Job Description

Company Profile:

Founded in 1976, CGI is among the largest independent IT and business consulting services firms in the world. With 94,000 consultants and professionals across the globe, CGI delivers an end-to-end portfolio of capabilities, from strategic IT and business consulting to systems integration, managed IT and business process services and intellectual property solutions. CGI works with clients through a local relationship model complemented by a global delivery network that helps clients digitally transform their organizations and accelerate results. CGI Fiscal 2024 reported revenue is CA$14.68 billion and CGI shares are listed on the TSX (GIB.A) and the NYSE (GIB). Learn more at cgi.com.



Position: Associate Consultant- Data Loss Prevention (DLP) Architect


Experience: 8-12 years

Category: Software Development/ Engineering

Shift: General Shift

Location: Bangalore/Hyderabad/Chennai/Pune/Mumbai

Position ID: J0126-0459

Employment Type: Full Time



Education Qualification: Bachelor's degree in computer science or related field or higher with minimum 8 years of relevant experience.



We are seeking a Data Loss Prevention (DLP) Architect with 5+ years of experience to lead the architecture, design, and technical governance of a Microsoft Purview DLP implementation for a large enterprise environment. The scope focuses on enabling unified detection, protection, and control of sensitive data across endpoints and Microsoft 365 workloads, including Office 365, OneDrive, SharePoint, and Microsoft Teams, while validating and optimizing existing email DLP.

You will work in a structured, phased delivery model (assessment design pilot enterprise rollout), collaborating closely with the Project Manager, Compliance Analyst, DLP Engineer, Data Governance Lead, and Trainer. This role is client-facing and requires strong consulting discipline, the ability to translate risk and compliance needs into actionable DLP controls, and the ability to scale policies safely through monitoring, tuning, and enforcement.

Your future duties and responsibilities

1) Architecture & Solution Design

Own the end-to-end DLP architecture using Microsoft Purview, aligned to the client's Microsoft 365, Azure, and Defender ecosystem. Define the DLP policy framework aligned to business data taxonomy/classification, sensitivity labels, and compliance requirements. Produce high-quality consulting deliverables (HLD/LLD, implementation approach, policy design, exception model, test strategy, cutover plan, and operational runbooks).

2) DLP Assessment, Discovery & Requirements

Lead kickoff and discovery workshops with Security, Compliance, Legal, HR, IT, and business stakeholders to clarify objectives, risk appetite, and success criteria. Review existing DLP posture (including current email DLP baseline rules) and assess gaps, overlaps, and improvement opportunities. Support data discovery and classification alignment activities (including leveraging existing foundations created by related information governance initiatives).

3) Policy Engineering, Configuration & Tuning Strategy

Define and guide configuration of Purview DLP policies across M365 workloads and endpoints (monitoring, alerts, user notifications, overrides/justifications, blocking actions). Drive a monitor tune enforce approach. Guide the implementation of classification mechanisms used by DLP:

o sensitivity labels and label behaviors,

o Sensitive Information Types (SITs), including out-of-the-box and (where needed) custom SITs,

o trainable classifiers (where relevant and justified).

4) Workstream Leadership Across "Data In Use / In Transit / At Rest"

Provide technical leadership across parallel DLP workstreams. Ensure consistent control coverage and reporting across endpoints and Microsoft 365 collaboration workloads.

5) Pilot Execution & Enterprise Rollout in Waves

Design and govern a controlled pilot phase (scope, success metrics, stakeholder readiness, feedback loop). Support enterprise rollout in controlled waves/batches (e.g., by Business Unit), ensuring readiness, risk mitigation, and minimal business disruption. Ensure scale-readiness for large endpoint, partnering with engineering teams on prerequisites and onboarding.

6) Alerting, Incident Response & Integration (Security Operations)

Define the DLP alert strategy and operational workflow: Integrate DLP operations with broader security tooling and processes where applicable (e.g., extending incidents/alerts into broader incident management platforms and dashboards).

7) Adoption, Training Enablement & Aftercare

Partner with the Trainer and Service Desk stakeholders to ensure:

o service desk readiness for incident triage and user support,

o end-user enablement (including microlearning approaches embedded into M365 user experience),

o clear user messaging that balances security and productivity.

Lead aftercare and optimization post go-live:

o evaluate initial configuration effectiveness,

o refine policies/labels,

o validate and expand blocking rules,

o drive measurable improvements in signal quality and policy adoption.

Contribute to optional transition pathways toward managed DLP operations (continuous monitoring and policy optimization).

Required qualifications to be successful in this role

Must have Skills-



5+ years of experience in information protection, data security, DLP, compliance security, or security architecture. Strong hands-on expertise designing and implementing Microsoft Purview DLP across Microsoft 365 workloads (Exchange/Email, SharePoint, OneDrive, Teams) and endpoints. Proven experience designing DLP policies aligned to:

o sensitive data types and classification,

o business process risk,

o regulatory/compliance requirements and internal controls.

Strong understanding of policy lifecycle: requirements design monitoring tuning enforcement operations/continuous improvement. Technical proficiency with relevant Microsoft security/compliance tooling, including:

o Microsoft Purview compliance portal / M365 Compliance capabilities,

o PowerShell for configuration/administration and reporting support,

o endpoint and device management concepts (e.g., Intune-based deployment readiness).

Strong stakeholder management and consulting delivery skills:

o workshop facilitation,

o clear written documentation,

o executive-ready communication,

o ability to work across global teams and client environments.



Strong Advantage (Preferred)

Microsoft security/compliance certifications (e.g., SC-400, SC-100, SC-200, AZ-500) or equivalent proven experience. Experience integrating DLP operations into broader SOC processes and dashboards (e.g., Sentinel and/or Microsoft Defender incident workflows). Experience with adjacent Microsoft Purview capabilities such as Insider Risk Management, Data Lifecycle Management/Retention, Records Management, and eDiscovery (where relevant to the operating model). Experience implementing DLP at enterprise scale (multi-country / multi-business unit rollouts; large endpoint estates). Familiarity with regulatory frameworks and privacy requirements relevant to global organizations (e.g., GDPR and other regional data protection obligations). Experience introducing automation for triage/reporting (e.g., Power Automate) and operational reporting (e.g., Power BI).

Together, as owners, let's turn meaningful insights into action.

Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because...



You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction.



Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.



You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.




Come join our team--one of the largest IT and business consulting services firms in the world.