We are seeking an experienced Business Analyst to support enterprise governance, third-party risk management, application control processes, and Microsoft Purview operational governance initiatives.
The consultant will work with business, security, compliance, and technology stakeholders to define frameworks, document operational processes, and support implementation readiness across multiple governance and risk domains.
Location: Remote
Duration: 12 months
Responsibilities
- Facilitate stakeholder alignment sessions to define scope, success metrics, governance structures, and escalation paths
- Gather and document governance, operational, and compliance requirements from business and technology stakeholders
- Define and document third-party and joint venture inventory models, including in-scope criteria, required data fields, and ownership structures
- Develop requirements baselines for third-party risk management, including tiering models, scoring methodologies, evidence standards, and exception handling
- Design and document assessment processes, workflows, questionnaires, evidence checklists, SLAs, and communications procedures
- Draft, document, and support implementation of application control processes and framework documentation, including block-list governance controls
- Coordinate stakeholder reviews, approvals, and publication of governance and operational documentation
- Develop governance frameworks, operating models, compliance documentation, and operational guidance for Microsoft 365 and Microsoft Purview
- Publish governance content and operational documentation through internal governance portals or websites
- Create operational runbooks and support documentation for compliance and security operations teams
- Support operationalization of Purview governance, compliance, and data protection controls
- Collaborate with cybersecurity, compliance, legal, infrastructure, and operational teams to align governance initiatives with enterprise standards
- Identify opportunities to improve governance maturity, operational processes, and compliance effectiveness
Requirements
- 7+ years of experience in governance, risk, compliance, cybersecurity, or information management consulting roles
- Strong experience with third-party risk management frameworks and vendor governance processes
- Experience documenting enterprise governance frameworks, operational models, policies, and procedures
- Hands-on experience with Microsoft 365 governance and Microsoft Purview
- Knowledge of information protection, data governance, retention, and compliance management practices
- Experience developing operational runbooks, workflows, templates, and governance documentation
- Strong facilitation, stakeholder management, and workshop leadership skills
- Experience supporting enterprise security, compliance, or governance programs
- Familiarity with application control processes, endpoint governance, or software restriction policies
- Understanding of governance and security standards such as ISO 27001, NIST, CIS Controls, or similar frameworks
- Strong written communication and documentation capabilities
- Experience working within large enterprise or regulated environments preferred
- Microsoft security, compliance, or governance certifications are considered an asset
