RESPONSIBILITIES 1. Microsoft Purview Consulting (Client-Facing) Lead workshops and assessments to evaluate the client's current M365 compliance posture. Design and propose governance frameworks leveraging Microsoft Purview (Data Lifecycle, DLP, Insider Risk, Compliance Manager, eDiscovery, etc.). Define sensitivity labels, retention policies, and data classification strategies aligned with regulatory needs. Document and present actionable remediation plans to stakeholders. Provide strategic guidance on M365 security and compliance architecture. 2. Hybrid AD Risk Remediation (Technical/Hands-On) Perform technical assessments of existing Hybrid AD environment (on-prem AD + Azure AD). Remediate identified risks such as excessive privileges, insecure group policies, sync issues, legacy protocols, etc. Configure secure synchronization using Azure AD Connect. Implement or optimize Conditional Access, MFA, Defender for Identity, and security baselines. Collaborate with internal IT teams to apply hardening measures and best practices. PROFILE Bachelor's degree in computer science, Information Systems, or a related field. 5+ years of experience with Microsoft 365 Security & Compliance solutions. Experience working in or with consulting firms or managing external/internal user relationships. Proficiency in Microsoft 365, Azure AD, and endpoint management (Intune). Familiarity with security frameworks and governance standards (e.g., ISO 27001, NIST, GDPR, or industry-specific). Solid experience in Microsoft Purview: DLP, Sensitivity Labels, Compliance Manager, Insider Risk. Strong expertise in Hybrid AD, Azure AD, and identity-related security topics. Experience in customer-facing consulting or advisory roles. Hands-on experience remediating AD/AAD vulnerabilities and implementing identity controls. Strong communication, documentation, and stakeholder engagement skills. Ability to translate compliance needs into technical solutions and vice versa. Expected Certifications (At least one) SC-400 (Microsoft Information Protection and Compliance) SC-300 (Identity and Access Administrator) AZ-500 (Azure Security Engineer) MS-500 (Microsoft 365 Security Administrator) SC-100 (Microsoft Cybersecurity Architect) Show more Show less