Job Description

Key Responsibilities Group Policy Management Manage GPOs to enforce enterprise standards across users, computers, and servers. Maintain GPO versioning, inheritance, and filtering. Align GPO configurations with security benchmarks (e.g., CIS). Document GPO configurations and support internal/external audits. Azure RBAC & Identity Governance Design and implement enterprise-wide RBAC models using least privilege principles. Manage custom roles, built-in roles, role assignments, and deny assignments. Develop and deploy RBAC configurations as code using Terraform. Administer Entra ID conditional access, MFA, and identity protection policies. Maintain audit logs, access reviews, and compliance evidence. Security & Compliance Ensure alignment with organizational security standards and regulatory requirements. Collaborate with security teams to enforce identity and access controls. Support vulnerability assessments and remediation planning. Collaboration & Documentation Work closely with Infrastructure, Security, Application, and Architecture teams. Engage with regional and country IT heads to align engineering solutions with business needs. Maintain documentation for identity configurations, policies, and operational procedures. Mentor junior engineers and contribute to knowledge sharing. Required Experience 12-17 years in technology infrastructure. 6+ years in designing and supporting IT cloud solutions at a global or regional level. Strong experience with Azure identity and access management, GPOs, and RBAC. Technical Skills Deep understanding of: Azure AD (Entra ID), Conditional Access, MFA RBAC models and role management GPO configuration and security alignment Terraform and Infrastructure-as-Code (IaC) Strong communication and documentation skills. Experience with audit readiness and compliance reporting. Certifications (Preferred) Microsoft Certified: Azure Security Engineer Associate Microsoft Certified: Azure Solutions Architect Expert