Associate Consultant- Data Loss Prevention (DLP) Architect

Position Description:

Company Profile:
Founded in , CGI is among the largest independent IT and business consulting services firms in the world. With 94, consultants and professionals across the globe, CGI delivers an end-to-end portfolio of capabilities, from strategic IT and business consulting to systems integration, managed IT and business process services and intellectual property solutions. CGI works with clients through a local relationship model complemented by a global delivery network that helps clients digitally transform their organizations and accelerate results. CGI Fiscal reported revenue is CA$14.68 billion and CGI shares are listed on the TSX (GIB.A) and the NYSE (GIB). Learn more at .

Position: Associate Consultant- Data Loss Prevention (DLP) Architect
Experience: 8-12 years
Category: Software Development/ Engineering
Shift: General Shift
Location: Bangalore/Hyderabad/Chennai/Pune/Mumbai
Position ID: J-
Employment Type: Full Time

Education Qualification: Bachelor’s degree in computer science or related field or higher with minimum 8 years of relevant experience.

We are seeking a Data Loss Prevention (DLP) Architect with 5+ years of experience to lead the architecture, design, and technical governance of a Microsoft Purview DLP implementation for a large enterprise environment. The scope focuses on enabling unified detection, protection, and control of sensitive data across endpoints and Microsoft workloads, including Office , OneDrive, SharePoint, and Microsoft Teams, while validating and optimizing existing email DLP.
You will work in a structured, phased delivery model (assessment → design → pilot → enterprise rollout), collaborating closely with the Project Manager, Compliance Analyst, DLP Engineer, Data Governance Lead, and Trainer. This role is client-facing and requires strong consulting discipline, the ability to translate risk and compliance needs into actionable DLP controls, and the ability to scale policies safely through monitoring, tuning, and enforcement.

Your future duties and responsibilities:

1) Architecture & Solution Design
• Own the end-to-end DLP architecture using Microsoft Purview, aligned to the client’s Microsoft , Azure, and Defender ecosystem.
• Define the DLP policy framework aligned to business data taxonomy/classification, sensitivity labels, and compliance requirements.
• Produce high-quality consulting deliverables (HLD/LLD, implementation approach, policy design, exception model, test strategy, cutover plan, and operational runbooks).
2) DLP Assessment, Discovery & Requirements
• Lead kickoff and discovery workshops with Security, Compliance, Legal, HR, IT, and business stakeholders to clarify objectives, risk appetite, and success criteria.
• Review existing DLP posture (including current email DLP baseline rules) and assess gaps, overlaps, and improvement opportunities.
• Support data discovery and classification alignment activities (including leveraging existing foundations created by related information governance initiatives).
3) Policy Engineering, Configuration & Tuning Strategy
• Define and guide configuration of Purview DLP policies across M workloads and endpoints (monitoring, alerts, user notifications, overrides/justifications, blocking actions).
• Drive a monitor → tune → enforce approach.
• Guide the implementation of classification mechanisms used by DLP:
o sensitivity labels and label behaviors,
o Sensitive Information Types (SITs), including out-of-the-box and (where needed) custom SITs,
o trainable classifiers (where relevant and justified).
4) Workstream Leadership Across “Data In Use / In Transit / At Rest”
• Provide technical leadership across parallel DLP workstreams.
• Ensure consistent control coverage and reporting across endpoints and Microsoft collaboration workloads.
5) Pilot Execution & Enterprise Rollout in Waves
• Design and govern a controlled pilot phase (scope, success metrics, stakeholder readiness, feedback loop).
• Support enterprise rollout in controlled waves/batches (e.g., by Business Unit), ensuring readiness, risk mitigation, and minimal business disruption.
• Ensure scale-readiness for large endpoint, partnering with engineering teams on prerequisites and onboarding.
6) Alerting, Incident Response & Integration (Security Operations)
• Define the DLP alert strategy and operational workflow:
• Integrate DLP operations with broader security tooling and processes where applicable (e.g., extending incidents/alerts into broader incident management platforms and dashboards).
7) Adoption, Training Enablement & Aftercare
• Partner with the Trainer and Service Desk stakeholders to ensure:
o service desk readiness for incident triage and user support,
o end-user enablement (including microlearning approaches embedded into M user experience),
o clear user messaging that balances security and productivity.
• Lead aftercare and optimization post go-live:
o evaluate initial configuration effectiveness,
o refine policies/labels,
o validate and expand blocking rules,
o drive measurable improvements in signal quality and policy adoption.
• Contribute to optional transition pathways toward managed DLP operations (continuous monitoring and policy optimization).

Required qualifications to be successful in this role:

Must have Skills-

• 5+ years of experience in information protection, data security, DLP, compliance security, or security architecture.
• Strong hands-on expertise designing and implementing Microsoft Purview DLP across Microsoft workloads (Exchange/Email, SharePoint, OneDrive, Teams) and endpoints.
• Proven experience designing DLP policies aligned to:
o sensitive data types and classification,
o business process risk,
o regulatory/compliance requirements and internal controls.
• Strong understanding of policy lifecycle: requirements → design → monitoring → tuning → enforcement → operations/continuous improvement.
• Technical proficiency with relevant Microsoft security/compliance tooling, including:
o Microsoft Purview compliance portal / M Compliance capabilities,
o PowerShell for configuration/administration and reporting support,
o endpoint and device management concepts (e.g., Intune-based deployment readiness).
• Strong stakeholder management and consulting delivery skills:
o workshop facilitation,
o clear written documentation,
o executive-ready communication,
o ability to work across global teams and client environments.

Strong Advantage (Preferred)
• Microsoft security/compliance certifications (e.g., SC-, SC-, SC-, AZ-) or equivalent proven experience.
• Experience integrating DLP operations into broader SOC processes and dashboards (e.g., Sentinel and/or Microsoft Defender incident workflows).
• Experience with adjacent Microsoft Purview capabilities such as Insider Risk Management, Data Lifecycle Management/Retention, Records Management, and eDiscovery (where relevant to the operating model).
• Experience implementing DLP at enterprise scale (multi-country / multi-business unit rollouts; large endpoint estates).
• Familiarity with regulatory frameworks and privacy requirements relevant to global organizations (e.g., GDPR and other regional data protection obligations).
• Experience introducing automation for triage/reporting (e.g., Power Automate) and operational reporting (e.g., Power BI).

Skills: