Microsoft Compliance / Purview Consultant
Location
Austria
Posted
2 days ago
Salary
€100K / year
Seniority
Mid Level
No structured requirement data.
Job Description
Microsoft Compliance / Purview Consultant
DL Remote
Role Description Wir besetzen aktuell eine Rolle als Microsoft Compliance / Purview Consultant (m/w/d) bei einem stark wachsenden IT-Beratungshaus, das sich unter anderem auf innovative Microsoft Lösungen spezialisiert hat. In dieser Position setzt du Projekte bei unterschiedlichen Kunden um, berätst und führst Workshops zu Themen mit Microsoft Compliance und/oder Azure Purview Fokus durch. - Biete umfassende Fachberatung für unsere Kunden im Bereich Microsoft Compliance-Lösungen (u. a. Purview, DLP, IRM, Records Management, Advanced eDiscovery, Audit, Communication Compliance, Information Protection) - Entwickle, gestalte und implementiere robuste Compliance-Lösungen speziell für Enterprise-Architekturen. - Führe Workshops und gezielte Schulungen für Endanwender und technische Fachkräfte durch. - Leiste technische Unterstützung bei komplexen Fragestellungen und erarbeite effektive Lösungsansätze. - Erstelle präzise und detaillierte technische Dokumentationen sowie strategische Konzepte. - Gestalte aktiv die Weiterentwicklung unseres Compliance-Portfolios und der internen Expertise mit. Qualifications - Mehrjährige Berufserfahrung als Microsoft Experte mit Fokus auf Microsoft 365 Lösungen. - Fundierte Erfahrungen mit Microsoft Compliance und/oder Azure Purview Komponenten. - Praktische Kenntnisse der Microsoft O365-Dienste wie Exchange Online, SharePoint, Teams und OneDrive. - Sicheres Verständnis des Datenschutzrechts, insbesondere der EU-DSGVO. - Grundlegendes Verständnis von Entra ID (ehemals Azure AD), speziell im Bereich Identity & Governance. - Erfahrung mit weiteren Microsoft Security- und Compliance-Diensten (z. B. Microsoft Defender, eDiscovery, Insider Risk Management, Audit Logs). - Sehr gute Deutschkenntnisse (C1) und gute Englischkenntnisse (B2). - Ausgeprägte analytische und konzeptionelle Fähigkeiten sowie Kommunikationsstärke. Requirements - In dieser Rolle kannst du fully remote innerhalb Österreich arbeiten. - Solltest Du für diese Rolle umziehen oder reisen, dann werden Deine Relocation bzw. Reisekosten natürlich übernommen. Benefits - Attraktives Gehaltspaket bis zu 100.000€ plus Bonus. - Firmenfahrzeug ab dem 3. Monat, auch zur privaten Nutzung. - Möglichkeit zum Bike-Leasing für ein topmodernes Firmenrad. - Option auf eine 4-Tage-Woche für optimale Work-Life-Balance. - Sportzuschuss für Fitnessstudios, Alpenverein oder Sportvereine. - Ein flexibler Remote-Setup mit hoher individueller Freiheit und Mitarbeiterzufriedenheit (Kununu). Next Steps Wenn Du Dich hier bewirbst, dann schicken wir Dir zusätzliche Infos zum Unternehmen, zur Rolle und zum Gehalt, um Deinen Entscheidungsprozess zu unterstützen. Wenn Du weiterhin interessiert bist, laden wir Dich zu einem ersten Gespräch ein.
