Regional CISO of CTO2. The Inform...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.allianz.com Logo
Allianz
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • English fluent
  • Very good knowledge in Information Security Governance (min 6 years of experience in this field)
  • Experienced in conducting risk assessments
  • Experienced in process design and improvement, change management
  • Experienced in Security frameworks
  • Applying analytical thinking, methodological and conceptual as well as consulting, communication and collaboration skills with autonomy
  • Ability to communicate and explain the context of need for control, regulations etc. and the benefits of taking action
  • An understanding of the three lines of defense model and relationship of the InfoSec with other control functions
  • Methodical and structured approach
Job Responsibility
Job Responsibility
  • Enforce information security (including controls) to ensure compliance with the Allianz SE Group and Technology Information Security Frameworks
  • Perform Risks assessments (internal processes, supplier management)
  • Advise Allianz Technology employees in all information security related matters
  • Manage and/or raise to Allianz Technology ISO central team, all issues pertaining to information security
  • Support of the annual compliance reporting process for their area of responsibility and ensuring timely delivery of results
  • Communicate applicable corporate rules relevant to information security in their area of responsibility
  • Coordinate information security-related activities of their area of responsibility and provide information as necessary to relevant control functions, in particular Risk, Data Privacy, Compliance and Internal Audit
  • Report risks and actions to Local Executive Body
  • Perform Asset Risk Assurance process
  • Report risks and actions to Local Executive Body, share risks with our customers
What we offer
What we offer
  • We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad
  • We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location)
  • From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered
  • Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach
  • Fulltime
Read More
Arrow Right

SbD Security Architect - IT & Digital

As a Security Architect within Secure by Design, you will be accountable for emb...
Location
Location
United Kingdom , Newbury
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in cyber security roles, with strong architecture focus
  • Proven experience delivering complex, cross domain IT & Digital security architectures
  • Strong understanding of security risks, threat modelling, and mitigating controls
  • Hands on experience securing public cloud platforms (AWS, Azure, GCP)
  • Deep knowledge of containerised, virtualised and hybrid infrastructure
  • Strong knowledge of security and compliance frameworks (ISO 27001, NIST, COBIT, SOC2, ITIL)
  • Understanding of regulatory and data protection requirements (PII, PCI DSS, privacy legislation)
  • Ability to influence senior technical and non-technical stakeholders
  • Excellent documentation, communication, and decision-making skills
  • SABSA and/or TOGAF architecture qualifications
Job Responsibility
Job Responsibility
  • Embedding security into IT and Digital systems by design
  • Providing end to end security architecture leadership across VodafoneThree’s IT & Digital estate
  • Defining, documenting, and assuring end to end security architectures
  • Working closely with UK IT & Digital, Networks and Data & Analytics teams
  • Influencing senior technical stakeholders to ensure UK security requirements are understood, accepted, and embedded
  • Acting as a member of the Secure by Design Security Architecture team
  • Owning and delivering end to end security architecture for assigned initiatives
  • Defining and embedding technical and non-technical security controls into solution designs
  • Reviewing and assessing solution architectures against VodafoneThree security policies
  • Approving compliant designs and escalating deviations
What we offer
What we offer
  • Excellent basic salary plus bonus and Vodafone benefits
  • Up to 28 days off plus bank holidays
  • Paid time for charity work
  • Discounts and vouchers
  • Pension plan
  • Learning tools
  • Parental leave policies
  • Fulltime
Read More
Arrow Right

