Director, Platform Engineer

Scope & Impact

We’re seeking a technical Associate Director to own and evolve our Microsoft platform—Entra ID/Azure AD, M365 Core (Exchange Online, Teams), Power Platform—and Microsoft licensing. This role will drive a hard pivot from clickops to platform-as-code (Git-first, policy-as-code, pipelines, drift detection). You’ll partner with Security (Intune, Defender, Purview) and Workplace Technology (Service Desk) to define the right operating model.

This is a player-coach role : you’ll design, build, review PRs, lead incidents, manage outcomes, and grow a high-performing team.

What You’ll Own and Deliver

• Identity & Access (Entra ID/Azure AD): Modern identity posture (SSO, CA, PIM, SCIM, app registration/consent hygiene) with strong change control and telemetry.

• M365 Core (Exchange & Teams): Guardrails, transport hygiene (SPF/DKIM/DMARC), Teams policies, published SLOs, golden dashboards.

• Power Platform: Environment strategy, DLP guardrails, ALM pipelines, maker enablement, connector governance, reliability for critical apps/flows.

• Microsoft Licensing: EA strategy, renewals, SKU optimization, cost controls, allocation hygiene, Finance reporting.

• M365 Training Portal: Product roadmap, curriculum, governance, adoption; LMS/Viva integration; SharePoint partnership.

• Automation & IaC: GitLab pipelines, Terraform (AzureAD/M365), Graph/PowerShell tooling, drift detection with auto-remediation.

• Reliability & Incidents: Incident command, RCA/postmortem program, SLO/error budget ownership.

• Team Development: Hiring pipeline, onboarding, coaching, growth plans, and building a team that ships platforms as code.

Not in scope: SharePoint architecture (coordinate only).

12-Month Outcomes

• Automation: ?90% of configuration managed as code, high-risk drift auto-remediated.

• Clickops Reduction: ?80% reduction in portal-only changes.

• Reliability: SLOs published; >99.9% availability; <4h MTTR for P1s; RCAs completed with fixes.

• Power Platform: DLP enforced, ALM live, safe maker program with zero critical violations.

• Licensing: 8–12% YoY savings, ?98% allocation accuracy, clean audit posture.

• M365 Training Portal: ?60% monthly active employees, ?70% curriculum completion, CSAT ?4.3/5.

• Team Development: Skills matrix in place; quarterly growth conversations; ?90% critical skills coverage.

Day-to-Day

• Lead roadmap, standards, and team coaching while staying hands-on.

• Author Terraform modules, Graph/PowerShell tooling, enforce policy-as-code.

• Build GitLab CI/CD for compliance, promotion, drift detection, and auto-remediation.

• Publish SLO dashboards; lead incident response and RCA quality.

• Manage licensing end-to-end: forecasting, renewals, analytics, cost savings.

• Own training portal: roadmap, governance, analytics, adoption plays.

• Define operating model with Security and Workplace Tech; integrate with Service Desk.

What Great Looks Like (Must-Haves)

• Proven platform leadership with deep, hands-on Entra ID/Azure AD (CA, PIM, app reg/consent, federation, SCIM).

• Strong M365 Core (Exchange/Teams) and Power Platform governance (DLP, ALM, CoE).

• Automation-first mindset: Git-based workflows, GitLab CI, Graph API/PowerShell, Terraform, policy-as-code.

• Licensing program ownership with measurable savings.

• Team builder: hiring, coaching, skill matrices, feedback culture, on-call quality bar.

• Incident/RCA leadership with ability to push for codified, repeatable solutions.

Nice-to-Haves

• IGA (SailPoint/Entra ID Governance), secrets management, PAM integrations.

• Built and scaled a Power Platform CoE.

• Experience in regulated environments (SOX/ISO) with automated evidence.

• M&A platform integrations (tenant consolidation, domain migrations).

How We Work (Non-Negotiables)

• No clickops: If it has a lifecycle, it lives in code behind a PR.

• Security by default: Least privilege and strong auth baseline.

• Measure everything: SLOs, drift, and cost on dashboards.

•