M365 Data Compliance Specialist

Spektrum have a wide range of exciting opportunities in several global locations.

We are always looking to add great new talent to our team and look forward to hearing from you.

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role ID – 2025-0217

Role Duties and Responsibilities                                          

• Execute data ingestion into Microsoft 365 services
• Migrate large volumes of user and archive data into Exchange Online, SharePoint, OneDrive, and Teams 
• Handle folder mapping, duplicate resolution, and retention policies during migration 
• Verify accuracy, access rights, and post-migration usability
• Operate Azure Blob Storage as staging layer
• Upload and organize content securely before ingestion workflows 
• Maintain structured metadata for traceability and reconciliation 
• Monitor storage utilization, access logs, and tagging structure
• Perform file sanitization using OPSWAT and Defender tools
• Integrate MetaDefender Core workflows for CDR and malware analysis 
• Apply Defender for Endpoint and Defender for M365 scanning policies 
• Log, track, and resolve scan results, blocked content, and exceptions
• Apply metadata and classification labels via Titus
• Use Titus to assign NATO-aligned metadata (classification, caveat, handling) 
• Validate label inheritance across Microsoft 365 workloads 
• Troubleshoot failed labeling operations and regenerate metadata stamps
• Assign and verify Microsoft Purview Sensitivity Labels
• Deploy and audit sensitivity labels during and after content ingestion 
• Support auto-labeling rules and encrypted file handling 
• Ensure label compliance with NATO data protection rules
• Process PST and legacy email archives
• Ingest PSTs using Compliance Center, PowerShell, or AzCopy 
• Validate completeness, folder structure, and timestamp accuracy 
• Monitor mailbox quotas, duplicate management, and error logs
• Develop and manage automation scripts
• Write PowerShell and Graph API scripts for labeling and content ingestion 
• Ensure logging, rollback, and structured exception handling 
• Maintain version control, documentation, and reusability
• Administer Microsoft 365 and Intune compliance policies
• Enforce DLP, retention, conditional access, and audit policies 
• Support policy reviews and reporting within Compliance Center and Intune 
• Coordinate configuration changes and incident resolution
• Provide on-site device and user support
• Enroll Windows 11 endpoints via Intune and enforce secure baselines 
• Troubleshoot configuration profile failures, Defender issues, and BitLocker settings 
• Assist with onboarding, MFA setup, and general user support
• Maintain documentation and reporting routines
• Draft SOPs for migration, labeling, sanitization, and compliance procedures 
• Submit weekly sprint summaries and update the central documentation repository 
• Ensure reproducibility, traceability, and audit readiness

• Communication and Reporting
• Provide inputs to project highlight reports, exception reports, strategic plans, and other management documentation 
• Deliver briefings and presentations related to security accreditation
• Collaboration with IT Support
• Work closely with the IT support team to resolve complex device-related issues 
• Serve as a subject matter expert in mobile device management
• Documentation and Training
• Maintain comprehensive documentation for Cloud Operations processes, configurations, and workflows 
• Provide training and support to other staff as required for knowledge and information sharing
• Collaboration and Communication 
• Collaborate with IT security, compliance, and other relevant teams to ensure cohesive Cloud Operations strategies 
• Communicate effectively with internal stakeholders to understand requirements and address concerns

Essential Skills, Experience and Certifications

• Microsoft 365 Data Migration Experience (5 years of experience)
• Proven ability to migrate files and archives into SharePoint, Teams, OneDrive, and Exchange 
• Understanding of data fidelity, access rights, and versioning during migrations 
• Familiarity with bulk import strategies, including Microsoft-provided tools and custom scripts
• Metadata and Document Labeling Expertise
• Experience configuring and applying metadata tags through Titus or equivalent tools 
• Understanding of attribute-based access control and downstream integration 
• Ability to audit, troubleshoot, and validate metadata assignments
• Sensitivity Label Management in Microsoft Purview
• Hands-on experience creating, assigning, and troubleshooting Sensitivity Labels 
• Familiarity with auto-labeling rules, encrypted content controls, and label inheritance 
• Understanding of NATO classification structures mapped into Purview policies
• Sanitization Tools and Workflow Proficiency
• Operational experience with OPSWAT MetaDefender or other CDR/Sandbox platforms 
• Knowledge of integration with blob storage, SharePoint, and file inspection pipelines 
• Capability to configure scanning policies, analyze logs, and resolve false positives

• Advanced Automation and Scripting Skills
• Proficiency in PowerShell, Graph API, and Azure CLI for automated compliance operations 
• Ability to write scalable and documented scripts with logging and retry mechanisms 
• Experience integrating scripts with Intune and Microsoft 365 Admin Centers
• Compliance Policy and Intune Configuration Support
• Understanding of M365 compliance features: DLP, retention, records management, audit 
• Familiarity with Intune device configuration and app protection policies 
• Experience resolving compliance-related incidents in endpoint environments
• PST Archive Processing Knowledge
• Capability to prepare, scan, and ingest PST files into M365 with metadata preservation 
• Knowledge of size limits, duplication handling, and archive folder mapping 
• Familiarity with Microsoft Compliance Center, Import Jobs, and audit trails
• Endpoint Support for Intune Enrolled Devices
• Practical experience enrolling, remediating, and supporting devices managed via Intune 
• Proficiency in troubleshooting compliance failures and user access issues 
• Understanding of BitLocker policies, Defender integration, and Windows 11 support
• Documentation and Communication Skills
• Ability to create technical SOPs and process documentation aligned with NCIA standards 
• Skilled in reporting progress, risks, and blockers during sprints or compliance reviews 
• Clear and professional written and verbal English communication with technical and non-technical stakeholders
• Language and Clearance
• Fluent in English, both spoken and written 
• French language proficiency is an asset 
• NATO Secret Security Clearance or national equivalent required
• Security and Compliance
• Experience conducting audits and ensuring adherence to regulatory standards
• Understanding of security best practices and compliance requirements related to Intune Device Management and Operations
• Communication and Collaboration
• Excellent communication skills to effectively collaborate with IT teams, stakeholders, and end-users 
• Ability to document processes clearly and provide training on IAM tools and practices
• Organizational Skills
• Strong organizational skills to manage multiple tasks and priorities effectively 
• Attention to detail in managing M365 environment and the Microsoft Intune Platform
• Team Collaboration
• Ability to work effectively as part of a team and share knowledge and resources 
• Willingness to collaborate with colleagues to solve complex issues
• Others
• The individual has strong customer relationship skills, including negotiating complex and sensitive situations under pressure 
• The individual must have the nationality of one of the NATO nations

Working Location

• Braine-l'Alleud, Belgium

Working Policy

• On-site

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance

We never know what new opportunities might be just over the horizon. If this opportunity isn't for you please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up.