Simpson Associates transforms raw data into actionable insights that drive positive change.
Our Microsoft data expertise, our specialist sector knowledge, plus our innovative and trusted advice and guidance are just some of the reasons clients choose to work with us.
Our mission is to help purpose-led organisations from within the public and private sectors to harness data as a lever for change and enable them to realise business value more quickly. We provide the full range of services to support organisations on their data transformation journey. From advisory support and data strategy, to developing Data & AI solutions, right through to providing a range of managed services.
We are a Microsoft Solutions Partner, holding Specialisations in AI Platform on Microsoft Azure, Analytics on Microsoft Azure, Data Warehouse Migration to Microsoft Azure and Migrate Enterprise Applications to Microsoft Azure, as well as holding Solutions Partner designations in Data & AI (Azure); Digital & App Innovation (Azure); Infrastructure (Azure) and Security.
But it's not just about the badges. We are proud to be recognised as the winner of the 2024 Microsoft Community Response Partner of the Year award, reflecting our dedication to using technology for positive change. We are also a Databricks partner, and an IBM Gold Partner, specialising in Cognos Analytics and Planning Analytics.
With offices in York and Sheffield, and a team based throughout the UK – we champion creativity, innovation and collaboration in the workplace.
The Role
Microsoft Purview sits at the heart of how Simpson Associates helps clients understand, protect, and take control of their data – and we’re looking for the technical lead to own it. As our Microsoft Purview Lead Consultant, you’ll be the person clients turn to across Purview’s three pillars – Data Governance, Data Security, and Data Compliance – bringing deep, hands-on expertise in the data security and retention controls at the core of the work. You’ll lead engagements end to end, from discovery through design to delivery.
This is where data protection stops being a tooling exercise and becomes a business outcome. You won’t just configure sensitivity labels, DLP, DSPM, and retention – you’ll interpret what a client’s scan results actually mean, tell them in plain language where the real risk sits, and help them fix the right things first. Your work directly reduces the risk of the next breach or compliance failure for purpose-led organisations across the public and private sectors.
You’ll take the technical lead on client relationships, shape solutions alongside our pre-sales and data governance specialists, and help build Simpson’s Purview capability from the ground up – the delivery methods, the accelerators, and the people. Familiarity with Microsoft Fabric, Copilot readiness, and the supporting Azure platform is a real plus, but this role is first and foremost a Microsoft Purview specialism.
Key Responsibilities
Data Security – Information Protection
- Configure and tune Sensitive Information Types (SITs), beginning with Microsoft’s built-in SITs, to accurately detect client sensitive data while minimising false positives.
- Design, create, and configure sensitivity labels and label policies, including automatic labelling policies – running these in simulation (evaluation) mode to validate results before they are enforced.
- Design and implement Data Loss Prevention (DLP) policies across Microsoft 365, endpoints, and cloud services, aligned to client data protection requirements and rolled out via policy tips and test modes ahead of enforcement.
- Deploy and operate Data Security Posture Management (DSPM): enabling automated scanning and discovery of sensitive and unprotected data across the estate, including SharePoint and OneDrive, and turning DSPM recommendations into prioritised remediation.
- Configure sensitivity-label encryption and manage the associated keys – Microsoft-managed keys, Azure Key Vault (BYOK) integration, and Customer Key for data at rest – including automated key rotation policies aligned to the client’s labelling and compliance requirements.
Data Compliance – Retention, Lifecycle & Records
- Work with clients to agree data type classification, then define and document retention policies, capturing the rationale behind each decision.
- Configure retention labels and label policies to apply retention and disposition consistently across Microsoft 365.
- Configure retention periods and disposition settings – within Data Lifecycle and Records Management – to meet clients’ regulatory and records-management obligations.
Breadth across the Purview estate
- Advise and configure across all three Microsoft Purview pillars as engagements require: Data Governance (Unified Catalog and Data Map, classification, lineage, and data quality); Data Security (Information Protection, DLP, and DSPM); and Data Compliance (Compliance Manager, Audit, eDiscovery, Communication Compliance, and Data Lifecycle & Records Management).
- Recognise where retention sits – within Data Lifecycle and Records Management, under the Data Compliance pillar – and advise on the adjoining Microsoft Priva privacy capabilities (privacy risk management, subject rights requests, and consent) where a client needs them, articulating clearly how Priva differs from retention.
- Stay current with the evolving Microsoft Purview portal and capabilities – including Data Security Posture Management (DSPM) and DSPM for AI – feeding new and relevant features into the team’s delivery patterns.
Client Advisory & Delivery
- Interpret scan, classification, and DSPM discovery results for clients – explaining what the findings mean and advising on what to prioritise and remediate first, for example oversharing surfaced by OneDrive and SharePoint scanning.
- Plan and facilitate discovery workshops, technical design sessions, and stakeholder reviews, adapting your communication style to both technical and non-technical audiences.
- Produce high-quality client-facing deliverables including assessment reports, implementation plans, runbooks, and technical guidance.
- Mentor associate consultants and contribute reusable accelerators, delivery frameworks, and internal knowledge to the Cloud Platform and Security Team’s Purview practice.
Technical Requirements
- Practical experience helping organisations use Microsoft Purview to protect and manage their data in real-world environments.
- A good understanding of how to identify sensitive information and improve how it is recognised and handled.
- Experience setting up labels and rules to help protect information, including testing these before they go live.
- Experience putting controls in place to help prevent sensitive information from being shared in the wrong way.
- Experience using Microsoft tools to spot risks, identify where data needs better protection, and act on recommended improvements across platforms such as SharePoint and OneDrive.
- Experience working with data protection settings and encryption options to help keep information secure.
- Experience setting up retention rules and timeframes and working with clients to agree how different types of data should be managed.
- A broad understanding of Microsoft Purview and how its different areas work together to support data protection, governance, and compliance.
- Confidence reviewing findings and advising clients on what they should focus on first.
- A working understanding of Microsoft Entra ID, particularly how access and permissions support secure administration.
- An understanding of UK and EU data protection requirements, such as UK GDPR, and how Microsoft Purview can help organisations meet them.
Skills and Attributes Required
- A confident senior technical consultant able to lead client engagements and take ownership of delivery quality.
- Strong stakeholder management skills, with the ability to engage and influence at both technical and senior business levels.
- Excellent written and verbal communication skills, with the ability to translate complex data protection concepts – and scan results – into clear, prioritised guidance for clients.
- A natural problem solver with excellent analytical and troubleshooting skills.
- The ability to prioritise workload under pressure and deliver to tight deadlines.
- A collaborative team player who mentors others and contributes to a culture of knowledge sharing and continuous improvement.
- Enthusiastic, proactive, and confident in driving engagement progress without close day-to-day oversight.
Advantageous Qualifications and Skills
- Microsoft Certified: Information Security Administrator Associate (SC-401).
- Microsoft Certified: Identity and Access Administrator Associate (SC-300).
- Microsoft Certified: Azure Security Engineer Associate (AZ-500).
- Familiarity with Microsoft Fabric and OneLake, and an interest in how Purview governs and protects Fabric data.
Experience with the supporting Azu...
