Description :

Role Overview :

We are seeking a Security Architect and IAM Engineer to implement and validate security controls for the Data Normalisation Project, ensuring secure data access, governance, and compliance across Microsoft Fabric, Purview, PowerBI, and Azure platforms.

This role focuses on role-based access, information protection, and DLP implementation for a large-scale data harmonisation initiative currently in discovery phase transitioning to full business case implementation.

Key Responsibilities :

Security Architecture & IAM Implementation :

- Implement and validate role group asset mappings using OneSecurity/Entra ID and Fabric security models.

- Document shortcut inheritance behavior and interplay between Row-Level Security (RLS) and Column-Level Security (CLS).

- Develop and deliver repeatable access test packs (permit/deny scenarios) with audit-proof evidence.

Information Protection & DLP :

- Define and implement sensitivity label taxonomy with default, auto-apply, and inheritance patterns.

- Configure DLP policies for Fabric egress paths to prevent sensitive data exfiltration.

- Establish audit-proof test evidence procedures for compliance validation.

Technical Delivery & Governance :

- Support technical design execution including success criteria, KPIs, governance framework, and tool selection.

- Contribute to work package delivery, team composition planning, NFRs definition, and operationalisation roadmap.

- Implement access management framework aligned with project security requirements.

Required Technical Expertise :

Core Platforms :

- Microsoft Fabric (security model, workspace governance, item-level permissions).

- Microsoft Purview (data governance, sensitivity labels, DLP policies).

- PowerBI (RLS/CLS implementation, embedding security).

- Azure/Entra ID (OneSecurity, role-based access, group management).

- ServiceNow (IAM workflows, access requests).

Data Tools :

- DBT (data transformation security, lineage protection).

Security & Compliance :

- Role based access control (RBAC) at enterprise scale.

- Sensitivity labeling strategies and inheritance patterns.

- DLP configuration for cloud data platforms.

- RLS/CLS implementation and testing methodologies.

Required Experience :

- 5+ years in Security Architecture and IAM Engineering for cloud data platforms.

- Proven experience implementing governance and access models at scale.

- Hands on delivery of OneSecurity mappings, sensitivity labels, and DLP policies.

- Experience with Microsoft Fabric security model and Fabric-Purview integration.

Nice to Have Skills :

- AI-assisted security tooling for governance automation and access modeling.

- Experience with complex shortcut inheritance patterns in Fabric workspaces.

- Audit and compliance frameworks for regulated industries.

Project Context :

- Data Normalisation Project : Streamlining data across systems with approved target architecture, data privacy assessment, and recommended schema.

- Tech Stack : Microsoft Fabric, Purview, PowerBI, Azure, EntraID/ServiceNow, DBT.

- Current Phase : Discovery (Grid Dynamics support) Full business case implementation.

- Deliverables : Technical roadmap, governance framework, access management, security validation.

- This role requires deep Microsoft Fabric security expertise combined with practical IAM implementation experience to ensure secure, compliant data platform delivery at enterprise scale.