Related Guides
Related Categories
Related Job Pages
More Compliance Jobs
Compliance and Risk Manager
HexionHexion is a global manufacturer of thermoset resins and specialty products for a broad range of industrial and consumer markets. The company, formerly known as
Title: Compliance and Risk Manager - US Remote Location: Columbus, OH, US Department: Corporate Job Description: Company Overview Hexion is a global leader in specialty chemicals, delivering innovative solutions that improve performance, sustainability, and efficiency across industries. Our manufacturing operations span multiple continents, integrating complex Operational Technology (OT) environments with enterprise IT systems. As regulatory expectations and cyber risk continue to evolve, Hexion is investing in a mature Governance, Risk, and Compliance (GRC) function to protect our business, our customers, and the integrity of our operations. The Compliance and Risk Manager is a critical role in that function — translating regulatory requirements into operational controls and ensuring that risk is measured, managed, and communicated with rigor. Position Overview The Compliance and Risk Manager is a senior practitioner responsible for designing, implementing, and continuously improving Hexion's information security compliance and enterprise risk management programs. This role requires deep expertise across ISO 27001, ISO 27017, ISO 27018, SOC 2 Type II, CIS Controls (Levels 1 and 2), and NIST 800-53, with a clear ability to map controls across frameworks and translate requirements into practical, auditable processes. This role ensures: - Hexion maintains certification and audit readiness across all applicable compliance frameworks - Enterprise risk is identified, assessed, tracked, and reported with a consistent, repeatable methodology - Controls are operationalized — not just documented — across IT and OT environments - Compliance obligations in manufacturing and OT contexts are understood and addressed - Security and risk posture is communicated clearly to executive leadership and the Board This is a practitioner's role. The ideal candidate has spent years in the field — conducting audits, writing controls, managing risk registers, and preparing organizations for certification. They bring the authority of deep experience, the discipline of a compliance professional, and the judgment of a senior risk advisor. Work Environment & Travel - This is a remote-first position with periodic travel to Hexion manufacturing facilities, partner locations, and auditor or certification body engagements as required (~10–15%). One-Line Summary - Own Hexion's compliance and risk management programs across ISO 27001/17/18, SOC 2, CIS Controls, and NIST — ensuring that controls are real, risks are measured, and the organization is audit-ready every day of the year. Job Responsibilities 1. Compliance Program Management (ISO 27001 / 27017 / 27018) Own Hexion's ISO 27001 Information Security Management System (ISMS) and related cloud-specific extensions: - Maintain ISO 27001 certification — manage the full audit lifecycle including internal audits, surveillance audits, and recertification, leveraging ISO 27002. - Apply ISO 27017 controls cloud service security, governing Hexion's obligations as both a cloud service customer and, where applicable, a cloud service provider - Implement ISO 27018 controls for protection of personally identifiable information (PII) in cloud environments - Manage the Statement of Applicability (SoA), control selection rationale, and exceptions register - Drive continuous improvement of the ISMS through management review cycles, nonconformity tracking, and corrective action management - Coordinate with external certification bodies, manage audit evidence packages, and facilitate auditor access 2. SOC 2 Type II Program Lead Hexion's SOC 2 compliance program across all applicable Trust Services Criteria: - Define and maintain SOC 2 control mapping across Security, Availability, Confidentiality, Processing Integrity, and Privacy categories - Manage common controls library — identify controls that satisfy multiple frameworks simultaneously to reduce compliance overhead - Coordinate readiness assessments and work with external auditors throughout the Type II observation period - Oversee evidence collection workflows, vendor attestation, and control testing documentation - Track and resolve audit exceptions and management responses - Communicate SOC 2 report status to customers and prospects in coordination with sales and legal 3. CIS Controls Implementation (Levels 1 and 2) Operationalize the CIS Controls as the enterprise's security baseline framework: - Maintain the CIS Controls implementation roadmap, tracking adoption across all 18 control families - Prioritize and govern IG1 (basic cyber hygiene) and IG2 (foundational) controls across IT and OT environments - Partner with security engineering to implement and validate technical