Microsoft Data Security Consultant

THIS IS A HYBRID ROLE YOU ARE REQUIRED TO BE IN THE OFFICE 3 DAYS A WEEK

TOP SKILLS YOU MUST HAVE:

• data access governance
• data classification
• data labelling
• policy defining
• Microsoft purview
• service-now

Project Overview

The Data Security Consultant will support Project Osprey’s Data Protection & Data Governance program to plan and execute the safe data exception migration and Microsoft sensitivity labeling for existing files and email content being transferred to NewCo. The consultant will provide hands‐on configuration guidance, cross‐team coordination, documentation, and operational readiness deliverables to ensure controlled, auditable, and compliant transfer and labeling of sensitive assets.

Scope of Services

The consultant will perform the following activities:

• Review and update the existing SOW, roadmap, and detailed project plan; document and communicate any scope or schedule changes.
• Kick off and coordinate separation and transfer activities related to Microsoft sensitivity labeling and associated enforcement policies.
• Identify, copy, and catalogue Safe Data Program artifacts (SOPs, knowledge articles, ITForMe content) required for NewCo operations.
• Work with IAM to create/configure Safe Data exception groups for USB, fileshare, and webmail use cases in NewCo.
• Coordinate with ServiceNow to replicate and automate exception intake (individual and bulk), and integrate the intake process with IAM workflows.
• Produce a Safe Data Exception inventory that identifies in‐scope users and maps migration needs for USB, fileshare, and webmail exceptions.
• Collaborate with Security Engineering and End User Services (EUS) to define the recommended methodology for configuring and migrating Microsoft sensitivity labels and enforcement policies (subject to Microsoft technical decisions).
• Deliver detailed project artifacts: workstream project plans, timelines, storyboards, step‐by‐step runbooks, FAQs, and training materials for operational teams.
• Produce regular status reporting (monthly and quarterly), capture stakeholder feedback, and highlight milestones, risks, issues, and opportunities.
• Provide ongoing Data Security consultation and subject‐matter expert support throughout the engagement.

Key Deliverables

• Updated SOW, roadmap, and change log.
• Kickoff briefing and separation/transfer plan for sensitivity labeling.
• Catalog of Safe Data Program artifacts (SOPs, knowledge articles, ITForMe).
• Configured IAM exception groups and documented configuration steps.
• ServiceNow exception intake design and automation specification, with IAM integration.
• Safe Data Exception inventory (CSV/recorded dataset) with migration recommendations.
• Technical approach and recommendation for Microsoft sensitivity label configuration and policy enforcement.
• Workstream project plans, timelines, storyboards, runbooks, training deck, and user FAQs.
• Monthly and quarterly status reports and a final engagement closeout report.

Responsibilities & Coordination

• Consultant: lead technical design, runbooks, documentation, status reporting, and stakeholder coordination.
• Partner with IAM Team: configure exception groups, support integration testing.
• Partner ServiceNow Team: implement intake automation and bulk intake capabilities.
• Partner with MS, Security Engineering & EUS: define and implement label enforcement and migration approach.
• Project Stakeholders / NewCo representatives: provide access to required systems, approve exception inventories, and participate in acceptance testing.

Assumptions

• Microsoft sensitivity label migration approach and enforcement options are available and agreed with Microsoft / Security Engineering prior to execution of large‐scale migrations.
• Necessary access, documentation, and stakeholders from IAM, ServiceNow, Security Engineering, and EUS will be made available in a timely manner.
• Exception intake and IAM integration can be implemented using existing ServiceNow and IAM capabilities or with minor configuration/customization.
• Any third‐party licensing, tooling, or Microsoft professional services required are procured separately and are out of scope unless explicitly added.

Reporting & Governance

• Weekly working sessions with core teams during active workstreams.
• Monthly steering updates and a quarterly executive summary.
• Issue/risk log maintained and escalated according to project governance.

Acceptance Criteria

• Updated SOW/roadmap approved by project sponsor.
• ServiceNow intake and IAM exception groups deployed and demonstrably integrated in a test environment.
• Safe Data Exception inventory validated by stakeholders.
• Sensitivity label configuration approach validated in lab/test and documented.
• Training materials, runbooks, and closeout report delivered and accepted by operational owners.

Qualifications

• Bachelor’s degree in IT, Cybersecurity, Privacy, Law, or a related field, or equivalent practical experience.
• 3–5+ years’ experience in data protection, privacy, or security, with hands‐on experience in secured data protection and sensitivity labeling.
• Practical experience with Microsoft sensitivity labeling technologies (e.g., MS Purview) and endpoint/data protection tooling.
• Strong analytical skills and clear written and verbal communication.
• Demonstrated ability to work across IAM, ServiceNow, Security Engineering, and EUS teams.
• Knowledge of regional data protection considerations relevant to the project.
• Commitment to confidentiality and adherence to NDAs.

Work Environment & Logistics

• Onsite, remote, or hybrid arrangements available as agreed with Project Osprey stakeholders.
• Consultant will coordinate travel and onsite presence with the project manager where required.

HCLTech is an equal opportunity employer, committed to providing equal employment opportunities to all applicants and employees regardless of race, religion, sex, color, age, national origin, pregnancy, sexual orientation, physical disability or genetic information, military or veteran status, or any other protected classification, in accordance with federal, state, and/or local law. Should any applicant have concerns about discrimination in the hiring process, they should provide a detailed report of those concerns to secure@hcltech.com for investigation.

A candidate’s pay within the range will depend on their work location, skills, experience, education, and other factors permitted by law. This role may also be eligible for performance-based bonuses subject to company policies. In addition, this role is eligible for the following benefits subject to company policies: medical, dental, vision, pharmacy, life, accidental death & dismemberment, and disability insurance; employee assistance program; 401(k) retirement plan; 10 days of paid time off per year (some positions are eligible for need-based leave with no designated number of leave days per year); and 10 paid holidays per year.

Pay and Benefits Pay Range Minimum: $55per hour

Pay Range Maximum: $70 per hour

Job Types: Full-time, Contract

Pay: $55.00 - $70.00 per hour

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Parental leave
• Vision insurance

Work Location: Hybrid remote in East Brunswick, NJ 08816