Job Description

Job Type: Permanent

Location: Hybrid – Edinburgh, Telford or Birmingham office. Expected 1–2 days per week in the office, subject to business needs.

Flexible working: All roles are open to part-time, job-share and other types of flexibility. We will discuss what is important to you and balancing this with business requirements during the recruitment process. You can read more about flexible working here: https://www.standardlifeplc.com/careers/flexible-working

Closing date: 28/04/2026

Salary and benefits: £45,000 – £60,000 plus an indicative bonus of 16% (up to 32%), private medical cover, 38 days annual leave, excellent pension, 12x salary life assurance, career breaks, income protection, 3x volunteering days and much more.

Who are we?

We’re Standard Life, a retirement specialist focused entirely on retirement savings and income. We champion the belief that everyone’s journey to and through retirement can be better, and for more than 200 years, we’ve been helping our customers plan and prepare for their financial futures.

Life today is increasingly complicated, uncertain and unpredictable. People move through different careers, face unexpected moments and navigate important choices. We offer our colleagues flexibility, trust and benefits that work for whatever life brings. In return we expect curiosity, connection, accountability and high standards. We make room for what matters - so you can bring your best, every day.

The role

This is a senior data security role, focused on leading and improving technical data security controls across Microsoft 365, with a primary emphasis on Microsoft Purview, Data Loss Prevention (DLP), and Insider Risk.

You will act as a senior practitioner and delivery lead, responsible for driving data security initiatives, control effectiveness and measurable risk reduction, while supporting a small team of analysts and an engineer. This is not a data engineering or platform role.

This role is focused on data security controls within Microsoft 365, including DLP and Insider Risk. It is not a data engineering or data platform role and does not involve building ETL pipelines, analytics solutions, or data platforms.

Key responsibilities include:

• Leading data security initiatives and project delivery, including:
  DLP uplift and optimisation
  Insider Risk capability development
  Microsoft Purview enhancement
• Owning the effectiveness of DLP controls across Microsoft 365:
  Policy design, tuning and optimisation
  Reducing false positives and business friction
  Improving control coverage and outcomes
• Driving Insider Risk use cases:
  Policy development and refinement
  Alert triage and investigation approaches
  Alignment with wider security and governance processes
• Acting as the bridge between operations, engineering and governance:
  Translating regulatory expectations into practical controls
  Ensuring controls are enforceable, measurable and audit-ready
• Providing data security expertise across the wider technology estate:
  Defining control requirements and expected outcomes
  Assessing control effectiveness and identifying gaps
  Working with relevant teams to ensure appropriate controls are in place
• Supporting and guiding analysts and engineers:
  Setting direction and priorities
  Acting as escalation for complex data security issues
• Working across technologies including:
  Microsoft Purview (DLP, Information Protection, Insider Risk)
  Varonis / Data Access Governance
  Microsoft Defender and Sentinel
• Supporting audit and regulatory activities:
  Producing clear, defensible control evidence
  Articulating control design in a regulated environment
  

What are we looking for?

We are looking for a senior data security specialist with strong experience in DLP and Microsoft 365 controls, who can lead delivery and improve control outcomes.
You will be a DLP / Data Security expert who can define and assess control effectiveness across the wider technology estate, without needing deep technical expertise in every platform. This role sits within the Data Security function, focused on technical controls and risk reduction, and is distinct from legal or privacy-led data protection activities.

Essential Experience

• Hands on experience with Microsoft Purview (DLP, Information Protection, Sensitivity Labelling)
• Good experience of Insider Risk Management (or closely related capabilities)
• Proven experience leading or delivering data security initiatives or projects
• Owning Policy tuning and optimisation
• Able to reduce false positives
• Delivering measurable risk reduction
• Data security within Microsoft 365
• Data leakage risks and user behaviour patterns
• Ability to translate regulatory expectations into operational controls
  

We want to hire the whole version of you

We are committed to ensuring that everyone feels accepted and welcome. If your experience looks different from what we’ve advertised and you believe that you can bring value to the role, we’d love to hear from you.

If you require any adjustments to the recruitment process, please let us know so we can help you to be at your best.

We’re reviewing applications as they come in, so apply early to avoid missing out.

Find out more about working at Standard Life

Guide for Candidates: https://standardlifeplc.pagetiger.com/guideforcandidates/guideforcandidates

Find or get answers from our colleagues: https://www.standardlifeplc.com/careers #LI-GJ1