Senior Security Operations Manager - Cross-Org Security Operating Model & Partnerships

Microsoft

About The Position

Overview Senior Operations Manager, Cross‑Org Security Operating Model & Partnerships The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world. Aligning with Microsoft's mission and the focus of the Microsoft Security organization, this role is an integral part of a larger team dedicated to delivering world-class security operations that contain and evict threat actor activities. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day. Role Summary The Senior Operations Manager, Cross‑Org Security Operating Model & Partnerships, is accountable for clarifying and operationalizing the interfaces between Cyber Defense Operations (CDO) organizations and the broader ecosystem of stakeholders across the CISO organization and adjacent partner teams. The role is the single-threaded owner for a portfolio of cross‑functional relationships and programs, ensuring they are executed with clear operating models, decision rights, escalation paths, and engagement norms—especially at “incident pace,” where ambiguity creates risk. This role ensures that cross-company work does not degrade into ad‑hoc “who owns what” debates but instead follows defined constructs that distinguish security risk ownership from operational execution, with measurable outcomes and durable governance. CDO/Ops Hub and partner organizations often move at different speeds, with different mandates, which can lead to unclear handoffs, role confusion, and slower response—particularly during high-severity incidents and complex cross-org programs.This role exists to eliminate ambiguity by translating “RACI on paper” into lived, repeatable operating behavior, and by upgrading partner engagement structures, so coordination is predictable and fast. This role partners across: CDO/Ops Hub functions that coordinate incident response and enforce cross-company process/routing. CISO organization stakeholders involved in incident response, decision-making, and governance constructs. Post‑incident review and process partners where handoffs and ownership must be explicit. Engineering/Product/Compliance partners involved in risk and remediation execution models (operating model emphasis on common language, responsibility clarity). Core Deliverables: Cross‑Org Operating Model Playbook: clear scope, decision rights, RACI, escalation paths, engagement norms. Partner Engagement Plans for priority stakeholders: cadence, artifacts, shared tooling, and issue-resolution mechanisms. Handoff Contracts / Interface Maps: explicit “start/stop” responsibility boundaries for key workflows (incidents, PIRs, audit requests, comms, etc.). Executive‑Ready Briefs: decision memos and status updates grounded in defined constructs and measurable outcomes. Success Measures: Measured outcomes should reflect clarity, speed, and reduced friction, such as: Partner teams can articulate where responsibility starts/stops, and incidents execute with fewer ownership disputes. Reduction in partner confusion flagged as a blocker during high‑severity incidents (tracked through partner relationship upgrade metrics). Improved consistency and predictability of cross‑org handoffs (e.g., PIR ownership clarity, documentation standardization, streamlined handoff process). Increased adoption of standard engagement frameworks (fewer side channels; better planning/lead time discipline).

Requirements

Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
OR equivalent experience.
Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role.
These requirements include, but are not limited to the following specialized security screenings:
Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Nice To Haves

Experience operating in incident response / cyber defense environments where “incident pace” and role clarity are essential.
Experience working with security governance models that distinguish risk ownership from execution, and managing the seams between them.
Demonstrated experience designing and operationalizing cross‑org operating models, including RACI, decision rights, escalation, and governance forums.
Proven ability to run a portfolio of stakeholder relationships and drive structured collaboration frameworks that reduce friction.
Strong executive communication: ability to synthesize ambiguity into crisp narratives and decision points. Operational rigor and systems thinking (service rhythms, governance patterns, repeatable processes).

Responsibilities

Operating Model Ownership: Define “Who Owns What” (and Make It Real)
Define and maintain clear ownership boundaries and “handoff contracts” across teams (e.g., what CDO/Ops Hub owns vs. what partner orgs own).
Translate abstract RACI into operational execution behaviors under pressure (e.g., incident declaration, response strategy, comms lanes, escalation).
Ensure operating models distinguish security risk ownership from execution, reducing duplication and conflicting authority.
Partner Relationship “Portfolio” Management (Business + Security Stakeholders)
Build and run a structured portfolio of partner relationships, including engagement plans, shared artifacts, and regular sync mechanisms (“infrastructure to support collaboration”).
Drive targeted relationship upgrades with prioritized partners to reduce confusion during incidents and cross-org execution.
Establish predictable engagement pathways (intake, routing, escalation) so teams know how to work together without side-channeling.
Cross‑Functional Program Delivery with Clarity and Governance
Own the governance layer for cross-org programs: program charters, RACI, decision logs, escalation routes, and “definition of done” criteria.
Ensure partner dependencies and obligations (audit, compliance, PIR handoffs, etc.) are executed through defined constructs—not ad‑hoc heroics.
Incident‑Pace Interface Clarity (Especially for Executive + Crisis Moments)
Ensure the right roles engage at the right time (e.g., Incident Coordinator vs. dCISO vs. CISO vs. business leaders) and that escalation paths remain unambiguous.
Reduce friction by clarifying comms lanes and decision ownership during incidents (including executive communication expectations and “who speaks for whom”).
Continuous Improvement of Handoffs, Procedures, and “Seams”
Own improvements to the core procedures governing handoffs and interaction points between CDO and partner teams (including engagement “rolodex” patterns).
Use partner feedback and retrospectives to systematically reduce recurring confusion, delays, and duplicated effort.
Executive Readouts & Decision Support
Translate complex operational realities into clear executive decision points, tradeoffs, and recommendations.
Provide crisp, cross‑org narratives on what is working, where ownership is breaking down, and what must change to reduce risk and accelerate outcomes.

Benefits

Certain roles may be eligible for benefits and other compensation.
Find additional benefits and pay information here: https://careers.microsoft.com/us/en/us-corporate-pay

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume