Data Loss Prevention (DLP) Architect – Microsoft Purview

Position Description:

We are seeking a Data Loss Prevention (DLP) Architect with 5 years of experience to lead the architecture design and technical governance of a Microsoft Purview DLP implementation for a large enterprise environment. The scope focuses on enabling unified detection protection and control of sensitive data across endpoints and Microsoft 365 workloads including Office 365 OneDrive SharePoint and Microsoft Teams while validating and optimizing existing email DLP.
You will work in a structured phased delivery model (assessment design pilot enterprise rollout) collaborating closely with the Project Manager Compliance Analyst DLP Engineer Data Governance Lead and Trainer. This role is client-facing and requires strong consulting discipline the ability to translate risk and compliance needs into actionable DLP controls and the ability to scale policies safely through monitoring tuning and enforcement.

Your future duties and responsibilities:

Key Responsibilities

1) Architecture & Solution Design
Own the end-to-end DLP architecture using Microsoft Purview aligned to the clients Microsoft 365 Azure and Defender ecosystem.
Define the DLP policy framework aligned to business data taxonomy/classification sensitivity labels and compliance requirements.
Produce high-quality consulting deliverables (HLD/LLD implementation approach policy design exception model test strategy cutover plan and operational runbooks).

2) DLP Assessment Discovery & Requirements
Lead kickoff and discovery workshops with Security Compliance Legal HR IT and business stakeholders to clarify objectives risk appetite and success criteria.
Review existing DLP posture (including current email DLP baseline rules) and assess gaps overlaps and improvement opportunities.
Support data discovery and classification alignment activities (including leveraging existing foundations created by related information governance initiatives).

3) Policy Engineering Configuration & Tuning Strategy
Define and guide configuration of Purview DLP policies across M365 workloads and endpoints (monitoring alerts user notifications overrides/justifications blocking actions).
Drive a monitor tune enforce approach:
- Start in monitoring/audit mode to validate detections and reduce false positives.
- Tune rule conditions thresholds exclusions and user experience prompts.
- Progressively enable blocking/enforcement for high-confidence scenarios.
Guide the implementation of classification mechanisms used by DLP:
- Sensitivity labels and label behaviors
- Sensitive Information Types (SITs) including out-of-the-box and (where needed) custom SITs
- Trainable classifiers (where relevant and justified).

4) Workstream Leadership Across Data In Use / In Transit / At Rest
Provide technical leadership across parallel DLP workstreams:
- Data in use (endpoint/user actions)
- Data in transit (sharing/exfiltration scenarios)
- Data at rest alignment (policy tuning based on discovery/classification outputs and stored content visibility).
Ensure consistent control coverage and reporting across endpoints and Microsoft 365 collaboration workloads.

5) Pilot Execution & Enterprise Rollout in Waves
Design and govern a controlled pilot phase (scope success metrics stakeholder readiness feedback loop).
Support enterprise rollout in controlled waves/batches (e.g. by Business Unit) ensuring readiness risk mitigation and minimal business disruption.
Ensure scale-readiness for large endpoint populations (e.g. 10000 endpoints) partnering with engineering teams on prerequisites and onboarding.

6) Alerting Incident Response & Integration (Security Operations)
Define the DLP alert strategy and operational workflow:
- alert severity and triage model
- evidence requirements
- escalation paths and resolution SLAs
- reporting and governance cadence.
Integrate DLP operations with broader security tooling and processes where applicable (e.g. extending incidents/alerts into broader incident management platforms and dashboards).

7) Adoption Training Enablement & Aftercare
Partner with the Trainer and Service Desk stakeholders to ensure:
- service desk readiness for incident triage and user support
- end-user enablement (including microlearning approaches embedded into M365 user experience)
- clear user messaging that balances security and productivity.
Lead aftercare and optimization post go-live:
- evaluate initial configuration effectiveness
- refine policies/labels
- validate and expand blocking rules
- drive measurable improvements in signal quality and policy adoption.
Contribute to optional transition pathways toward managed DLP operations (continuous monitoring and policy optimization).

Required qualifications to be successful in this role:

5 years of experience in information protection data security DLP compliance security or security architecture.
Strong hands-on expertise designing and implementing Microsoft Purview DLP across Microsoft 365 workloads (Exchange/Email SharePoint OneDrive Teams) and endpoints.
Proven experience designing DLP policies aligned to:
- sensitive data types and classification
- business process risk
- regulatory/compliance requirements and internal controls.
Strong understanding of policy lifecycle: requirements design monitoring tuning enforcement operations/continuous improvement.
Technical proficiency with relevant Microsoft security/compliance tooling including:
- Microsoft Purview compliance portal / M365 Compliance capabilities
- PowerShell for configuration/administration and reporting support
- endpoint and device management concepts (e.g. Intune-based deployment readiness).
Strong stakeholder management and consulting delivery skills:
- workshop facilitation
- clear written documentation
- executive-ready communication
- ability to work across global teams and client environments.

Strong Advantage (Preferred):
Microsoft security/compliance certifications (e.g. SC-400 SC-100 SC-200 AZ-500) or equivalent proven experience.
Experience integrating DLP operations into broader SOC processes and dashboards (e.g. Sentinel and/or Microsoft Defender incident workflows).
Experience with adjacent Microsoft Purview capabilities such as Insider Risk Management Data Lifecycle Management/Retention Records Management and eDiscovery (where relevant to the operating model).
Experience implementing DLP at enterprise scale (multi-country / multi-business unit rollouts; large endpoint estates).
Familiarity with regulatory frameworks and privacy requirements relevant to global organizations (e.g. GDPR and other regional data protection obligations).
Experience introducing automation for triage/reporting (e.g. Power Automate) and operational reporting (e.g. Power BI).

Success Profile at CGI:
Client-first mindset with the ability to operate as a trusted advisor in complex security and compliance environments.
Strong collaboration across roles (PM engineering compliance governance training) with clear ownership and follow-through.
Pragmatic risk-based approach: delivers meaningful protection while minimizing business disruption.
High standards of consulting professionalism: structured documentation repeatable methods clear governance and measurable outcomes.
Continuous improvement orientation: uses telemetry incidents and feedback to refine policies and improve signal quality over time.
Resilient and adaptable in fast-paced delivery environments with multiple stakeholders and evolving requirements.

Skills:

• Analytical Thinking
• Security Architecture

What you can expect from us:

Together as owners lets turn meaningful insights into action.

Life at CGI is rooted in ownership teamwork respect and belonging. Here youll reach your full potential because

You are invited to be an owner from day 1 as we work together to bring our Dream to life. Thats why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our companys strategy and direction.

Your work creates value. Youll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas embrace new opportunities and benefit from expansive industry and technology expertise.

Youll shape your career by joining a company built to grow and last. Youll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

Come join our teamone of the largest IT and business consulting services firms in the world.