controls mapped to CIS safeguards - Measure and report CIS Controls maturity using CIS CSAT or equivalent tooling - Use CIS Controls as a practical lens for remediation prioritization and risk reduction sequencing Additional Job Responsibilities 4. NIST 800-53 & Enterprise Risk Framework Maintain fluency in NIST 800-53 and apply it to enterprise risk governance: - Map organizational controls to NIST 800-53 control families to support federal customer requirements, supply chain diligence, and internal governance - Leverage NIST 800-53 as a reference framework for control gap analysis and risk treatment prioritization - Apply NIST Risk Management Framework (RMF) concepts to information system authorization and risk acceptance decisions - Maintain control crosswalks across ISO 27001, SOC 2, CIS Controls, NIST 800-53, and NIST CSF to reduce duplicated effort and provide unified risk visibility and leverage ISO 27005 risk framework. 5. Controls Design, Testing & Assurance Own the internal controls assurance program: - Design, document, and maintain the enterprise controls library — mapping each control to owning team, testing frequency, and framework coverage - Execute and manage the internal control testing calendar, coordinating evidence collection with control owners across IT, OT, and business functions - Identify control deficiencies, document findings, and drive remediation to closure with defined timelines - Develop control self-assessment (CSA) programs to extend assurance coverage without reliance solely on external audits - Implement GRC tooling to automate evidence collection, control monitoring, and reporting (e.g., ServiceNow GRC, OneTrust, Drata, Vanta) 6. Policy & Standards Governance Maintain the policy architecture that underpins the compliance program: - Own the information security policy library — drafting, reviewing, publishing, and retiring policies on a defined lifecycle cadence - Ensure policies are mapped to applicable control frameworks and regulatory requirements - Manage policy exception process — intake, risk assessment, approval, and time-bound tracking - Coordinate policy acknowledgment and awareness campaigns with HR and business unit leadership Competencies - Framework fluency — you can navigate ISO 27001, SOC 2, CIS Controls, and NIST without needing to look up the basics - Controls precision — you write controls that are specific, testable, and defensible under audit scrutiny - Risk judgment — you distinguish material risk from noise and help leadership make informed decisions, not just consume reports - Operational credibility — you understand how manufacturing and OT environments work and design compliance requirements that are implementable on the plant floor - Stakeholder influence — you earn trust with engineering, legal, finance, and operations by being practical, clear, and consistent - Audit readiness — you maintain an organization's readiness posture year-round, not in a scramble before the auditor arrives Leadership Expectations - Serve as the enterprise subject matter expert on information security compliance, risk management, and control frameworks - Build a compliance culture that is embedded in business processes — not bolted on at audit time - Influence cross-functional partners without direct authority — driving accountability for controls across teams that do not report to security - Translate complex regulatory requirements into plain-language business guidance that operational leaders can act on - Represent compliance and risk in vendor evaluations, M&A due diligence, and enterprise architecture discussions - Maintain credibility that comes only from experience — auditors, regulators, and business leaders alike should view this role as the authority on Hexion's compliance posture Minimum Qualifications - Bachelor's degree in Information Security, Computer Science, Business Administration, or related field (Master's preferred) - 7+ years of progressive experience in information security compliance, GRC, or risk management roles - Demonstrated, hands-on experience managing ISO 27001 certification programs — including internal audits, SoA management, and external audit coordination - Deep knowledge of ISO 27017 and ISO 27018 cloud security and privacy controls - Practical SOC 2 Type II experience — control design, evidence collection, auditor management, and exception resolution - Proficiency with CIS Controls (IG1 and IG2) including control mapping, gap assessment, and implementation road mapping - Working knowledge of NIST 800-53 control families and the NIST Risk Management Framework - Experience operating enterprise risk management programs — risk registers, treatment plans, risk reporting to leadership - Ability to build and maintain control crosswalks across multiple frameworks (ISO, SOC 2, CIS, NIST) - Strong written communication — able to produce policy documents, audit evidence packages, and executive risk reports Preferred Qualifications