Description
M365 Security Manager
Information Security & Risk Management (ISRM)
Role Overview
The Manager – M365 Security is responsible for the strategic leadership, governance, engineering, and operational security of the firm's Microsoft 365 ecosystem. This includes Microsoft Defender suite, Purview Compliance & Information Protection, Entra ID, Exchange Online Protection (EOP), SharePoint/OneDrive security, Teams governance, Conditional Access, secure configuration baselines, and M365‑integrated identity/security controls.
This leader oversees global operations across security, compliance, identity protection, data governance, threat detection, policy enforcement, and M365‑centric incident response. The role partners extensively with cloud engineering, network security, SOC, legal, risk, data governance, and M365 platform teams to ensure strong alignment between business objectives and security strategy.
Key Responsibilities
1. Strategy & Governance
* Define and execute the enterprise M365 security strategy, ensuring alignment with the broader ISRM program (in line with responsibilities described for senior IT security leadership roles).
* Establish and maintain M365 security policies, standards, and baselines across Entra, EOP, Defender, and Purview compliance controls.
* Continuously evaluate emerging threats, Microsoft roadmap changes, and regulatory requirements to maintain a strong M365 security posture (referencing ongoing threat research expectations).
* Govern sensitive data protection using Microsoft Purview tools, including retention, DLP, information protection, and eDiscovery.
2. M365 Security Engineering & Architecture
* Lead engineering and configuration of Defender for Office 365, Defender for Endpoint, Defender for Cloud Apps, Defender for Identity, and related components.
* Oversee implementation of Conditional Access, MFA strategy, session controls, and identity‑centric security aligned with IDP and zero trust best practices (as highlighted in M365 recruitment guidelines).
* Architect secure configurations for Exchange Online, SharePoint, OneDrive, Teams, and related platform services with governance alignment.
* Ensure appropriate telemetry integration with SIEM/SOAR systems and cloud security analytics.
3. Operational Management & Incident Response
* Manage M365 threat protection operations, including phishing defense, malware detection, EOP/Defender tuning, alert triage, and escalation workflows (reflecting real M365 incident operational patterns).
* Lead M365‑related incident response for credential phishing, OAuth misuse, compromised mailboxes, suspicious Teams activity, and data leakage.
* Oversee coordination with external tool vendors, MSSPs/MSPs, and Microsoft support during major incidents.
* Maintain operational runbooks, response workflows, and incident documentation.
4. Data Governance & Compliance (Purview)
* Manage global deployment and maintenance of data retention schedules, records management, legal hold, classification, and DLP policies in the M365 environment.
* Ensure compliance with ISO 27001, GDPR, SOX, HIPAA, and internal data governance policies through M365‑native controls.
* Partner with Legal, Compliance, and Data Governance teams for eDiscovery, privacy impact assessments, and policy refinement.
5. Identity & Access Security
* Oversee Entra ID security, including conditional access, identity protection, privileged identity management (PIM), and lifecycle governance.
* Ensure alignment with secure access principles such as least privilege, continuous access evaluation, and device compliance integration.
6. Collaboration & Cross‑Functional Engagement
* Work closely with Cloud Engineering, SOC, Endpoint Security, Network Security, Data Governance, and IT Operations to ensure consistent implementation of M365 security controls.
* Provide guidance for M365 onboarding/integration in M&A activities, new business units, and cloud modernisation projects.
7. Leadership & Team Management
* Lead and mentor a global team of M365 security engineers, analysts, and compliance specialists (aligned with expectations for senior managerial roles).
* Develop training and career progression plans to enhance capabilities in M365 security, governance, and automation.
* Promote a culture of security‑first thinking within the M365 platform teams.
Required Qualifications
* Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related discipline; Master's preferred.
* 10+ years in cybersecurity with deep, hands‑on experience in Microsoft 365 security including Defender, Purview, Entra, Exchange Online, SharePoint/OneDrive, and Teams.
* Strong experience in configuration and administration of M365 compliance tools: Purview, Retention Policies, DLP, Audit, Sensitivity Labels.
* Proficient in Conditional Access, identity governance, email authentication standards (SPF/DKIM/DMARC), and secure collaboration controls (as highlighted in M365 screening criteria).
* Demonstrated leadership in cloud security operations, threat defense, and incident response.
* Preferred certifications:
o Microsoft Certified: Cybersecurity Architect (SC‑100)
o Microsoft Security Operations Analyst (SC‑200)
o Microsoft Information Protection Administrator (SC‑400)
o CISSP / CISM or equivalent.
Preferred Qualifications
* Experience managing major M365 incidents, cross‑team coordination, and vendor escalations.
* Familiarity with modern AI‑based controls and Copilot security considerations (referencing M365 Copilot readiness discussions).
* Experience with automation using PowerShell, KQL, Graph API, or M365 security center APIs.
* Experience supporting global or multi‑region enterprises.
#LI-KS1