M365 Security Manager

M365 Security Manager

Information Security & Risk Management (ISRM)

Role Overview

The Manager M365 Security is responsible for the strategic leadership governance engineering and operational security of the firms Microsoft 365 ecosystem. This includes Microsoft Defender suite Purview Compliance & Information Protection Entra ID Exchange Online Protection (EOP) SharePoint/OneDrive security Teams governance Conditional Access secure configuration baselines and M365integrated identity/security controls.

This leader oversees global operations across security compliance identity protection data governance threat detection policy enforcement and M365centric incident response. The role partners extensively with cloud engineering network security SOC legal risk data governance and M365 platform teams to ensure strong alignment between business objectives and security strategy.

Key Responsibilities

1. Strategy & Governance

• Define and execute the enterprise M365 security strategy ensuring alignment with the broader ISRM program (in line with responsibilities described for senior IT security leadership roles).
• Establish and maintain M365 security policies standards and baselines across Entra EOP Defender and Purview compliance controls.
• Continuously evaluate emerging threats Microsoft roadmap changes and regulatory requirements to maintain a strong M365 security posture (referencing ongoing threat research expectations).
• Govern sensitive data protection using Microsoft Purview tools including retention DLP information protection and eDiscovery.

2. M365 Security Engineering & Architecture

• Lead engineering and configuration of Defender for Office 365 Defender for Endpoint Defender for Cloud Apps Defender for Identity and related components.
• Oversee implementation of Conditional Access MFA strategy session controls and identitycentric security aligned with IDP and zero trust best practices (as highlighted in M365 recruitment guidelines).
• Architect secure configurations for Exchange Online SharePoint OneDrive Teams and related platform services with governance alignment.
• Ensure appropriate telemetry integration with SIEM/SOAR systems and cloud security analytics.

3. Operational Management & Incident Response

• Manage M365 threat protection operations including phishing defense malware detection EOP/Defender tuning alert triage and escalation workflows (reflecting real M365 incident operational patterns).
• Lead M365related incident response for credential phishing OAuth misuse compromised mailboxes suspicious Teams activity and data leakage.
• Oversee coordination with external tool vendors MSSPs/MSPs and Microsoft support during major incidents.
• Maintain operational runbooks response workflows and incident documentation.

4. Data Governance & Compliance (Purview)

• Manage global deployment and maintenance of data retention schedules records management legal hold classification and DLP policies in the M365 environment.
• Ensure compliance with ISO 27001 GDPR SOX HIPAA and internal data governance policies through M365native controls.
• Partner with Legal Compliance and Data Governance teams for eDiscovery privacy impact assessments and policy refinement.

5. Identity & Access Security

• Oversee Entra ID security including conditional access identity protection privileged identity management (PIM) and lifecycle governance.
• Ensure alignment with secure access principles such as least privilege continuous access evaluation and device compliance integration.

6. Collaboration & CrossFunctional Engagement

• Work closely with Cloud Engineering SOC Endpoint Security Network Security Data Governance and IT Operations to ensure consistent implementation of M365 security controls.
• Provide guidance for M365 onboarding/integration in M&A activities new business units and cloud modernisation projects.

7. Leadership & Team Management

• Lead and mentor a global team of M365 security engineers analysts and compliance specialists (aligned with expectations for senior managerial roles).
• Develop training and career progression plans to enhance capabilities in M365 security governance and automation.
• Promote a culture of securityfirst thinking within the M365 platform teams.

Required Qualifications

• Bachelors degree in Cybersecurity Information Technology Computer Science or related discipline; Masters preferred.
• 10 years in cybersecurity with deep handson experience in Microsoft 365 security including Defender Purview Entra Exchange Online SharePoint/OneDrive and Teams.
• Strong experience in configuration and administration of M365 compliance tools: Purview Retention Policies DLP Audit Sensitivity Labels.
• Proficient in Conditional Access identity governance email authentication standards (SPF/DKIM/DMARC) and secure collaboration controls (as highlighted in M365 screening criteria).
• Demonstrated leadership in cloud security operations threat defense and incident response.
• Preferred certifications:
  • Microsoft Certified: Cybersecurity Architect (SC100)
  • Microsoft Security Operations Analyst (SC200)
  • Microsoft Information Protection Administrator (SC400)
  • CISSP / CISM or equivalent.

Preferred Qualifications

• Experience managing major M365 incidents crossteam coordination and vendor escalations.
• Familiarity with modern AIbased controls and Copilot security considerations (referencing M365 Copilot readiness discussions).
• Experience with automation using PowerShell KQL Graph API or M365 security center APIs.

• Experience supporting global or multiregion enterprises.

#LI-KS1