Experience with: - OT/ICS environments — familiarity with IEC 62443, NIST SP 800-82, or industrial cybersecurity frameworks - Manufacturing or chemical industry regulatory landscape (OSHA PSM, EPA RMP, REACH, or similar) - Third-party risk management (TPRM) programs and vendor risk assessment methodologies - GDPR, CCPA, or other data privacy regulatory frameworks Certifications (any of the following valued): - CISM (Certified Information Security Manager) - CRISC (Certified in Risk and Information Systems Control) - ISO 27001 Lead Auditor or Lead Implementer - CISSP, CCSP, or CGEIT - SOC 2 practitioner credentials (AICPA TSC or equivalent) Other We are an Equal Opportunity, Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to gender, pregnancy, race, national origin, religion, age, sexual orientation, gender identity, veteran or military status, status as a qualified individual with a disability or any other characteristic protected by law. To be considered for this position candidates are required to submit an application for employment through our career site and, be at least 18 years of age. Any offer of employment will be conditioned upon successful completion of a drug test and background investigation, as well as authorization for the Company to conduct additional periodic background checks as required by the Chemical Facility Anti-Terrorism Standards (CFATS) or regulations adopted by the department of Homeland Security or other regulatory agencies. A prior criminal record is not an automatic bar to employment, and the Company will conduct an individualized assessment and reassessment, consistent with applicable law, prior to making any final employment decision.
Title: Senior Governance and Compliance Analyst Location: Manchester, United Kingdom; Philadelphia, Pennsylvania Job Description: Senior Governance and Compliance Analyst Location: Manchester, UK / Yardley, PA, USA, (Hybrid) About Inizio Inizio is a global partner to health and life sciences organisations, delivering specialist expertise across the product and patient journey. Through Global Finance Services (GFS), we provide high-quality, efficient and compliant finance operations that support business performance worldwide. Role Overview Reporting to the Governance and Compliance Lead, we are seeking a Senior Governance and Compliance Analyst within the Order to Cash (OTC) function to support governance, controls and compliance activities across our GFS Order-to-Cash function. You will have a genuine curiosity for AI and the appetite to own and champion the AI agents that are transforming how our OTC function operates, executing control self-assessment testing, preparing audit evidence, monitoring governance performance and supporting oversight of AI-assisted and automated OTC processes. Working closely with OTC process teams, you will contribute to audit readiness, governance reporting, controls monitoring and the effective delivery of the OTC governance framework. Here's what you'll be doing Governance, Controls & Compliance - Support maintenance of the OTC controls register across revenue, billing, collections and cash application. - Execute Control Self-Assessment (CSA) testing and track remediation actions. - Identify and document control gaps and exceptions. - Prepare and collate audit evidence packs for internal and external audit. - Support audit readiness assessments. - Monitor and report OTC quality, KPI and SLA performance metrics. - Produce controls dashboards, audit status trackers and risk logs. - Maintain OTC process documentation and SOPs - Support ad hoc governance and compliance activities as the OTC function evolves. AI Ownership, Curiosity and Continuous Improvement - Own AI agents deployed within the OTC function, including agents built by others, ensuring they perform as intended, remain fit for purpose and are continuously improved over time. - Lead validation and acceptance testing of AI agents prior to deployment, defining what good looks like, documenting results and ensuring outputs meet accuracy and control standards before go-live. - Work with the Governance and Compliance Lead to ensure controls and audit trail requirements are embedded into AI agent design from the outset, not retrofitted after deployment. - Monitor AI agents in production, maintaining exception logs, identifying performance issues and escalating anomalies to the Governance and Compliance Lead. - Monitor SLA performance and exception reporting for the external AI-powered collections service and the automated cash application bot. - Assess the control implications of changes to AI-enabled and automated OTC processes, documenting findings and supporting the Governance and Compliance Lead in go-live decisions. - Maintain clear documentation of AI agent scope, behaviour, data flows and control points to support audit readiness and knowledge transfer across the OTC team. - Champion AI curiosity across the OTC team, inspiring