Microsoft is hiring a Europe-based cybersecurity attorney to help solve complex problems at the frontiers of regulation and technology, including rapid, AI-driven changes. Our new team member will help to enhance Microsoft’s security and increase trust in one of the planet’s most significant companies.

The Microsoft Corporate, Legal, and External Affairs (CELA) department seeks a highly motivated, experienced attorney based in Europe to join its Customer Security and Trust organization’s Cybersecurity Regulatory Affairs Team. The Cybersecurity Regulatory Affairs Team is focused on developing strategies to support cybersecurity regulatory compliance, providing cybersecurity compliance counseling, leading strategic compliance initiatives, reporting security incidents and responding to regulatory inquiries, and shaping the development of cybersecurity laws worldwide. Cybersecurity and cyber threats are some of the greatest and highest impact risks to organizations and the tech industry today. The attorney in this role will support cybersecurity and resilience compliance programs for laws and regulations around the world, with a focus on laws and regulations in Europe, including providing advice on requirements under European laws and engagement with regulatory authorities as needed. The attorney will serve as a cybersecurity expert helping Microsoft track, analyze, and shape legislation in the development phase, and then helping our businesses achieve their most important strategic goals through compliance and counsel, and thoughtful policy implementation.

Responsibilities

Legal Advice and Counsel

• As part of a team of attorneys and working with our policy experts, review regulations around cybersecurity through the lens of compliance, articulating legal obligations for our product and services teams globally.

• Provide guidance as to whether cybersecurity controls comply with regulatory requirements.

• Work with legal, engineering, and compliance teams around the company on implementation of security compliance regimes for new laws and obligations.

• Provide strategic direction to other legal teams and business partners on specific issues and trends in cybersecurity, including AI security, and related legal compliance that will impact Microsoft’s businesses, our customers, and our ecosystem.

• Provide expertise to legal and policy teams across Microsoft seeking counsel on the interpretation of cybersecurity legal and regulatory obligations.

• Serve as the subject matter expert for legal and government affairs teams and other internal teams to advise on developing cybersecurity-related legislative priorities and initiatives and track developing legislation to understand its potential impact on Microsoft.

• Advise and help clients understand cybersecurity compliance issues, identify risks, and offer solutions.

• Support the company’s cybersecurity governance and oversight programs, including the Microsoft Cybersecurity Governance Council, which is led by the Microsoft Global CISO and Deputy CISOs, and Microsoft’s security committee for European operations.

• Support the company’s engagement with European cybersecurity and resilience regulatory authorities.

Operational Excellence

• Provide input and continuous feedback to improve process efficiencies within role; identify opportunities and tools to increase operational efficiency and effectiveness.

Communication

• Collaborate effectively within Corporate, External, and Legal Affairs and with business clients.

• Organize issues and ideas in written and verbal communication.

Qualifications

Required/Minimum Qualifications:

• Juris Doctorate Degree or Equivalent International Degree and an active license in good standing to practice law and capable of meeting admission requirements in any European jurisdiction.

• Demonstrable experience as a practicing attorney or equivalent practice of law

• Relevant experience in cybersecurity law, cybersecurity compliance, critical infrastructure, privacy, telecommunications, or digital safety, ideally in the EU’s DORA, NIS1 or NIS2 Directives, GDPR, and/or analogous regulations in other European states.

• Demonstrable experience in criminal or civil litigation or regulatory proceedings.

Additional or Preferred Qualifications

• Fluency and facility with cyber risks, remediation, cybersecurity standards (e.g., NIST, ISO/IEC), frameworks, risk assessments or certification processes, ideally including a practical understanding of same.

• Experience designing and implementing cross-functional programs and processes to track legal or regulatory requirements, including compliance programs.

• Experience advising or representing organizations in regulatory oversight matters or representing or supporting regulatory agencies in their oversight or enforcement activities.

• Curiosity to understand Microsoft’s products and services, with a drive to get precise and complete information to make informed decisions.

• Practical business judgment, ability to think strategically, and desire to establish a “trusted advisor” relationship with key clients.

• Independent and able to prioritize in an ever-changing legal and regulatory environment.

• Ability to creatively problem-solve with a focus on achieving results that both benefit our business and maintain the trust of our customers and partners.

• Desire and ability to work with diverse, global teams.

• This role may eventually involve domestic and international travel.

#CELA