M365 Security, Protection & Governance (Lead Senior Engineer)
Kuala Lumpur
As we continue to expand our digital footprint and migrate to a Zero Trust Security framework, we are committed to ensuring the highest standards of security, protection, and governance for our Microsoft 365 (M365) environment. We are seeking a highly skilled and experienced professional to lead our M365 Security, Protection & Governance efforts.
The M365 Security, Protection & Governance Lead will be responsible for overseeing the security, compliance, and governance of our Microsoft 365 environment. This role involves developing and implementing strategies to protect data, manage risk, ensure regulatory compliance, and establish governance frameworks. The ideal candidate will have a deep understanding of M365 security technologies, compliance requirements, and best practices for data protection and governance.
The ideal candidate will have a deep understanding of M365 security technologies, compliance requirements, and best practices for data protection and governance.
For reference, Swift’s strategic productivity, collaboration and intelligence services are predominantly delivered through M365, but also includes offerings from other vendors. The primary M365 data sources include SharePoint, Teams, Exchange, and One-Drive.
The M365 Security, Protection & Governance (Lead Senior Engineer) will report to the Head, EUS Architecture, Engineering and Security Compliance, and in the interim, to the Head, End User Services.
What to Expect?
Primary Responsibilities
Relationship Management
- Establish strong relationships with vendors and internal partners (information security & protection, legal, privacy and risk partners) focused toward supporting the ongoing evolution of M365 Information Security, Access, Protection & Governance.
Security Management
- Develop and implement security policies, procedures, and controls for M365.
- Monitor and respond to security incidents, vulnerabilities, and threats within the M365 environment.
- Conduct regular security assessments, audits, and penetration testing in collaboration with information security partners
- Collaborate with IT and security teams to design and enforce secure configurations.
Data Protection
- Implement data loss prevention (DLP) strategies and technologies
- Manage encryption, rights management, and data classification solutions.
- Ensure proper handling of sensitive and confidential information in accordance with data protection laws and regulations.
Compliance & Governance:
- Establish and maintain compliance with relevant regulations (e.g., GDPR, HIPAA, CCPA).
- Develop and enforce governance policies for data retention, archiving, and disposal.
- Create and maintain documentation for compliance audits and reporting.
- Conduct regular training and awareness programs on compliance and governance.
Risk Management:
- Identify, assess, and mitigate risks related to the M365 environment.
- Develop and maintain a risk management framework for M365.
- Collaborate with stakeholders to prioritize and address risks effectively.
Collaboration & Leadership
- Lead cross-functional teams to implement security, protection, and governance initiatives.
- Provide guidance and mentorship to junior team members.
- Stay updated on the latest M365 features, security trends, and regulatory changes.
Tactical Priorities
- Review and refine the efficacy of current information security & protection controls across M365 data sources. Examine M365 controls which encourage and enforce best practices. Identify and implement quick wins / low hanging fruit.
- Perform M365 Security Risk Assessment in collaboration with information security, legal, privacy and risk partners to identify risks and requisite controls, and implement effective processes and technology solutions to automate security controls and automated governance.
Strategic Objectives
- Develop an M365 Security, Protection & Governance Roadmap, including the evaluation and implementation of effective processes and technology solutions to automate security controls and governance. Implement a monthly forum to govern the efficacy of security controls and address potential / released risks and issues (supported by data, measures, and analytics)
- Azure Information Protection (AIP) Support the development of a plan to implement and operate AIP. This should include supporting the implementation of (a) an MVP to protect confidential information, and (b) the minimum configuration to avoid inappropriate sharing of confidential information externally.
- Information Protection User Education Support the refinement of training material around current policies, considering the evolution of collaboration and intelligence services to (a) reinforce individual responsibility, and (b) equip users with the knowledge to do the right thing in M365. Support the development of a roadmap around access control and data tagging responsibilities for end users of M365 data sources.
- Zero Trust Security Model Support the M365* implementation of a Zero Trust Security Model at Swift including (a) prevention, detection, and response, (b) associated policy refinements, (c) user education, (d) data classification, (e) data inventory, and (f) controls and governance.
- Legacy Data Management Support the definition of requirements for handling of legacy M365 data, including the development of timelines to automatically restrict access, conditional archiving / data removal. Implement associated controls in M365 to enforce requirements.
What will make you successful?
- Bachelor’s degree in Computer Science, Information Security, or a related field (Master’s degree preferred).
- Professional certifications such as CISSP, CISM, Microsoft Certified: Security, Compliance, and Identity Fundamentals, or equivalent.
- 10+ years of experience in information security, with significant experience in managing M365 environments.
- Proven expertise in M365 security technologies, including Microsoft Defender, Azure AD, Conditional Access, and Information Protection.
- Strong understanding of data protection laws, regulatory compliance frameworks, and governance best practices.
- Excellent leadership, strategic thinking, and communication skills.
- Ability to work effectively with cross-functional teams and manage complex projects.
You may want to reach out to the recruiter for more information via LinkedIn; Victor Ooi, Senior Talent Acquisition.
What we offer
We put you in control of career
We give you a competitive package
We help you perform at your best
We give you the freedom to be yourself
We give you the freedom to be yourself. We are creating an environment of unique individuals – like you – with different perspectives on the financial industry and the world. An environment in which everyone’s voice counts and where you can reach your full potential regardless of age, background, culture, colour, disability, gender, nationality, race, religion, or veteran/military status.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Audits Automation Azure C CCPA CISM CISSP Compliance Computer Science Encryption GDPR Governance HIPAA Pentesting Privacy Risk assessment Risk management RMF Security assessment SharePoint Strategy Vulnerabilities Windows Zero Trust
Perks/benefits: Career development
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.