Microsoft Security Architect - Manager

About KPMG Qatar
KPMG has had a presence in Qatar for nearly 47 years. We opened for business in Qatar in 1977 and are now one of the largest and most prestigious professional services firms in the country.

KPMG in Qatar employs over 350 professional staff and partners. We recruit the best and brightest from around the world and currently employ 28 nationalities. For our clients, this means we provide Audit, Tax and Advisory services locally, drawing on the latest thinking and best practice from around the world.

Business Unit Overview
KPMG's Advisory practice is one of the largest Advisory businesses worldwide and the major growth area for our organization. Our services are focused on Finance Function, and we work with clients in identifying and tackling their challenges in Growth, Governance and Performance. Our Advisory teams support businesses as they restructure and expand, whether organically or by acquisition. We help them to become more efficient and provide support as they adapt to the challenges posed by a rapidly changing business environment

Role Overview
The Microsoft Security Architect will lead the assessment, design, and governance of the client’s Microsoft security architecture, ensuring alignment with the client’s IT environment, security frameworks and applicable regulatory requirements.

The role focuses on assessing current state in alignment with Qatar Reference Architecture and defining gaps and devising remediation and delivering a secure target-state across Microsoft Purview, Microsoft Entra (Identity & Access), Microsoft Defender (Endpoint & Device), Microsoft Sentinel (SIEM/SOAR) or Azure security, translating security requirements into implementable designs, policies, and technical controls.

Primary Job Responsibilities & Accountabilities:
1. Assess Microsoft Security Posture
• Review current security configuration and gaps across Azure including EntraID, PIM, Purview, Entra, Priva, CoPilot, Defender suite of products, and Sentinel, etc..
• Document risks, misconfigurations, and prioritized improvement actions.

2. Design Target-State Security Architecture
• Define end-to-end security architecture aligned to Zero-Trust Architecture (ZTA) for relevant environments.
• Produce required blueprints, design artifacts (e.g., HLD/LLD, standards, configuration baselines).
• Produce security patterns to be adopted for secure-by-design adoption.

3. Define Security Requirements & Compliance Mapping
• Define/Implement published policies (Corporate/Conditional-Access-Policies) into azure policies and policy initiatives and establish blueprints.
• Activate monitoring of compliance using compliance manager and activate within Defender for cloud and ensure continuous compliance monitoring.
• Translate business and regulatory needs into clear security requirements and a compliance matrix mapped to Microsoft controls.
• Ensure coverage of access control, logging/monitoring, data protection, encryption, retention, and DR/BC.

4. Govern Implementation & Operational Readiness
• Act as design authority during delivery, validating secure implementation and integration across the Microsoft stack.
• Support SOC readiness for Sentinel/Defender, including use cases, automation, and handover documentation.

5. Stakeholder Engagement & Reporting
• Lead workshops, present design decisions and risks, and deliver concise reports and a phased security roadmap.

Qualification and Experience
• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related discipline.
• 10+ years of cybersecurity experience, including strong hands-on and architecture leadership across Microsoft security solutions.
• Proven experience designing and securing environments using:
o Microsoft Purview
o Microsoft Priva
o Microsoft Compliance Manager
o Microsoft Entra (Identity & Access Security)
o Microsoft Defender Suite (Cloud, Server, Identity, Container, etc.)
o ARC
o Microsoft Sentinel
o Azure security architecture and governance
• Strong capabilities in security architecture, control design, risk assessment, documentation, and governance.
• Experience working with compliance frameworks and audit evidence requirements (industry and/or local regulations as applicable).

• Certifications (Strongly Preferred)
o SC-100 (Microsoft Cybersecurity Architect) – preferred/mandatory
o SABSA/TOGAF
o SC-200 (Security Operations Analyst)
o SC-300 (Identity and Access Administrator)
o SC-401 (Information Security Administrator)
o AZ-500 (Azure Security Engineer Associate)