colleagues to explore how AI tools can improve day-to-day processes, reduce manual effort and surface better insight. - Identify and bring forward opportunities where AI agents could drive continuous improvement across OTC processes, translating ideas into well-formed proposals for the Governance and Compliance Lead. What you'll bring Qualifications & Experience - Bachelor's degree (or equivalent professional qualification) in Finance, Accounting, Business Administration or a related discipline. - Part-qualified or fully qualified ACA, ACCA, CIMA or equivalent beneficial. - Demonstrated relevant experience across finance operations with OTC exposure. - Experience supporting SOX or equivalent controls testing, audit activity and governance reporting. - Demonstrable curiosity about AI and its application in finance operations. - Experience within a shared services or GBS environment is essential. Technical & Operational Expertise - Working knowledge of OTC controls across billing, collections and cash application. - Understanding of SOX or equivalent controls frameworks and CSA methodology. - Strong analytical, reporting and dashboard production skills. - An interest in how AI tools are being applied in finance and shared services, with a willingness to develop practical knowledge of how agents work, how their outputs are validated and how they are governed. - An analytical mindset and attention to detail that translates naturally into defining what good looks like - whether for a controls test, a governance standard or an AI agent output. - Familiarity with Oracle Fusion or Maconomy is advantageous. Problem Solving & Innovation - Investigate governance exceptions, evidence gaps and control issues. - Resolve routine governance matters independently and escalate complex findings. - Support continuous improvement of governance processes and controls. Stakeholder Management & Communication - Build effective relationships with Governance, OTC, Audit and GFS stakeholders. - Communicate clearly with auditors and process teams regarding evidence and controls. - Work collaboratively across the shared services organisation. Performance, Impact & Ways of Working - High attention to detail and commitment to governance quality. - Ability to manage multiple priorities across controls testing, audit cycles and AI build workstreams. - Collaborative team player who brings analytical rigour. Why join us You'll play a distinctive role at the intersection of finance controls and AI - strengthening governance and audit readiness across Inizio's global Order-to-Cash function while leading the OTC team's AI curiosity and owning the agents that are reshaping how we work. This is a rare opportunity to shape how AI is adopted, governed and continuously improved in a finance function that is genuinely in transformation. Don't meet every job requirement? That's okay! Our company is dedicated to building an inclusive and authentic workplace. If you're excited about this role, but your experience doesn't perfectly fit every qualification, we encourage you to apply anyway. You may be just the right person for this role or others.
• Designing, implementing, and continuously improving Hexion's information security compliance and enterprise risk management programs • Own Hexion's ISO 27001 Information Security Management System (ISMS) and related cloud-specific extensions • Lead Hexion's SOC 2 compliance program • Operationalize the CIS Controls as the enterprise's security baseline framework • Maintain fluency in NIST 800-53 and apply it to enterprise risk governance • Own the internal controls assurance program
Compliance Administration Assistant
VirtualStaff365Based in Melbourne, we save you time & money by finding talented, skilled virtual staff in Philippines & South Africa
• Maintain compliance files and technical documentation systematically • Organise and maintain filing systems and document control structures • Rename, merge, and update compliance files and folder structures • Keep Declarations of Conformity up to date • Verify warning labels, care instructions, barcodes, and country of origin information against compliance checklists • Log customer quality complaints and track product defects • Coordinate product samples between suppliers and testing laboratories • Follow up with suppliers and laboratories for testing reports and documentation • Coordinate social audits with suppliers and maintain testing schedules • Liaise with international suppliers and labs to resolve pending documentation • Manage outbound calls to suppliers and laboratories as required • Enter and maintain product information in the ERP system • Upload social audit information into Microsoft Dynamics AX • Upload compliance and quality information into Salsify • Assist with data entry for chemical assessments • Coordinate Electrical Equipment Safety System renewals for approval • Prepare weekly compliance reports and track outstanding documentation


