Information Security Senior Engineer

The Information Security Senior Engineer is primarily responsible for designing, implementing, and managing the Firm's data governance, compliance, and information protection policies by enabling and supporting Microsoft Purview. This individual will ensure technical capabilities are in place to ensure that sensitive Client and Firm data is appropriately classified, labeled, monitored, and secured in alignment with regulatory requirements, contractual obligations, and Firm-specific policies. The Senior Engineer acts as a subject matter expert, collaborating with cross-functional teams - including our Applications Team, Records Management, Data and AI Team as well as Risk and Privacy -to enable robust data protection, lifecycle management, and eDiscovery processes. This role will also participate in incident response activities involving data loss prevention, insider risk, and compliance alerts, ensuring timely investigation, containment, and remediation. In addition, the Senior Engineer will contribute to the Firm's overall Data Security and Compliance Strategy, driving the adoption of best practices and advanced capabilities within the Microsoft ecosystem.

Design, configure, and maintain Microsoft Purview solutions for data classification, labeling, retention, and compliance in alignment with Firm policies and regulatory requirements.
• Implement and manage data security controls, including Information Protection policies, Data Loss Prevention (DLP), Insider Risk Management, and eDiscovery workflows.
• Implement policies to protect sensitive Client and Firm data through classification, labeling, encryption, access governance, and monitoring across Microsoft 365, Azure, and integrated environments.
• Work with Records Management, Data Governance IT Risk and other teams to develop, enforce, and maintain compliance policies, ensuring consistent application of regulatory, contractual, and Firm-specific data protection requirements.
• Build and optimize automated data governance workflows, enabling lifecycle management, secure data sharing, and defensible disposition of records in accordance with Firm strategy.
• Integrate Purview insights and alerts into Security Operations, incident response, and GRC processes to strengthen visibility, detection, and remediation of data-related risks.
• Collaborate with Records Management, Data Governance, IT, Security, Legal, and Compliance teams to design policies and processes that balance regulatory obligations, client requirements, and business operations.
• Monitor and respond to Purview compliance alerts, investigating potential risks such as data leakage, insider threats, or policy violations, and recommending remediation.
• Participate in risk assessments, audits, and compliance efforts related to data governance and regulatory frameworks (e.g., ISO 27001, GDPR, CCPA, HIPAA).
• Stay current with emerging data governance technologies, compliance regulations, and best practices, ensuring the Firm continues to mature its use of Microsoft Purview capabilities.

Salaries vary by location and are based on numerous factors, including, but not limited to, the relevant market, skills, experience, and education of the selected candidate. If an estimated salary range for this role is available, it will be provided in our Target Salary Range section. Our compensation package also includes bonus eligibility and a comprehensive benefits program. Benefits information can be found at Sidley.com/Benefits.

To perform this job successfully, an individual must be able to perform the Duties and Responsibilities (Duties) above satisfactorily and meet the requirements below. The requirements listed below are representative of the minimum knowledge, skill, and/or ability required. Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of the job. If you need such an accommodation, please email staffrecruiting@sidley.com (current employees should contact Human Resources).

Education and/or Experience:

Required:

• Bachelor's degree in Computer Science, Information Security, Information Governance, or a related field is required.
• Minimum of 5 years of experience in security engineering, compliance engineering, or data governance, with a strong focus on Microsoft 365 and Microsoft Purview solutions.
• Hands-on experience implementing and managing Microsoft Purview capabilities such as Information Protection, Data Loss Prevention (DLP), Insider Risk Management, Records Management, and eDiscovery.
• Practical knowledge of Microsoft 365 security and compliance tools. Strong PowerShell scripting experience.
• Strong understanding of data governance principles, regulatory compliance requirements (e.g., GDPR, CCPA, HIPAA, ISO 27001), and information lifecycle management.
• Demonstrated ability to assess, troubleshoot, and remediate data protection, compliance, and information governance issues in Microsoft 365 environments.

Preferred:

• Relevant Microsoft certifications such as Microsoft Certified: Information Protection Administrator Associate, Security Operations Analyst Associate, or Azure Security Engineer Associate (AZ-500).
  
• Advanced security and compliance certifications such as CISSP, CISM, CCSP, or Security+.
  
• Experience in the legal, financial services, or other highly regulated industries with strict client data governance and compliance requirements.
• Hands-on experience with data security and insider risk tools such as Varonis, Digital Guardian, or Cyberhaven
• Familiarity with SIEM/SOAR platforms for correlating and responding to Purview alerts.
• Demonstrated ability to support large-scale legal hold, records management, and eDiscovery processes in global organizations.
• Strong knowledge of regulatory compliance frameworks such as GDPR, CCPA, HIPAA, ISO 27001, and client-driven contractual requirements.

Other Skills and Abilities:

The following will also be required of the successful candidate:

• Strong organizational skills
• Strong attention to detail
• Good judgment
• Strong interpersonal communication skills
• Strong analytical and problem-solving skills
• Able to work harmoniously and effectively with others
• Able to preserve confidentiality and exercise discretion
• Able to work under pressure
• Able to manage multiple projects with competing deadlines and priorities

Sidley Austin LLP is an Equal Opportunity Employer

#LI-Hybrid

#LI-HM1