Senior Consultant - Microsoft Purview & M365 Compliance Governance

About The Position

Requirements

• 5+ years delivering Microsoft Purview / M365 information protection in enterprise or mid-market environments.
• At least 2 full lifecycles of label taxonomy design and deployment.
• Microsoft Purview Information Protection — label taxonomy design, manual labeling, auto-labeling policies (client-side and service-side), label-driven encryption, and rights management.
• Microsoft Purview Data Loss Prevention across Exchange, SharePoint, OneDrive, Teams, and Endpoint DLP — policy authoring, simulation mode, incident triage, exception workflow, and tuning.
• Data classification using built-in, custom keyword, custom regex, exact-data-match, and trainable classifiers.
• Retention labels and retention policies, records management, disposition review, and litigation-hold posture.
• Microsoft Purview Audit (Standard and Premium) — audit log search, export, retention, and downstream SIEM integration.
• Proven expertise with Identity Governance & Administration (IGA) platforms, specifically SailPoint.
• Hands-on experience implementing, configuring, and maintaining SailPoint solutions (e.g., IdentityIQ, IdentityNow).
• Microsoft Compliance Manager — assessment selection, improvement actions, control implementation evidence, and executive reporting.
• Purview for Copilot — DSPM-for-AI configuration, sensitivity-aware grounding, prompt and response auditing for Microsoft Copilot for M365 and Copilot Studio agents.
• Microsoft Entra ID — conditional access, sensitivity-label-bound access policies, and the binding between identity, label, and DLP enforcement.
• Working knowledge of Power Platform DLP.
• Microsoft Defender for Cloud Apps for shadow-IT discovery and SaaS DLP enrichment.
• Azure Monitor and Log Analytics — workspace design, diagnostic settings for M365 audit and Purview signals, KQL fluency, workbook authoring, alert rules, and action groups.
• Microsoft Sentinel integration for governance signals and audit-log SIEM tier — connector deployment, analytic rule authoring, and incident workflow.
• Power BI dashboards that report a value metric a non-technical executive can act on.
• Demonstrated ability to author and present architecture artifacts to a CTO-level audience: C4 diagrams, SADs, SDDs, milestone roadmaps.
• A discovery toolkit you actually use — Lean UX, BPMN, Event Storming, or comparable methods for translating ambiguous client problems into a prioritized backlog with measurable outcomes.
• Ability to communicate in plain language to business owners and in precise technical terms to engineers.
• Ability to sit with different stakeholders (CISO, records-management lead, SharePoint admin) and maintain a coherent governance picture.

Nice To Haves

• Microsoft certifications: SC-400 (Information Protection & Compliance Administrator), SC-100 (Cybersecurity Architect Expert), SC-200 (Security Operations Analyst), SC-300 (Identity & Access Administrator).
• Hands-on with Microsoft Priva for privacy management, data subject requests, and privacy risk policies.
• eDiscovery (Standard and Premium) — case management, custodian holds, advanced indexing, and review-set culling.
• Insider Risk Management and Communication Compliance policy design.
• Experience with regulated frameworks — HIPAA, HITRUST, SOC 2, ISO 27001, FDA 21 CFR Part 11, GDPR, GLBA — and the documentation discipline they require.
• Prior delivery in regulated environments (medical device, life sciences, healthcare, or financial services).
• Experience as a subcontractor or partner-of-partner.

Responsibilities

• Lead the Microsoft Purview and M365 compliance lane of a 90-day governance engagement.
• Inventory the client’s M365 information protection posture, including sensitivity labels, DLP policies, retention framework, audit configuration, classification accuracy, and Copilot AI exposure.
• Map current state against PTM and Microsoft baselines.
• Quantify the risk and ROI of remediation.
• Deliver a prioritized governance backlog.
• Stand up a label taxonomy and auto-labeling policy.
• Deploy or tune DLP across Exchange, SharePoint, OneDrive, Teams, and Endpoint.
• Operationalize retention, records management, and audit.
• Configure Purview-for-Copilot DSPM-for-AI controls.
• Wire the whole estate into Azure Monitor and Log Analytics for observable governance posture.
• Author and present architecture artifacts to a CTO-level audience.
• Use discovery methods to translate ambiguous client problems into a prioritized backlog with measurable outcomes.
• Verify against current docs, the client tenant, and runtime evidence before recommending.
• Define interfaces (label taxonomy, DLP policy, retention schedule, audit retention) before publishing.
• Ensure every label, DLP rule, and retention policy ships with a test and an alert.
• Participate in a Maker-Checker process for design decisions.

Benefits

• Possibility of contract-to-hire
• Competitive contract rate during the engagement
• Market-aligned base, performance bonus, and benefits package on conversion