The role in one sentence
Lead the Microsoft Purview and M365 compliance lane of a 90-day governance engagement that turns a Fortune-class regulated enterprise’s data, DLP, and Copilot exposure surface into a classified, labeled, retained, audited capability — and convert into a PTM Fusion full-time hire on successful delivery.
Why this role exists
Proactive Technology Management (PTM) Fusion has committed to a 90-day governance program for a Fortune-class regulated enterprise client. The program has two delivery lanes running in parallel — Power Platform / Copilot Studio CoE & ALM and Microsoft Purview / M365 Compliance. This posting is for the Purview / M365 lane.
The engagement runs in two phases:
- Phase 1 — Discovery & Assess (30 days). Inventory the client’s M365 information protection posture: existing sensitivity labels, DLP policies, retention framework, audit configuration, classification accuracy, and Copilot AI exposure. Map current state against PTM and Microsoft baselines. Quantify the risk and ROI of remediation. Deliver a prioritized governance backlog.
- Phase 2 — Implement & Govern (60 days). Stand up a label taxonomy and auto-labeling policy. Deploy or tune DLP across Exchange, SharePoint, OneDrive, Teams, and Endpoint. Operationalize retention, records management, and audit. Configure Purview-for-Copilot DSPM-for-AI controls. Wire the whole estate into Azure Monitor and Log Analytics so governance posture is observable, not assumed.
You will work in lockstep with a Power Platform CoE / ALM specialist who owns the Power Platform side. The two lanes share a Solution Architecture Document, a milestone roadmap, and a value metric — so coordination matters.
What you'll deliver
- A complete inventory of existing Purview, DLP, retention, and audit configuration, with a risk-ranked gap analysis against PTM and Microsoft reference architectures.
- A sensitivity label taxonomy the business actually understands, with manual labeling guidance and auto-labeling policies (client-side and service-side) tuned for low false-positive rate.
- DLP policies across Exchange, SharePoint, OneDrive, Teams, and Endpoint DLP, with explicit incident triage, exception, and override workflows. Coordination with Power Platform DLP through the Power Platform lane.
- A retention label and policy framework covering record categories, disposition review, and litigation-hold posture.
- Microsoft Purview Audit configuration (Standard or Premium tier as scoped), audit log retention, and export pipeline to the client’s downstream SIEM.
- Microsoft Compliance Manager assessment selection, improvement-action plan, and executive reporting cadence.
- Purview for Copilot governance — DSPM-for-AI configuration, sensitivity-aware grounding rules, prompt and response audit, and red-team review of high-exposure agents in coordination with the Power Platform lane.
- Azure Monitor and Log Analytics observability — diagnostic settings on M365 audit and DLP signals, KQL workbooks for label coverage, DLP incident rate, retention drift, and AI prompt-risk indicators, alert rules on policy drift, and an executive dashboard reporting against the value metric agreed during Discovery.
- Solution Architecture Document (SAD), Solution Design Document (SDD), and milestone roadmap authored against PTM templates and reviewed under our Maker-Checker discipline.
Who you are
You can sit with a Chief Information Security Officer at 9 a.m., a records-management lead at 11 a.m., and a SharePoint admin at 2 p.m. — and leave each conversation with the same coherent governance picture in mind. You communicate in plain language to business owners and in precise technical terms to engineers, often in the same meeting.
You believe a label taxonomy is a product, not a deliverable. You measure success in incidents avoided, audits passed, and ROI delivered — not in policies authored.