**Role Summary**

We are seeking a strategic and hands‑on **Digital Workplace Architect (d/f/m)** to shape, lead, and govern enterprise‑scale workplace transformations across Germany and the wider DACH region. You will define target architectures, lead complex solution designs (M365, Intune/UEM, Windows/macOS, mobile, VDI, collaboration, experience analytics), and partner with business, security, and works councils to deliver a secure, compliant, high‑performing digital employee experience. This role combines **enterprise architecture leadership, presales/orals**, solution governance, and **delivery assurance** with a strong focus on **Zero Trust, automation, and measurable experience outcomes**.

**Key Responsibilities**

**Architecture & Strategy**

- Own the **Digital Workplace target architecture** and multi‑year roadmap (Windows 11, macOS, iOS/iPadOS, Android; physical/virtual endpoints; on‑prem/cloud services).
- Define **reference architectures**, blueprints, standards, and patterns (e.g., Zero Trust endpoint posture, identity‑first access, modern management, AI‑powered support).
- Perform current‑state assessments, develop **To‑Be** architectures, and lead **transition states** and migration strategies at scale.
- Align workplace strategy to business value drivers (productivity, cost, compliance, sustainability, and employee experience).

**Solution Design & Governance**

- Lead end‑to‑end **solutioning** across M365 (Teams, Exchange Online, SharePoint/OneDrive), **Intune/UEM**, **Autopilot/ABM/DEP**, **GPO to MDM** modernization, **VDI** (Citrix/AVD/VMware), collaboration and meeting rooms, printing, and **experience analytics** (Nexthink/Lakeside).
- Define **security** and **compliance** controls (Conditional Access, Defender, DLP, data residency, encryption, app protection, least privilege), partnering with Security/Privacy/Legal.
- Establish architecture governance, patterns, **guardrails**, and **technical debt** management; run design reviews and ensure **traceability** to requirements and policies.
- Drive **standards** for packaging, patching, app lifecycle, image‑less provisioning, configuration drift management, and endpoint telemetry.

**Delivery Leadership & Assurance**

- Provide **delivery oversight**, architectural runway, and risk management across programs and complex work‑streams.
- Define **KPIs/OKRs** (DEX score, login times, crash rates, patch latency, ticket deflection, MTTR, CSAT/eNPS) and ensure continuous experience improvement.
- Champion **automation** (PowerShell, Graph API, proactive remediations), self‑service, and **AIOps** to reduce TCO and elevate employee experience.
- Guide **capacity & performance planning**, **resiliency**, and **Business Continuity** for critical workplace services.

**Stakeholder, Presales & Financials**

- Serve as the senior **architectural point of contact** for CIO/CTO, CISO, HR, Procurement, Facilities, and **Betriebsrat (Works Council)** partners.
- Lead presales: **RFP/RFI/RFQ**, solution costing, BoE/BoM, **orals**, demos/PoCs; articulate business cases and **TCO/ROI**.
- Support **vendor selection** and commercial negotiations; oversee license optimization (M365 E3/E5, security add‑ons).
- Contribute to portfolio development, thought leadership, and **reusable accelerators**.

**Compliance & Germany‑Specific Requirements**

- Ensure designs comply with **GDPR**, **BDSG**, and data minimization principles; define **privacy‑by‑design** in telemetry, DEX tooling, and remote support.
- Engage collaboratively with **Works Councils** on employee data, monitoring, and change impacts; create transparent DPIAs and Betriebsvereinbarungen where applicable.
- Consider **BITV 2.0** accessibility requirements and **ArbSchG** (occupational safety) in the workplace design and device standards.
- Align identity and device trust with **EU data residency** and sovereign requirements where relevant.

**Required Qualifications & Experience**

- **12–15+ years** in End‑User Computing/Digital Workplace with **7+ years** in architecture/strategy roles; successful delivery of **large enterprise** transformations (10k+ endpoints).
- Deep hands‑on expertise with:
- **Microsoft 365** (Teams, Exchange Online, SharePoint/OneDrive), **Entra ID (Azure AD)**, **Conditional Access**, **Defender** suite.
- **Endpoint Management/UEM**: Microsoft **Intune**, Autopilot, co‑management, Win11 servicing, macOS management (Jamf/Intune), iOS/Android (Intune/ABM/DEP).
- **VDI/EUC**: **Citrix** / **Azure Virtual Desktop** / VMware Horizon (image strategy, profiles, app layering, HDX/FSLogix).
- **Automation & Scripting**: **PowerShell**, Graph API, proactive remediations, packaging (Win32/MSIX), CI/CD for workspace configs.
- **Experience Analytics/DEX**: Nexthink, Lakeside, or equivalent (SLAs/XLAs, sentiment, synthetic tests).
- Strong grasp of **Zero Trust** for endpoints, identity‑driven security, DLP, MAM/APP, encryption, and **least‑privilege** models.
- Proven **governance**: standards, patterns, risk controls, and audit readiness.
- **Presales/Consulting** experience: RFPs, solution costing, orals, and C‑suite communication.
- **Language:** Fluent **German (C1)** and **English** (written and spoken).
- Ability to travel within **Germany/DACH** (approx. 20–40%).

**Preferred Qualifications**

- **TOGAF**, **ITIL v4**, **Microsoft Certified: Cybersecurity Architect / Identity and Access Administrator / Endpoint Administrator / Solutions Architect**, **Citrix CTA/CCE‑V**, **Nexthink Associate/Professional**.
- Exposure to **ServiceNow ITSM/ITOM**, **SCCM/ConfigMgr to Intune** transitions, software metering, and license optimization.
- Knowledge of **network** (Wi‑Fi/802.1X/NAC), **printing modernization**, and **meeting room/AV** solutions (Teams Rooms).
- Experience with **co‑determination** processes and drafting **Works Council agreements** for IT/DEX solutions.
- Familiarity with **sustainability** in EUC (device lifecycle, e‑waste, energy management) and **FinOps** for M365.

**Soft Skills & Leadership**

- Executive presence; able to **translate** complex technology into business value and regulatory outcomes.
- Influential stakeholder management with **Works Councils**, Security, and Compliance teams.
- High ownership, structured thinking, and **data‑driven decision making**.
- Talent development and **mentoring** of architects/engineers; culture of continuous improvement.

**Success Metrics (Illustrative)**

- **>25% reduction** in high‑impact incidents / MTTR; **>20% improvement** in DEX scores within 12 months.
- **>30% automation‑driven** ticket deflection in endpoint support.
- **95%+** patch compliance within SLA; **GPO→MDM** migration completion on plan.
- Positive Works Council outcomes and **zero critical audit findings**.
- Realized **TCO/ROI** per business case (license optimization, endpoint standardization, energy savings).

**What We Offer**

- Opportunity to lead **industry‑defining** workplace transformations across DACH.
- Autonomy to set **architecture vision** and invest in accelerators/automation.
- Competitive compensation with performance incentives, learning budget, and certification support.
- Hybrid working model with modern collaboration tooling.

**Equal Opportunity**

We are an equal opportunity employer. All qualified applicants will be considered without regard to gender, age, disability, ethnic origin, religion or belief, sexual orientation, or identity. We welcome applications from candidates with disabilities. (m/f/d)