Microsoft Security Architect Manager

KPMG has had a presence in Qatar for nearly 47 years We opened for business in Qatar in 1977 and are now one of the largest and most prestigious professional services firms in the country KPMG in Qatar employs over 350 professional staff and partners We recruit the best and brightest from around the world and currently employ 28 nationalities For our clients this means we provide Audit Tax and Advisory services locally drawing on the latest thinking and best practice from around the world Business Unit Overview KPMG s Advisory practice is one of the largest Advisory businesses worldwide and the major growth area for our organization Our services are focused on Finance Function and we work with clients in identifying and tackling their challenges in Growth Governance and Performance Our Advisory teams support businesses as they restructure and expand whether organically or by acquisition We help them to become more efficient and provide support as they adapt to the challenges posed by a rapidly changing business environment Role Overview The Microsoft Security Architect will lead the assessment design and governance of the client s Microsoft security architecture ensuring alignment with the client s IT environment security frameworks and applicable regulatory requirements The role focuses on assessing current state in alignment with Qatar Reference Architecture and defining gaps and devising remediation and delivering a secure targetstate across Microsoft Purview Microsoft Entra Identity Access Microsoft Defender Endpoint Device Microsoft Sentinel SIEM SOAR or Azure security translating security requirements into implementable designs policies and technical controls Primary Job Responsibilities Accountabilities 1 Assess Microsoft Security Posture Review current security configuration and gaps across Azure including EntraID PIM Purview Entra Priva CoPilot Defender suite of products and Sentinel etc Document risks misconfigurations and prioritized improvement actions 2 Design TargetState Security Architecture Define endtoend security architecture aligned to ZeroTrust Architecture ZTA for relevant environments Produce required blueprints design artifacts e g HLD LLD standards configuration baselines Produce security patterns to be adopted for securebydesign adoption 3 Define Security Requirements Compliance Mapping Define Implement published policies Corporate ConditionalAccessPolicies into azure policies and policy initiatives and establish blueprints Activate monitoring of compliance using compliance manager and activate within Defender for cloud and ensure continuous compliance monitoring Translate business and regulatory needs into clear security requirements and a compliance matrix mapped to Microsoft controls Ensure coverage of access control logging monitoring data protection encryption retention and DR BC 4 Govern Implementation Operational Readiness Act as design authority during delivery validating secure implementation and integration across the Microsoft stack Support SOC readiness for Sentinel Defender including use cases automation and handover documentation 5 Stakeholder Engagement Reporting Lead workshops present design decisions and risks and deliver concise reports and a phased security roadmap Qualification and Experience Bachelor s degree in Computer Science Cybersecurity Information Systems or a related discipline 10 years of cybersecurity experience including strong handson and architecture leadership across Microsoft security solutions Proven experience designing and securing environments using o Microsoft Purview o Microsoft Priva o Microsoft Compliance Manager o Microsoft Entra Identity Access Security o Microsoft Defender Suite Cloud Server Identity Container etc o ARC o Microsoft Sentinel o Azure security architecture and governance Strong capabilities in security architecture control design risk assessment documentation and governance Experience working with compliance frameworks and audit evidence requirements industry and or local regulations as applicable Certifications Strongly Preferred o SC100 Microsoft Cybersecurity Architect preferred mandatory o SABSA TOGAF o SC200 Security Operations Analyst o SC300 Identity and Access Administrator o SC401 Information Security Administrator o AZ500 Azure Security Engineer Associate