Information Security - (Data & AI team)

Job Title: Information Security – (Data & AI team)

Duration: Duration 4 months Contract

Location: Hybrid - With infrequent site visit

Daily Rate: Inside IR35

ROLE OVERVIEW

  • We are looking for a highly skilled Cybersecurity Consultant with strong expertise across Microsoft Security, Cloud Security, Data Protection, and emerging AI/LLM security and governance. The role focuses on identifying security gaps, defining secure-by-design patterns, supporting product and platform teams, and strengthening enterprise security posture—particularly across Microsoft 365, Azure, data platforms, and AI-enabled solutions.
  • You will play a key role in threat modelling, risk assessments, guardrail design & implementation, and delivering practical security guidance for engineering, data, and application/product teams.

RATIONALE/DELIVERABLES:

  • Contribute to the Operating Securely program by providing information security advice and support to product and engineering teams and validate that security controls are in place and issues / vulnerabilities remediated
  • Perform technical risk assessments for proposed new and changing systems, including products that are designed and built by M&S as well as the secure deployment and configuration of business applications that report on and analyse data, e.g. Power BI
  • Perform technical risk assessments and advise product and engineering teams on the secure implementation of AI based solutions, e.g. autonomous AI agents, LLMs, LRMs, and AI-enhanced productivity systems
  • Support the roll-out of the new AI information security control framework
  • Support the Data governance team

KEY RESPONSIBILITIES

  • Perform threat modelling (STRIDE), guardrail definition, and security posture assessments across applications, data platforms, APIs, cloud services, and SaaS ecosystems.
  • Identify security control gaps, especially around data pipelines, repositories, network security, API security, middleware, and cloud architectures.
  • Conduct technical security risk assessments, produce risk statements/reports, and support teams with remediation and mitigation strategies.
  • Develop security controls, standards, and documentation for product teams, platform engineering, and data services (e.g., pipelines, warehouses, data sources).
  • Provide expert guidance on Microsoft Security Stack, including:

Microsoft Defender (XDR, MDE, MDI)

Microsoft Entra ID (SSO, MFA, Conditional Access, PIM)

Microsoft Purview (DLP, Information Protection, Data Governance, DSPM)

Microsoft 365 Copilot & security enablement

  • Partner with data governance, platform engineering, DevOps, and architecture teams to embed secure-by-design practices.
  • Support secure adoption of cloud-native technologies (Azure), DevSecOps pipelines, GitOps practices, and GitHub Advanced Security (GHAS).
  • Oversee security controls for cryptography, key management, secrets management, HSM/Key Vault configurations, and cloud network security (firewalls, proxies, segmentation).
  • Drive secure integration of AI/LLM tools, including Copilot, Azure OpenAI, and agentic systems—ensuring proper guardrails, risk assessments, and data protection.
  • Participate in cloud monitoring, detection & incident response, working with SIEM/XDR tooling and platform/application teams.
  • Collaborate closely with data governance to ensure appropriate classification, labelling, access control, and lifecycle management of sensitive data.
  • Essential Skills & Experience
  • Strong understanding of security frameworks (CIS), MITRE ATT&CK, and AI/LLM security frameworks.
  • Hands-on experience with Azure cloud security, DevSecOps, and cloud-native architectures.
  • Expertise with Microsoft 365 Security and Azure Security capabilities.
  • Strong knowledge of IAM (SSO, MFA, Conditional Access, AAD/Entra, PIM).
  • Experience delivering data security, DLP, DSPM, and governance controls using Microsoft Purview.
  • Practically skilled in AI security, including risk identification, secure integration patterns, and AI governance models.
  • Experience with cloud monitoring, incident response, SIEM/XDR operations.
  • Ability to translate complex security risks into clear business language and actionable recommendations.

DESIRABLE SKILLS

  • Experience with secure data platforms (Azure Data Factory, Data Lake, SQL, or similar).
  • Knowledge of API, container security, Kubernetes, and infrastructure-as-code security.
  • Familiarity with PCI, GDPR, data privacy requirements, and compliance frameworks.
  • Exposure to adaptive protection, insider risk management, and automated DLP frameworks.
  • Personal Attributes
  • Strong communicator able to work across engineering, data, product, and business teams.
  • Highly analytical with a structured approach to problem-solving.
  • Comfortable in fast-paced environments undergoing modernization and AI adoption.
  • Ability to influence teams and drive secure-by-design culture across the organisation
Apply Now
Apply Now

Job Details

Company
Lorien
Location
Slough, Berkshire, UK
Hybrid / Remote Options
Employment Type
Full-time
Posted