Portfolio Manager - M365 Security and Compliance

About The Position

Requirements

• 7–10 years in product or program management within enterprise technology or SaaS platforms.
• 5+ years working with M365 services at scale.
• 5+ years working with M365 compliance and security products at scale.
• Strong understanding of Microsoft Purview modules and capabilities (DLP, retention/holds, eDiscovery).
• Strong understanding of Microsoft 365, Azure, Defender for Office 365, and security and compliance ecosystems.
• Knowledge of Microsoft Entra ID (formerly Azure AD), Conditional Access, modern auth/OAuth.
• Road mapping, backlog management, stakeholder engagement, data-driven decision-making.
• Excellent communication - capable of executive briefings and clear end-user messaging.

Nice To Haves

• Background in regulated industries and audit practices.
• Familiarity with regulatory frameworks such as GDPR, HIPAA, SOX, and financial‑sector requirements.
• Background in information security, data governance, or enterprise risk.

Responsibilities

• Generates the vision and roadmap for the program based on customer requirements, industry trends, regulations, and the strategic direction for the business or technology domain
• Communicates the program vision and roadmap to stakeholders, product owners and the teams
• Oversees the budget(s) for one or more products by working closely with finance partners on both personnel and non-personnel expenses
• Provides input into defining business capabilities and aligning them to products or creating new products to support them
• Ensures product availability by partnering closely with demand and capacity teammates
• Develops business cases for new products and additional features for existing products
• Partners with the product owners and the teams to ensure that optimum value is obtained through technology and subject-matter expertise and understanding of the business and industry trends
• Models an inclusive environment for employees and clients, aligned to company Great Place to Work goals.
• Demonstrates deep process knowledge, operational excellence and innovation through a focus on simplicity, data based decision making and continuous improvement.
• Communicates enterprise decisions, purpose, and results, and connects to team strategy, priorities and contributions.
• Ensures proper risk discipline, controls and culture are in place to identify, escalate and debate issues.
• Provides inspection, coaching and feedback to motivate, differentiate and improve performance.
• Actively manages expenses and budgets in alignment with objectives, making sound financial decisions.
• Assesses talent and builds bench strength for roles across the organization.
• Delivers results by effectively prioritizing, inspecting and appropriately delegating team work.
• Define and maintain the target-state vision and multi-quarter roadmap for Microsoft Purview and other security/compliance solutions for M365 (classify, protect, and govern data).
• Prioritize features, controls, and improvements based on business value, risk, regulatory obligations, and user feedback.
• Lead business cases and investment proposals; manage objectives and key results aligned to service outcomes, regulatory obligations, and industry standards.
• Partner with Security, Legal, Compliance, and Risk to translate regulatory requirements (e.g., retention, litigation hold, eDiscovery) into product capabilities and policies.
• Establish and oversee governance standards for access, reporting, alerting, and actioning of compliance and security triggers.
• Run product councils and communicate roadmap, changes, and service posture to executives, business units and control partners.
• Drive implementation of Microsoft Purview features and controls (DLP, sensitivity labeling, insider risk, information barriers, Data Security Posture Management).
• Own change management: release planning, pilot/rollout strategy, comms, training, and adoption.
• Coordinate with engineering timely and high-quality delivery of features.
• Ensure durable configurations for Defender for Office 365.
• Oversee Purview-aligned controls across the Microsoft Suite: DLP, Retention/Litigation Hold, eDiscovery, Sensitivity labels, Information Protection, Insider Risk, DSPM and audit readiness.
• Monitor risk signals and drive remediation backlogs.
• Define service KPIs and operational SLOs
• Sponsor automation for provisioning, configuration baselines, drift detection, reporting.
• Stay current on regulatory changes and data protection standards across industries.
• Ensure features support data classification, data lifecycle management, insider risk, records management, information protection, and compliance reporting.
• Access and interpret telemetry to improve product performance and reliability.

Benefits

• Access to paid time off
• Resources and support to our employees