Information Security Senior Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, Information Governance, or a related field is required.
• Minimum of 5 years of experience in security engineering, compliance engineering, or data governance, with a strong focus on Microsoft 365 and Microsoft Purview solutions.
• Hands-on experience implementing and managing Microsoft Purview capabilities such as Information Protection, Data Loss Prevention (DLP), Insider Risk Management, Records Management, and eDiscovery.
• Practical knowledge of Microsoft 365 security and compliance tools. Strong PowerShell scripting experience.
• Strong understanding of data governance principles, regulatory compliance requirements (e.g., GDPR, CCPA, HIPAA, ISO 27001), and information lifecycle management.
• Demonstrated ability to assess, troubleshoot, and remediate data protection, compliance, and information governance issues in Microsoft 365 environments.
• Strong organizational skills
• Strong attention to detail
• Good judgment
• Strong interpersonal communication skills
• Strong analytical and problem-solving skills
• Able to work harmoniously and effectively with others
• Able to preserve confidentiality and exercise discretion
• Able to work under pressure
• Able to manage multiple projects with competing deadlines and priorities

Nice To Haves

• Relevant Microsoft certifications such as Microsoft Certified: Information Protection Administrator Associate, Security Operations Analyst Associate, or Azure Security Engineer Associate (AZ-500).
• Advanced security and compliance certifications such as CISSP, CISM, CCSP, or Security+.
• Experience in the legal, financial services, or other highly regulated industries with strict client data governance and compliance requirements.
• Hands-on experience with data security and insider risk tools such as Varonis, Digital Guardian, or Cyberhaven
• Familiarity with SIEM/SOAR platforms for correlating and responding to Purview alerts.
• Demonstrated ability to support large-scale legal hold, records management, and eDiscovery processes in global organizations.
• Strong knowledge of regulatory compliance frameworks such as GDPR, CCPA, HIPAA, ISO 27001, and client-driven contractual requirements.

Responsibilities

• Design, configure, and maintain Microsoft Purview solutions for data classification, labeling, retention, and compliance in alignment with Firm policies and regulatory requirements.
• Implement and manage data security controls, including Information Protection policies, Data Loss Prevention (DLP), Insider Risk Management, and eDiscovery workflows.
• Implement policies to protect sensitive Client and Firm data through classification, labeling, encryption, access governance, and monitoring across Microsoft 365, Azure, and integrated environments.
• Work with Records Management, Data Governance IT Risk and other teams to develop, enforce, and maintain compliance policies, ensuring consistent application of regulatory, contractual, and Firm-specific data protection requirements.
• Build and optimize automated data governance workflows, enabling lifecycle management, secure data sharing, and defensible disposition of records in accordance with Firm strategy.
• Integrate Purview insights and alerts into Security Operations, incident response, and GRC processes to strengthen visibility, detection, and remediation of data-related risks.
• Collaborate with Records Management, Data Governance, IT, Security, Legal, and Compliance teams to design policies and processes that balance regulatory obligations, client requirements, and business operations.
• Monitor and respond to Purview compliance alerts, investigating potential risks such as data leakage, insider threats, or policy violations, and recommending remediation.
• Participate in risk assessments, audits, and compliance efforts related to data governance and regulatory frameworks (e.g., ISO 27001, GDPR, CCPA, HIPAA).
• Stay current with emerging data governance technologies, compliance regulations, and best practices, ensuring the Firm continues to mature its use of Microsoft Purview capabilities.

Benefits

• Our compensation package also includes bonus eligibility and a comprehensive benefits program.
• Benefits information can be found at Sidley.com/Benefits.