We are seeking a skilled Microsoft 365 Security Administrator or IAM Specialist to lead a security enhancement project within the CMS network. The role focuses on designing and implementing conditional access policies, identity governance, and security best practices across Microsoft 365, ensuring only authorized and compliant access to corporate systems.

Key Responsibilities:

1. Identity & Access Management

• Perform a comprehensive cleanup of existing users:
  

  • Identify and disable/delete inactive or former users based on a predefined list.
    

  • Ensure only current employees have active access.
    

• Design and configure security groups to manage tiered access:
  

  • Admins (with tailored conditional access policies)
    

  • Standard Users
    

  • High-Risk Users (with additional security policies)
    

  • Location-specific users
    

• Implement location-specific access control policies:
  

  • Full app and web access for users in Ireland and India
    

  • Web-only access for other regions (with an exception group)
    

  • Block access from China and Russia
    

  • Define trusted locations based on IP ranges
    

2. Conditional Access Configuration

• Enforce conditional access rules for desktop apps to allow usage only from compliant (managed) devices
  

• Create exception groups for legitimate non-compliant access as needed
  

• Block offline access to OneDrive and SharePoint to prevent data leakage
  

3. Multi-Factor Authentication (MFA)

• Enforce MFA for all users across the organization
  

• Ensure all sign-ins meet security compliance policies
  

4. Emergency Access & Admin Roles

• Create and configure break-glass accounts for emergency access scenarios
  

• Review and optimize admin role assignments to follow least-privilege principles
  

5. Microsoft Purview (Compliance & DLP)

• Ensure Microsoft Purview is configured correctly:
  

  • Information protection
    

  • Data loss prevention
    

  • Insider risk management
    

  • Audit and compliance configurations
    

Required Skills and Experience:

• Proven experience with Microsoft 365 Security & Compliance tools
  

• Strong understanding of Azure Active Directory, conditional access policies, and identity governance
  

• Hands-on experience with:
  

  • Microsoft Intune (for device compliance)
    

  • Microsoft Defender, Purview, OneDrive, and SharePoint
    

  • Creating and managing security groups and roles
    

  • Multi-Factor Authentication (MFA) configuration
    

  • IP-based access policies and location-based controls
    

• Familiarity with Zero Trust security models and best practices
  

• Experience working with sensitive data environments or regulated industries is a plus
  

Requirements

Certifications (Preferred):

• Microsoft Certified: Identity and Access Administrator Associate
  

• Microsoft Certified: Security Administrator Associate
  

• CompTIA Security+ or equivalent security-focused certifications
  

Soft Skills:

• Strong communication and documentation skills
  

• Ability to collaborate across security, IT, and compliance teams
  

• Structured approach to problem solving and policy implementation