Responsibilities:
1. Workplace Platform Architecture
• Design and maintain the enterprise endpoint architecture (Windows platform, device compliance model, security baseline).
• Define endpoint standards including OS builds, hardening baselines, encryption policies, and configuration controls.
• Own the modern device management strategy (e.g., Intune, Autopilot…).
• Establish lifecycle standards for OS versions, patching, and hardware refresh.

2. Modern Endpoint Management
• Lead configuration and governance of Intune, including compliance policies, configuration profiles, and update rings.
• Design zero-touch provisioning models (Autopilot).
• Oversee software deployment strategies and packaging standards.
• Drive proactive remediation and endpoint automation initiatives.

3. Security & Compliance
• Implement endpoint security baselines aligned with Cyber Security policies.
• Ensure encryption (BitLocker), EDR integration, device compliance enforcement.
• Collaborate with IAM and Security teams on conditional access and device trust models.

4. Service & Operational Excellence
• Define workplace service standards, SLAs, and KPIs.
• Provide L3 escalation support for complex endpoint issues.
• Lead root cause analysis for major workplace incidents.
• Drive self-service, automation, and reduction of recurring incidents.
• Maintain architecture documentation and configuration baselines.

5. Vendor & Lifecycle Management
• Define hardware standards and approved device models.
• Coordinate with hardware vendors and procurement.
• Oversee asset lifecycle governance and refresh strategy.
• Support cost optimisation initiatives for endpoint services.

6. Continuous Improvement & Innovation
• Evaluate emerging workplace technologies and modernisation opportunities.
• Drive standardisation and simplification initiatives.
• Mentor EUC operations specialists and Service Desk engineers.
• Promote automation-first and security-first mindset across workplace services.

Requirements:
Technical Expertise
• Advanced Windows 10/11 enterprise architecture knowledge
• Deep expertise in Microsoft Intune / Endpoint Manager
• Autopilot provisioning design and zero-touch deployment
• OS lifecycle management and patch governance
• Endpoint security baseline implementation (BitLocker, Defender…)
• Conditional Access and device compliance integration (in cooperation with IAM)
• Software packaging and deployment models (Win32, MSI, scripting)
• PowerShell scripting for automation and remediation
• Endpoint monitoring and performance optimisation
• Understanding of Azure AD / Entra ID device registration concepts

Architecture & Governance
• Enterprise endpoint standardisation strategy
• Service design and catalogue modelling
• SLA and KPI definition for workplace services
• Disaster recovery planning for endpoint management platforms
• Documentation of architecture diagrams and operational baselines
• Experience in large-scale global environments (3,000+ endpoints preferred)

Operational & Leadership Skills
• Strong analytical and troubleshooting capability (L3 level)
• Major incident coordination experience
• Ability to design scalable, automation-driven service models
• Vendor and supplier coordination experience
• Cross-tower collaboration (IAM, Security, Infra, Collaboration, ITSM)
• Mentoring and technical leadership of EUC specialists

Experience & Qualifications
• 5–10+ years in enterprise endpoint engineering
• Proven experience in modern workplace transformation projects
• Experience migrating from legacy endpoint management to modern MDM
• Microsoft certifications (e.g., Endpoint Administrator, Enterprise Admin) preferred
• Strong understanding of ITIL-based service environments

KPIs for Success
• Endpoint compliance rate (>95–98%)
• Patch compliance adherence
• Reduction in endpoint-related incidents
• Automation rate of workplace requests
• Device provisioning lead time
• User satisfaction score (Workplace services)