Purview Product Owner

About The Position

Requirements

• 5+ years of experience in Microsoft 365 Security & Compliance, with 3+ years focused on Purview capabilities.
• Bachelor’s degree in Computer Science, Information Technology, or related field (or equivalent experience).
• Expertise in Information Protection, Data Lifecycle Management, DLP (including Endpoint DLP), and Insider Risk Management.
• Proficiency with Microsoft Entra ID RBAC/PIM, Graph API, PowerShell automation, and SIEM integrations.
• Strong understanding of compliance boundaries, multi-geo architecture, and regulatory frameworks (GDPR, HIPAA, PCI).
• Experience designing controls for AI usage, including governance for sensitive data in AI models and mitigating risks of data leakage or overexposure.

Nice To Haves

• Enterprise architecture and technical leadership.
• Risk-based decision making and governance maturity.
• Stakeholder engagement and executive communication.
• Change management and adoption strategy.
• Automation and integration mindset (PowerShell, Graph, CI/CD).
• Awareness of AI compliance and data protection strategies.

Responsibilities

• Define multi-year Purview capability roadmap aligned to enterprise compliance objectives.
• Architect auto-labeling solutions using trainable classifiers, sensitive info types, and adaptive scopes.
• Design and implement automated retention policies and defensible disposition workflows.
• Deploy tiered DLP policies across M365 and endpoints; integrate Insider Risk Management controls.
• Integrate telemetry into Microsoft Sentinel or similar SIEM systems and automate policy lifecycle via PowerShell and Graph API.
• Establish governance, change management, and stakeholder engagement processes for compliance controls.
• Monitor new Microsoft Purview features monthly, specifically assessing their relevance to YUM’s M365 tenant in alignment with data protection policies.
• Implement purview features across M365 including Fabric components.
• Develop and implement Purview controls to govern AI usage globally, ensuring sensitive data is protected and reducing risk of data exfiltration or overexposure in AI workflows.