Information Security Analyst

We are looking for an Information Security Analyst to join our Risk, Legal and C...
Location
Location
Australia , Sydney
Salary
Salary:
Not provided
lgt.com Logo
LGT Gruppe Holding AG
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in security operations or related IT functions, such as networking or IT systems engineering
  • Strong understanding of security concepts such as server hardening & patching, M365 & Azure configuration, Endpoint Protection solutions, Vulnerability Management, Firewall configuration, user access management, data loss prevention
  • Strong understanding of security architecture concepts across on-premises, cloud, and SaaS environments
  • Experience assessing solution designs and identifying security risks at an architectural level
  • Ability to translate complex technical and policy-driven security requirements into business-friendly language
  • Strong pragmatic, risk-based mindset with the ability to balance security, usability, cost, and delivery timelines
  • Experience engaging in business projects, conduct threat modelling, risk assessments, controls design as well as validating the design and implementation of key controls
  • Experience driving security initiatives to align technical services with security policies
  • Strong problem-solving abilities, with a logical and methodical approach to tasks
  • Excellent communication skills, able to translate technical concepts for non-technical stakeholders
Job Responsibility
Job Responsibility
  • Responsible for maintaining a strong security environment, reducing cyber risk exposure, and supporting security operations, monitoring, and reporting
  • Contributes to LGT WM’s information security strategy and risk framework while embedding security requirements into key business projects from the outset
  • Participates in initiatives to ensure compliance with privacy laws and external regulatory obligations, including GS 007
  • Support the cyber security assurance program, assisting audit activities and owning the remediation of findings
  • Support an effective cyber security assurance strategy over third parties / suppliers, enabling the business to engage with strategic partners without taking excessive risk
  • Actively participate in cyber security strategy formulation, prioritizing the protection of mission critical digital assets and maximizing the value of security investments
  • Participate in project delivery teams to provide security input throughout the solution lifecycle, from early design through to implementation and go-live
  • Participate in operational change management and ensure security related changes are adequately tested prior and post implementation, to reduce business impacts
  • Fulltime
Read More
Arrow Right

Information & Technical Assurance Analyst

The primary focus of this role is to be a specialist in managing regulatory subj...
Location
Location
United Kingdom
Salary
Salary:
Not provided
jobs.360resourcing.co.uk Logo
360 Resourcing Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Knowledge and experience of Data privacy regulations and their practical application
  • Understanding of the UK GDPR regulations
  • Broad understanding of the security implications of digital delivery
  • Effective at stakeholder engagement
  • Organisational skills, able to prioritise and self-manage workload
  • Strong written skills
  • Basic systems analysis skills would be beneficial
Job Responsibility
Job Responsibility
  • Receive, record and manage data subject access requests and rights requests from individuals within the statutory timeframe
  • Assess each request to determine its scope and verify the identity of the requester
  • Co-ordinate with internal teams to locate and collate relevant personal data
  • Redact sensitive or third party information where necessary to comply with legal obligations
  • Maintain accurate records and logs for all subject rights requests
  • Escalate complex requests to the Group Data Privacy Officer
  • Support the Group Data Privacy Officer with ad hoc data protection tasks as required
  • Support our provision of an effective Information Assurance, Governance and Compliance service
  • Managing responses to customer requests for information/ assurance
  • Data Governance processes
What we offer
What we offer
  • Refer a friend for £1000 bonus which is unlimited
  • Generous holiday entitlement
  • Day off for your birthday
  • Staff Awards
  • Hotel and airline discounts
  • Employee Assistance Programme
  • Fulltime
Read More
Arrow Right

AI Solutions Partner

The core responsibility of the AI Solutions Partner is to act as a strategic adv...
Location
Location
Spain; United Kingdom , Madrid; Uxbridge
Salary
Salary:
Not provided
norgine.com Logo
Norgine
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience sufficient to handle a wide range of situations and advise others, ideally in business analysis, product/portfolio management, consulting, or digital transformation
  • Proven experience in vendor orchestration and delivery oversight in a regulated environment
  • Strong facilitation and stakeholder engagement skills, with familiarity in AI tools, governance frameworks, and compliance standards
  • Demonstrated ability to lead cross-functional initiatives from discovery to value realisation
  • Experience supervising or guiding more junior colleagues
Job Responsibility
Job Responsibility
  • Explore and understand external technology developments and assess their relevance for Norgine
  • Collect business requirements using interviews, workflow analysis and workshops, expressing these in terms of user needs and goals
  • Support documentation of “as is” and “to be” processes and define required changes
  • Review existing operations and implement innovation processes to drive continuous improvement
  • Deliver digital solution architecture including conceptual and logical diagrams aligned with future-state design
  • Consult stakeholders on data standardisation and recording processes to ensure quality
  • Coordinate subcontractors and suppliers, acting as a key point of contact within established contract plans
  • Support implementation of quality assurance initiatives and drive operational improvements
  • Contribute to security implementation through monitoring and escalation of risks
  • Plan and manage delivery of AI projects using appropriate project management methods
Read More
Arrow Right