Position: Senior Systems Administrator, Compliance and Innovation

Reports to: Associate Director, Security and Infrastructure

Contract type: Indefinite; Full Time

The Chartered Professional Accountants of British Columbia (CPABC) is seeking a highly organized and analytical individual with excellent attention to detail for the Senior Systems Administrator role. We are proud and honoured to have been recognized as one of BC's Top Employers for a sixth consecutive year in 2025. Come join a collaborative network of like-minded professionals and take the first step towards an exciting opportunity by applying to the position.

Job Summary

Reporting to the Associate Director, Security and Infrastructure (ADSI), the Senior Systems Administrator, Compliance and Innovation (SSACI) plays a key role in advancing Microsoft 365 compliance governance and data protection, while enabling innovation across the organization. This role is responsible for Compliance Strategy & Governance and Data Loss Prevention (DLP) Operations within the Microsoft Purview suite.

The SSACI ensures the organization meets its compliance and data privacy obligations by designing and implementing effective strategies, configuring and tuning DLP policies, and bridging Security Operations and IT Operations teams to maintain a mature compliance posture. In addition to daily hands-on management of Microsoft Purview tools and proactive monitoring of DLP alerts, this role champions the secure adoption of emerging technologies—particularly AI—by developing policies and frameworks that balance innovation with regulatory and ethical standards.

This position is ideal for a forward-thinking compliance professional who thrives at the intersection of governance and innovation, and who is passionate about enabling responsible AI adoption within a secure and compliant environment.

Key Responsibilities:

Technical Compliance Guardrails & Governance

• Architect & Deploy Guardrails:
  • Design and implement Microsoft Purview Information Protection (sensitivity labels, encryption, auto-labeling, retention labels) to enforce data-handling guardrails at scale.
  • Configure and maintain Purview Insider Risk Management, Communication Compliance, and Compliance Manager improvement actions—integrating them with existing SIEM dashboards for unified visibility.

• Configuration Hardening & Drift Management:
  • Harden Microsoft 365 workloads (Exchange Online, SharePoint, OneDrive, Teams) by applying compliance center baselines, role-based access controls (RBAC), Conditional Access policies, and automated configuration assessments.
  • Use PowerShell/Graph automation to detect and remediate configuration drift, ensuring guardrails remain enforced after new feature rollouts or tenant changes.
• Governance Reporting & Metrics:
  • Build dashboards and scheduled reports (Power BI, Purview compliance reports) that surface guardrail coverage, label adoption rates, and risk trends for leadership and audit stakeholders.
  • Provide technical evidence (exported logs, configuration snapshots) to auditors on request.

• Cross-Team Enablement:
  • Serve as the SME for Purview capabilities, partnering with IT Ops on service deployments and with SecOps on incident response playbooks involving sensitive data.
  • Act as a subject matter expert on Microsoft 365 Copilot and Azure OpenAI, supporting secure deployment and policy enforcement for AI-enabled features.

Ongoing Data Loss Prevention & Operations

• Daily DLP Monitoring & Incident Handling:
  • Review Purview DLP dashboard and alert queues each day, triaging events across email, Teams chat, SharePoint/OneDrive, and cloud apps via Microsoft Defender for Cloud Apps.
  • Investigate policy hits, confirm true positives, document findings, and drive rapid containment/remediation with asset owners

• Policy Tuning & Optimization:
  • Analyze false-positive/false-negative patterns; adjust rulesets, confidence thresholds, keyword dictionaries, document fingerprinting, and ML classifiers to maximize signal quality.

• AI-Aware Data Protection:
  • Extend DLP controls to Microsoft Copilot, Azure OpenAI, and other AI-enabled features defining prompts/content restrictions that guard against inadvertent disclosure of sensitive data through generative outputs.
  • Develop and implement governance frameworks for responsible AI adoption, balancing innovation with regulatory and ethical standards.

• Integration & Automation:
  • Feed DLP events to the organization's SIEM/SOAR platform for correlation with endpoint, identity, and network telemetry; automate ticketing and notifications via Logic Apps or Power Automate.
  • Maintain runbooks for containment (quarantine, revoke sharing links, force user MFA reset) and ensure continuous improvement after each incident post-mortem.
  • Build and maintain Power Platform workflows to automate repetitive compliance and incident response tasks.

Departmental Duties

• Provide Tier 2/3 escalation for complex Microsoft 365 compliance or DLP issues.
• Back up other Systems Administrators for endpoint security or cloud-security tasks when required.
• Mentor junior admins and analysts on Purview tooling, scripting, and incident triage techniques.

Key Requirements:

Knowledge and Experience

• Three (3) plus years of experience in IT Security / Infrastructure;
• Two (2) plus years of experience with hands-on administration of Microsoft 365 and/or Azure, including PowerShell automation;
• Two (2) plus years of experience engineering and operating DLP or information-protection controls in an enterprise cloud environment;
• Two (2) plus years of experience working directly with general IT infrastructure technologies;
• Microsoft Certified: Information Protection Administrator Associate (SC-400)

Demonstrated Skills and Abilities

• Expert knowledge of Microsoft Purview compliance portal, DLP policies, sensitivity/retention labels, Insider Risk, eDiscovery, and Compliance Manager.
• Proficient in PowerShell, Microsoft Graph, and automation pipelines for large-scale policy deployments and reporting.
• Strong grasp of Conditional Access, Azure AD identity governance, and role-based access control (RBAC).
• Familiar with SIEM/SOAR integration techniques (e.g., Sentinel, Splunk) for ingesting Purview events.
• Solid understanding of encryption, key management, and secure collaboration patterns across Microsoft 365 workloads.
• Experience protecting data within AI workloads (Copilot, Azure OpenAI) via token-level controls, content filtering, or custom extensions.
• Solid experience implementing security policies.
• Experience working with incident response plans and disaster recovery plans.

Preferred Knowledge, Experience, Skills and Abilities

• Microsoft Certified: Azure Administrator Associate would be an asset
• Microsoft Certified: Security, Compliance, and Identity Fundamentals would be an asset
• Microsoft Certified: Power Platform Solution Architect Expert would be an asset
• Microsoft 365 Security Administrator Associate or Azure Security Engineer Associate would be beneficial;
• CISSP, CISA and/or GIAC are advantageous, but not required;

The starting annual salary for this position is between $79,800.00 and 94,800.00 per annum, based on candidates' qualifications, experience, and internal parity. Exceptions may be considered with further review.

If this job outline describes you, we encourage you to apply through our online Careers Portal. We thank all candidates who respond; however, only those selected for an interview will be contacted.

Why join our team? CPABC offers an entrepreneurial environment with a competitive compensation package. At CPABC we live our core values:

• We Are Open
• We Work Together
• We Communicate
• We Improve Every Day
• We Are Professional
• We Laugh and Celebrate

About CPABC

The Chartered Professional Accountants of British Columbia (CPABC) is the training, governing, and regulatory body for over 40,000 CPA members and 6,000 CPA students and candidates. CPABC carries out its primary mission to protect the public by enforcing the highest professional and ethical standards and contributing to the advancement of public policy. CPAs are recognized internationally for bringing superior financial expertise, strategic thinking, business insight, and leadership to organizations. CPABC is proud to have been presented with a sixth consecutive BC Top Employer award in 2025.