Principal EU GRC Lead
Microsoft
Principal EU GRC Lead
London, United Kingdom
Save
Overview
The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Microsoft is one of the largest enterprise service companies in the world.
As a Principal EU GRC Lead, you will use your understanding of policies, laws, and regulations to make independent judgments that meet business needs. The ideal candidate will bring a blend of technical expertise, regulatory awareness, and program management skills to identify high-impact vulnerabilities, design secure cloud-native (Azure) solutions, and support security reviews and audit readiness. They will help develop and operationalize compliance programs that meet internal governance requirements and external audit expectations.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.
Qualifications
- Educational Background
A Bachelor's degree (or foreign equivalent) in Computer Science, Engineering, Mathematics, Information Systems, or a related field, or equivalent work experience. - Experience Requirements
o Senior-level experience in program management, with mid-level experience in GRC or security-related roles.
o Proven track record in leading complex technical programs focused on risk management, vulnerability management, and third-party risk - Technical and Regulatory Expertise
o Risk & Compliance Strategy: Translate complex regulatory concepts into actionable program strategies
o Tool Proficiency: Microsoft S360, Azure DevOps, Purview, Compliance Manager, Power BI
o Data Analysis: Analyze complex risk data, build dashboards, identify trends and gaps
o Collaboration: Partner with engineering and technical stakeholders to embed controls into architecture and development lifecycles - Communication and Leadership
o Strong collaboration and stakeholder engagement skills across cross-functional teams.
o Strong written and verbal communication – Ability to explain complex compliance topics to internal stakeholders and leadership.
o Ability to lead risk reviews, remediation efforts, and governance structures.
o Ability to communicate and manage external audit engagements, providing measurable status reporting, timely evidence collection and program documentation
Preferred Qualifications
Certifications
- CRISC (Certified in Risk and Information Systems Control)
- CISA (Certified Information Systems Auditor)
- CISM (Certified Information Security Manager)
- CGEIT (Certified in the Governance of Enterprise IT)
- PMP or PMI certifications for project management.
Knowledge of PCI DSS, SOC 2
Responsibilities
As Principal EU GRC Lead, individuals will gain deep experience in strategic compliance leadership, cross-functional collaboration, and security risk management while driving impactful business outcomes.
- Lead compliance initiatives for major EU regulations (CRA, DORA, NIS2, EU AI Act), ensuring readiness, implementation, and ongoing monitoring of regulatory changes.
- Map and assess regulatory requirements against internal controls, conducting gap analyses and driving remediation for EU, US, and global frameworks (ISO 27001, NIST 800-53, SOC 2, PCI DSS).
- Oversee incident management and operational resilience programs, including scenario testing and evidence collection for regulatory reviews in the EU and globally.
- Manage centralized risk registers and annual IT risk assessments, prioritizing and reporting regulatory risks to senior leadership across all regions.
- Coordinate internal and external audits for EU, US, and global compliance standards, preparing evidence packages and facilitating third-party assessments.
- Govern third-party and subcontractor compliance, conducting security assessments and ensure adherence to EU, US, and global outsourcing requirements.
- Serve as primary liaison with regulators, industry bodies, and internal stakeholders, communicating regulatory changes and compliance status.
- Develop and deliver training programs on regulatory requirements, risk management, and compliance best practices for global teams.
- Implement and optimize GRC automation tools for process control, RFI response management, and vendor due diligence.
- Foster a culture of proactive compliance and continuous improvement, collaborating with global business units to enhance IT control and compliance.