Security Engineer — Data Protection & Compliance

• 8–10 years total experience in data security, information protection, or compliance engineering
• Minimum 3 years of hands-on Microsoft Purview experience in production enterprise environments
• Demonstrated experience across both design/deployment and steady-state operations of DLP and classification controls
• Experience in regulated industries where sensitive personal data (healthcare, financial, or equivalent) is in scope
• Experience working in environments with large BYOD device populations preferred

Microsoft Purview — Data Loss Prevention

• 3+ years designing and operating DLP policies across Exchange, SharePoint, Teams, and Endpoint channels
• Hands-on experience with Purview DLP AI Endpoint policies, including blocking sensitive data uploads to public AI tools
• Proficient in DLP policy modes: simulation, audit, and enforcement, with understanding of transition processes
• Experience managing DLP incident queues, reviewing exceptions, and tuning false-positive rates
• Understanding of DLP prerequisites: label taxonomy, classifier deployment, and Intune enrollment

Microsoft Purview — Sensitivity Labels & MIP

• Experience designing and implementing organisation-wide sensitivity label taxonomies
• Hands-on configuration of auto-labelling policies for Exchange, SharePoint, and Teams
• Deployment and tuning of built-in and custom sensitive information types (PHI pattern and regex-based classifiers)
• Experience managing label publishing, label analytics, and Activity Explorer monitoring
• Understanding of client-side versus service-side labelling and their respective limitations

Microsoft Purview — Compliance Manager

• Experience managing compliance assessments within Purview Compliance Manager
• Ability to configure and operate HIPAA assessment templates, including score tracking and evidence uploads
• Experience producing compliance reporting outputs for senior stakeholders (CISO, Legal)
• Familiarity with multi-regulation assessment management (SOC 2, HIPAA, HITRUST)

Microsoft Purview — Data Map & Data Catalogue

• Experience configuring Purview Data Map scanning across M365, Azure, and SQL data sources
• Ability to design and manage classification rules and scanning schedules for PHI discovery
• Familiarity with data flow documentation and lineage mapping within the Purview Data Catalogue
• Experience producing PHI system inventory outputs from Data Map scan results

Microsoft Purview — Insider Risk, eDiscovery & Communication Compliance

• Configuration of Insider Risk Management policies for data exfiltration, policy violations, and departing employee scenarios
• Familiarity with Purview eDiscovery Premium, including legal holds, content search, and review set management
• Experience configuring Communication Compliance policies for sensitive content monitoring
• Understanding of Purview AI Hub for AI model governance and bias assessment processes

Microsoft Defender for Cloud Apps (MCAS)

• Hands-on configuration of Cloud Discovery, log collectors, Shadow IT reporting, and risk scoring
• Experience configuring Session Policies and Access Policies for sanctioned applications
• Connector configuration for third-party applications such as Google Workspace, Salesforce, and custom apps
• Anomaly detection policy configuration and alert tuning within MCAS

Microsoft Entra ID P2

• Conditional Access policy design covering device compliance, location, risk-based access, and MFA
• Experience managing Entra Terms of Use policies and user acceptance tracking
• Configuration of Entra Access Reviews, including delegation and remediation tracking
• Entra B2B governance including external user lifecycle and access package management
• Familiarity with Entra ID Protection risk policies and reporting

Microsoft Intune — MAM & Endpoint DLP

• Mobile Application Management (MAM) configuration for BYOD device populations
• Deployment of Intune compliance policies, configuration profiles, and app protection policies
• Integration of Intune enrollment with Purview Endpoint DLP controls (USB, printing, cloud uploads)
• Familiarity with Intune reporting and compliance dashboards

Third-Party Risk & Vendor Governance

• Experience managing HIPAA Business Associate Agreement (BAA) processes: vendor identification, execution tracking, BAA register maintenance
• Familiarity with Third-Party Risk Management (TPRM) frameworks and vendor risk assessment methodologies
• Ability to connect MCAS connectors for third-party SaaS applications and enforce DLP policies across them

Compliance Framework Knowledge

• Working knowledge of SOC 2 Trust Services Criteria — C1.x (Confidentiality) and CC6.x (Logical Access Controls)
• Solid understanding of HIPAA Security Rule Technical Safeguards: §164.312(a)(2)(iv) encryption, §164.312(e) transmission security, §164.310(d) device controls
• Familiarity with HIPAA Administrative Safeguards: §164.308(a)(1) risk management, §164.308(b) BA agreements
• Awareness of HITRUST r2 framework and its mapping to HIPAA controls