Job Description

About the Role The Swift End User Services (EUS) Team is accountable for the strategy, design, delivery and operations of all workplace and workforce productivity and collaboration services. The foundational technologies include Microsoft Windows and M365, with the principal services being (a) end user devices, (b) video and voice services, (c) sharing and collaboration, (d) messaging and directory services, and (e) automation and productivity services.As we continue to expand our digital footprint and migrate to a Zero Trust Security framework, we are committed to ensuring the highest standards of security, protection, and governance for our Microsoft 365 (M365) environment. We are seeking a highly skilled and experienced professional to lead our M365 Security, Protection & Governance efforts.The M365 Security, Protection & Governance Lead will be responsible for overseeing the security, compliance, and governance of our Microsoft 365 environment. This role involves developing and implementing strategies to protect data, manage risk, ensure regulatory compliance, and establish governance frameworks. The ideal candidate will have a deep understanding of M365 security technologies, compliance requirements, and best practices for data protection and governance.The ideal candidate will have a deep understanding of M365 security technologies, compliance requirements, and best practices for data protection and governance.For reference, Swift\xe2\x80\x99s strategic productivity, collaboration and intelligence services are predominantly delivered through M365, but also includes offerings from other vendors. The primary M365 data sources include SharePoint, Teams, Exchange, and One-Drive.The M365 Security, Protection & Governance (Lead Senior Engineer) will report to the Head, EUS Architecture, Engineering and Security Compliance, and in the interim, to the Head, End User Services.What to Expect?Primary ResponsibilitiesRelationship Management

• Establish strong relationships with vendors and internal partners (information security & protection, legal, privacy and risk partners) focused toward supporting the ongoing evolution of M365 Information Security, Access, Protection & Governance.

Security Management

• Develop and implement security policies, procedures, and controls for M365.
• Monitor and respond to security incidents, vulnerabilities, and threats within the M365 environment.
• Conduct regular security assessments, audits, and penetration testing in collaboration with information security partners
• Collaborate with IT and security teams to design and enforce secure configurations.

Data Protection

• Implement data loss prevention (DLP) strategies and technologies
• Manage encryption, rights management, and data classification solutions.
• Ensure proper handling of sensitive and confidential information in accordance with data protection laws and regulations.

Compliance & Governance:

• Establish and maintain compliance with relevant regulations (e.g., GDPR, HIPAA, CCPA).
• Develop and enforce governance policies for data retention, archiving, and disposal.
• Create and maintain documentation for compliance audits and reporting.
• Conduct regular training and awareness programs on compliance and governance.

Risk Management:

• Identify, assess, and mitigate risks related to the M365 environment.
• Develop and maintain a risk management framework for M365.
• Collaborate with stakeholders to prioritize and address risks effectively.

Collaboration & Leadership

• Lead cross-functional teams to implement security, protection, and governance initiatives.
• Provide guidance and mentorship to junior team members.
• Stay updated on the latest M365 features, security trends, and regulatory changes.

Tactical Priorities

• Review and refine the efficacy of current information security & protection controls across M365 data sources. Examine M365 controls which encourage and enforce best practices. Identify and implement quick wins / low hanging fruit.
• Perform M365 Security Risk Assessment in collaboration with information security, legal, privacy and risk partners to identify risks and requisite controls, and implement effective processes and technology solutions to automate security controls and automated governance.

Strategic Objectives

• Develop an M365 Security, Protection & Governance Roadmap, including the evaluation and implementation of effective processes and technology solutions to automate security controls and governance. Implement a monthly forum to govern the efficacy of security controls and address potential / released risks and issues (supported by data, measures, and analytics)
• Azure Information Protection (AIP) Support the development of a plan to implement and operate AIP. This should include supporting the implementation of (a) an MVP to protect confidential information, and (b) the minimum configuration to avoid inappropriate sharing of confidential information externally.
• Information Protection User Education Support the refinement of training material around current policies, considering the evolution of collaboration and intelligence services to (a) reinforce individual responsibility, and (b) equip users with the knowledge to do the right thing in M365. Support the development of a roadmap around access control and data tagging responsibilities for end users of M365 data sources.
• Zero Trust Security Model Support the M365* implementation of a Zero Trust Security Model at Swift including (a) prevention, detection, and response, (b) associated policy refinements, (c) user education, (d) data classification, (e) data inventory, and (f) controls and governance.
• Legacy Data Management Support the definition of requirements for handling of legacy M365 data, including the development of timelines to automatically restrict access, conditional archiving / data removal. Implement associated controls in M365 to enforce requirements.

What will make you successful?

• Bachelor\xe2\x80\x99s degree in Computer Science, Information Security, or a related field (Master\xe2\x80\x99s degree preferred).
• Professional certifications such as CISSP, CISM, Microsoft Certified: Security, Compliance, and Identity Fundamentals, or equivalent.
• 10+ years of experience in information security, with significant experience in managing M365 environments.
• Proven expertise in M365 security technologies, including Microsoft Defender, Azure AD, Conditional Access, and Information Protection.
• Strong understanding of data protection laws, regulatory compliance frameworks, and governance best practices.
• Excellent leadership, strategic thinking, and communication skills.
• Ability to work effectively with cross-functional teams and manage complex projects.

You may want to reach out to the recruiter for more information via LinkedIn; , Senior Talent Acquisition.What we offerWe give you the freedom to be yourself. We are creating an environment of unique individuals \xe2\x80\x93 like you \xe2\x80\x93 with different perspectives on the financial industry and the world. An environment in which everyone\xe2\x80\x99s voice counts and where you can reach your full potential regardless of age, background, culture, colour, disability, gender, nationality, race, religion, or veteran/military status.

SWIFT