M365 Security, Protection & Governance (Lead Senior Engineer)

Details of the offer

About the RoleThe Swift End User Services (EUS) Team is accountable for the strategy, design, delivery and operations of all workplace and workforce productivity and collaboration services.
The foundational technologies include Microsoft Windows and M365, with the principal services being (a) end user devices, (b) video and voice services, (c) sharing and collaboration, (d) messaging and directory services, and (e) automation and productivity services.As we continue to expand our digital footprint and migrate to a Zero Trust Security framework, we are committed to ensuring the highest standards of security, protection, and governance for our Microsoft 365 (M365) environment.
We are seeking a highly skilled and experienced professional to lead our M365 Security, Protection & Governance efforts.The M365 Security, Protection & Governance Lead will be responsible for overseeing the security, compliance, and governance of our Microsoft 365 environment.
This role involves developing and implementing strategies to protect data, manage risk, ensure regulatory compliance, and establish governance frameworks.
The ideal candidate will have a deep understanding of M365 security technologies, compliance requirements, and best practices for data protection and governance.The ideal candidate will have a deep understanding of M365 security technologies, compliance requirements, and best practices for data protection and governance.For reference, Swift's strategic productivity, collaboration and intelligence services are predominantly delivered through M365, but also includes offerings from other vendors.
The primary M365 data sources include SharePoint, Teams, Exchange, and One-Drive.The M365 Security, Protection & Governance (Lead Senior Engineer) will report to the Head, EUS Architecture, Engineering and Security Compliance, and in the interim, to the Head, End User Services.What to Expect?Primary ResponsibilitiesRelationship ManagementEstablish strong relationships with vendors and internal partners (information security & protection, legal, privacy and risk partners) focused toward supporting the ongoing evolution of M365 Information Security, Access, Protection & Governance.Security ManagementDevelop and implement security policies, procedures, and controls for M365.Monitor and respond to security incidents, vulnerabilities, and threats within the M365 environment.Conduct regular security assessments, audits, and penetration testing in collaboration with information security partnersCollaborate with IT and security teams to design and enforce secure configurations.Data ProtectionImplement data loss prevention (DLP) strategies and technologiesManage encryption, rights management, and data classification solutions.Ensure proper handling of sensitive and confidential information in accordance with data protection laws and regulations.Compliance & Governance:Establish and maintain compliance with relevant regulations (e.g., GDPR, HIPAA, CCPA).Develop and enforce governance policies for data retention, archiving, and disposal.Create and maintain documentation for compliance audits and reporting.Conduct regular training and awareness programs on compliance and governance.Risk Management:Identify, assess, and mitigate risks related to the M365 environment.Develop and maintain a risk management framework for M365.Collaborate with stakeholders to prioritize and address risks effectively.Collaboration & LeadershipLead cross-functional teams to implement security, protection, and governance initiatives.Provide guidance and mentorship to junior team members.Stay updated on the latest M365 features, security trends, and regulatory changes.Tactical PrioritiesReview and refine the efficacy of current information security & protection controls across M365 data sources.
Examine M365 controls which encourage and enforce best practices.
Identify and implement quick wins / low hanging fruit.Perform M365 Security Risk Assessment in collaboration with information security, legal, privacy and risk partners to identify risks and requisite controls, and implement effective processes and technology solutions to automate security controls and automated governance.Strategic ObjectivesDevelop an M365 Security, Protection & Governance Roadmap, including the evaluation and implementation of effective processes and technology solutions to automate security controls and governance.
Implement a monthly forum to govern the efficacy of security controls and address potential / released risks and issues (supported by data, measures, and analytics)Azure Information Protection (AIP) Support the development of a plan to implement and operate AIP.
This should include supporting the implementation of (a) an MVP to protect confidential information, and (b) the minimum configuration to avoid inappropriate sharing of confidential information externally.Information Protection User Education Support the refinement of training material around current policies, considering the evolution of collaboration and intelligence services to (a) reinforce individual responsibility, and (b) equip users with the knowledge to do the right thing in M365.
Support the development of a roadmap around access control and data tagging responsibilities for end users of M365 data sources.Zero Trust Security Model Support the M365* implementation of a Zero Trust Security Model at Swift including (a) prevention, detection, and response, (b) associated policy refinements, (c) user education, (d) data classification, (e) data inventory, and (f) controls and governance.Legacy Data Management Support the definition of requirements for handling of legacy M365 data, including the development of timelines to automatically restrict access, conditional archiving / data removal.
Implement associated controls in M365 to enforce requirements.What will make you successful?Bachelor's degree in Computer Science, Information Security, or a related field (Master's degree preferred).Professional certifications such as CISSP, CISM, Microsoft Certified: Security, Compliance, and Identity Fundamentals, or equivalent.10+ years of experience in information security, with significant experience in managing M365 environments.Proven expertise in M365 security technologies, including Microsoft Defender, Azure AD, Conditional Access, and Information Protection.Strong understanding of data protection laws, regulatory compliance frameworks, and governance best practices.Excellent leadership, strategic thinking, and communication skills.Ability to work effectively with cross-functional teams and manage complex projects.You may want to reach out to the recruiter for more information via LinkedIn; Victor Ooi, Senior Talent Acquisition.What we offerWe put you in control of careerWe give you a competitive packageWe help you perform at your bestWe help you make a differenceWe give you the freedom to be yourselfWe give you the freedom to be yourself.
We are creating an environment of unique individuals – like you – with different perspectives on the financial industry and the world.
An environment in which everyone's voice counts and where you can reach your full potential regardless of age, background, culture, colour, disability, gender, nationality, race, religion, or veteran/military status.


Nominal Salary: To be agreed

Source: Talent_Ppc

Requirements

Senior Software Qa Engineer

Responsibilities -Design, develop and execute test cases which include but are not limited to mobile application testing, API testing, web application tes...


Snappymob - Kuala Lumpur

Published a month ago

Internship For Non-Tech

Shortlisted candidates will have the opportunities to explore in the following area(s): -Human Resources -Marketing -Legal and Compliance  (Apply no...


Aeon Credit Service (M) Berhad - Kuala Lumpur

Published a month ago

It Executive

As the IT Executive at The Makeover Guys, you will be managing the information technology needs and systems of The Makeover Guys. Your work will directly imp...


The Makeover Guys - Kuala Lumpur

Published a month ago

Technician

As the Technician at The Makeover Guys, you will be assigned on-site renovation tasks on a day-to-day basis. Your work will enable people to enjoy better hom...


The Makeover Guys - Kuala Lumpur

Published a month ago

Built at: 2024-11-22T16:48:26.150Z