Job Description
Location: Nottingham (Hybrid, 2 days/ week in the office)
Role Purpose
We are seeking an experienced Microsoft systems and security professional to enhance IT security across the Group, including Team17, StoryToys and astragon studios.
This role covers Microsoft 365, Entra ID, Intune, Defender, endpoint security, and security tools, and involves developing security governance, standards, risk management, and operational security practices.
This position is well-suited to a Microsoft 365 or Intune specialist seeking to advance into a broader IT Security Manager role.
This role supports Group IT and collaborates closely with IT Operations, Platform Engineering, legal, and external security partners.
Key Responsibilities
Microsoft 365, Identity & Endpoint Management
- Administer, optimise, and secure Microsoft 365 services, including Exchange Online, SharePoint Online, MS Teams, Entra ID, Intune, and Defender and Azure
- Manage identity controls, including MFA, Conditional Access, PIM, RBAC, and access governance.
- Maintain endpoint security baselines, compliance policies, patching, and device configuration standards.
- Act as technical SME for Microsoft cloud, identity, and endpoint technologies.
Security Operations & Tooling
- Own operational engagement with Arctic Wolf and related security partners.
- Support and improve Microsoft Defender across endpoint, identity, email, and cloud workloads.
- Lead vulnerability management, remediation tracking, and security posture improvement.
- Coordinate security incidents, monitoring, escalation, and post-incident reviews.
Security Governance & Risk Management
· Own the security roadmap, risk register, and security improvement plan.
· Define and maintain security standards, policies, and technical baselines.
· Manage cyber insurance, audits, compliance evidence, and supplier security reviews.
· Govern security assets, ensuring ownership, visibility, and lifecycle management of security-relevant systems and endpoints.
· Provide security reporting and ensure risks, exceptions, and remediation actions are tracked.
Identity & Access Governance
- Lead access reviews and privileged access reviews.
- Ensure that least privilege, access control, and segregation of duties are applied.
- Support audit requirements for identity and access management.
Security Architecture & Technology Assurance
- Provide security review and design input for new systems, integrations, and projects.
- Ensure technical solutions align with Group security standards.
- Work with Platform Engineering and IT Operations to improve resilience and operational security.
AI Security & Emerging Technology Governance
- Support the secure adoption, governance, and risk management of AI technologies, including Microsoft Copilot and emerging AI platforms.
Operational Resilience & Security Readiness
- Support business continuity, disaster recovery, and cyber resilience planning.
- Coordinate security tabletop exercises and lessons learned.
Required Experience
- Strong hands-on Microsoft 365 administration, including Exchange Online, SharePoint Online, Teams, Entra ID, Intune, and Defender.
- Microsoft Active Directory (on-prem) and Azure
- Supporting Windows and Mac endpoint environments.
- Implementing security baselines, compliance policies, and endpoint controls.
- Managing identity and access controls, including MFA, Conditional Access, and privileged access.
- Supporting vulnerability management and security remediation.
- Troubleshooting, problem-solving, communication, and stakeholder management skills.
- Collaboration with Legal teams
Advantageous Experience
- Managed SOC services, such as Arctic Wolf.
- Microsoft Purview, DLP, Information Protection, and compliance tooling.
- Cyber insurance, ISO27001, or similar compliance frameworks.
- Gaming, software, technology, or digital entertainment environments.
- Exposure to DevOps / Platform Engineering tools such as Git, Perforce, TeamCity, Terraform, Ansible, Datadog, or AWS.
- Collaboration with the legal team
- Integrations with HR systems for JML purposes
- Mimecast administration
- Halcyon, Exclaimer and Keeper
