Responsibilities

• Lead ongoing initiatives for modern end-user workspace to enhance collaboration, mobility, performance, security, and service levels across the Bank.
• Contribute to the development and engineering of the client computing platform and the Bank’s digital workspace strategy and roadmap.
• Design, manage, and administer Intune-managed, Entra‑ID joined Windows devices, covering: 
  • Autopilot provisioning workflows
  • Configuration profiles and security baselines
  • Compliance policies, update rings, and feature update management
  • Win32/MSI application packaging, deployment, and troubleshooting
  • Endpoint Security controls (AV/EDR, Firewall, ASR, BitLocker, WDAC/AppLocker)
  • Proactive Remediation scripting and advanced troubleshooting
• Develop and maintain standards and policies for client endpoint computing platforms, including Microsoft Windows, mobility solutions, Intune MDM, Purview Information Protection, and modern application control frameworks.
• Provide subject matter expertise to regional teams in adopting modern endpoint management, cloud-based workspace tools, and modern authentication architectures; collaborate closely with Head Office.
• Partner with project teams to deliver endpoint-related transformation projects and ensure alignment of architecture, solution design, processes, and service delivery.
• Oversee engineering lifecycle responsibilities including OS image engineering, build maintenance, testing, automation, compatibility validation, and deployment.
• Prepare architecture documentation, engineering runbooks, solution design papers, and project reporting materials.
• Ensure timely and concise communication of project status, risks, issues, and progress to stakeholders and IT teams.

Requirements

• Bachelor’s Degree in IT, Computer Science, Computer Engineering, or equivalent.
• Minimum 6 years of experience supporting IT End User Services.
• Mandatory Microsoft certifications, ideally covering M365, Intune/Endpoint Administration (MD-102/MD-100), Modern Desktop Administrator Associate, or relevant Azure certifications (Azure Administrator, etc.).
• ITIL Foundation certification with a strong understanding of Change, Incident, and Problem Management.

• Intune & Entra ID (Azure AD) Administration — Mandatory
• The candidate must have at least 3–5 years of direct, hands-on engineering experience with Intune—not limited to operator-level tasks such as onboarding/offboarding. Required experience includes:

• Intune configuration profiles, security baselines, and compliance frameworks
• Windows Update for Business policies and update ring management
• Autopilot deployment profiles, ESP tuning, and provisioning troubleshooting
• Application lifecycle management using Win32, MSI, MSIX packages

• Deep knowledge of Microsoft 365 workloads, Group Policy management, AD DS (Trusts, Sites/Services), DNS, DHCP, DFS, and Exchange Online Protection.
• Experience with modern authentication architectures, including SSO, MFA, Conditional Access, and integration across cloud and on-premise systems.

• Strong hands-on experience in: 
  • Windows 10/11 OS image engineering, build automation, and deployment
  • Application compatibility assessment and remediation
  • Unified Communication and Collaboration tools
  • SCCM/MECM and co-management with Intune
  • VDI technologies (Citrix, Horizon, AVD)
  • Device health, performance tuning, and endpoint security hardening

• Solid working knowledge of Microsoft Purview Information Protection, sensitivity labelling, DLP, endpoint monitoring, and data governance.

• Proven success in architecture, engineering design, and the delivery of complex endpoint modernisation initiatives.
• Strong collaboration and stakeholder communication skills, including experience working with regional teams and head office groups.
• Experience working in banking or financial institution environments is advantageous.
• Excellent communication, documentation, analytical, and interpersonal skills