AI & Governance Platforms Administrator

Company:

Finning International Inc.

Number of Openings:

1

Worker Type:

Permanent

Position Overview:

Finning Canada is looking to hire a permanent, full-time AI & Governance Platforms Administrator who will be responsible for the secure, compliant, and efficient administration of Microsoft Copilot, Microsoft Purview, M365 administrative controls, Microsoft Foundry (formerly Azure AI Foundry), and related Microsoft AI and information protection services.

This role is not responsible for designing or building AI agents, prompts, or models. Instead, it is accountable for administering, securing, and operating the enterprise platforms and controls that enable AI capabilities at scale.

This role ensures that users, environments, resource groups, licenses, connectors, and integrations are properly governed and maintained in alignment with Finning’s AI, Security, Privacy, and Data Governance policies.

The AI & Governance Platforms Administrator acts as the primary owner of platform configuration, governance controls, and access management, partnering closely with the Enterprise Insights & AI team, AI Champions, Data Engineering, Cybersecurity, Privacy, and business stakeholders to enable stable AI operations, compliant access, and safe scaling of AI and agent workloads across the organization.

What we can offer you:
· Great people and place to work with a hybrid work opportunity
· Career advancement and training opportunities
· Pension and employee stock purchase plans with company contributions
· Extensive health benefits including group medical and dental benefits, and short-term and long-term disability benefits
· For this position, the expected salary range is between $100,000 and $120,000 annually. This range reflects our commitment to providing competitive compensation that aligns with industry standards and your qualifications.
Please note that the actual salary offer will be based on a candidate’s experience, qualifications, and fit for the role. We are dedicated to fostering an inclusive and equitable work environment, and this salary range is designed to support that commitment.

Job Description:

Major Job Functions:

Access Management, Identity Controls & License Management:

• Manage user access, security groups, and permissions for Copilot Studio authors, makers, and viewers using Entra security groups and Dataverse roles.
• Maintain least-privilege RBAC for Foundry, including resource groups, managed identities, service principals, and Entra Agent IDs.
• Apply enterprise data classification (Yellow/Red) and prevent unauthorized access to restricted sources.
• Review and approve access requests for Copilot Studio environments and Foundry project spaces.
• Assign, revoke, and audit Copilot Studio user licenses and manage tenant-wide Copilot Studio licenses.
• Manage M365 Copilot licenses for appropriate personas in coordination with Digital Workplace IT.
• Enable/disable trial access and self-subscription controls via organizational settings.
• Monitor Copilot credit consumption and ensure compliance with usage thresholds.

Information Governance & Compliance Administration:

• Administer and monitor Microsoft Purview capabilities supporting AI/data governance (eDiscovery, audit, information protection, data lifecycle, and data loss prevention) in alignment with enterprise policy.
• Partner with Security/Privacy to configure and validate sensitivity labels, label policies, and label inheritance behaviors relevant to M365 and AI use cases.
• Support DLP policies and alert triage for high-risk sharing, prompt injection/data exfiltration patterns, and misuse scenarios (where available), coordinating incident response and remediation.
• Manage audit logging and retention settings across M365 and Purview; support internal/external audit evidence requests with repeatable reporting.
• Administer M365 governance controls that affect Copilot experiences (e.g., tenant settings, content access boundaries, and sharing controls) in coordination with Digital Workplace IT.

Environment, Workspace & Resource Group Administration:

• Create, configure, and maintain Foundry resource groups, compute configurations, networking settings, and workspace structures.
• Administer Dev–Test–Prod environments for Copilot Studio and Foundry to ensure consistent deployments.
• Configure Private Link, firewalls, and secure network boundaries for Foundry workloads.
• Ensure that Copilot agents and Foundry agents use approved connectors and data sources only (as documented in AI governance).

Platform Governance, Security, Monitoring & Telemetry:

• Enforce Finning’s AI governance requirements including design gates, guardrails, data handling standards, and periodic access reviews.
• Ensure encryption at rest, encryption in transit, and proper key management (platform or customer-managed keys).
• Implement monitoring of connectors, triggers, and actions for misuse or policy violations; coordinate with Purview/Audit alerting and Security incident workflows.

Platform Support, Integration Management & Governance Reporting:

• Set up and maintain telemetry to track uptime, credit consumption, errors, deployments, and drift.
• Monitor Copilot agent usage, quality, KPIs, and time saved metrics as defined in AI governance.
• Maintain diagnostic logs across Foundry resources; configure operational alerts in Azure Monitor and App Insights.
• Work with Cybersecurity and Data Engineering on escalation paths for incidents, outages, or permission issues.

Operational Monitoring, Logging & Telemetry:

• Set up and maintain telemetry to track uptime, credit consumption, errors, deployments, and drift.
• Monitor Copilot agent usage, quality, KPIs, and time saved metrics as defined in AI governance.
• Maintain diagnostic logs across Foundry resources; configure operational alerts in Azure Monitor and App Insights.
• Work with Cybersecurity and Data Engineering on escalation paths for incidents, outages, or permission issues.

Connector, Integration & API Management:

• Maintain the approved connectors list (as referenced in AI governance) and ensure only permitted connectors are available to makers.
• Administer Dataverse environments and ensure proper permissions for Copilot bot tables, subcomponents, and transcripts.
• Support configuration of REST tools, Graph API integrations, and secure credential storage (Key Vault / Delinea).

Platform Support & Issue Resolution:

• Act as Tier 2/3 support for platform-level Copilot or Foundry issues (permissions, environment configuration, billing, connectors).
• Collaborate with Regional IT, Data Engineering, and Workplace Management Team for escalations, per RACI guidance.
• Assist makers with environment provisioning, performance troubleshooting, and connector access issues.
• Design and develop Power Automate flows to streamline business processes, improve efficiency, and reduce manual effort.

Governance Reporting & Audits:

• Produce monthly reports on:
• License consumption
• Access reviews
• Agent usage & KPIs
• Security exceptions & vulnerabilities

• Maintain audit trails for Foundry and Copilot Studio per Internal Audit requirements.

Mandatory (Must-Have) Skills:

• Bachelor’s degree in Information Technology, Computer Science, Information Systems, Cybersecurity, Data Management, or a related technical field.
• Experience administering Copilot Studio, Power Platform, or Dataverse.
• Experience managing Azure billing, cost controls, and monitoring for resource groups.
• Familiarity with Foundry (Azure AI Foundry) concepts such as Foundry IQ, multi-agent workflows, Entra Agent ID.
• Exposure to AI governance, responsible AI, privacy, or compliance frameworks; experience operationalizing controls via Purview and M365.
• Basic scripting (PowerShell, Power Automate, CLI, Python) for admin automation.

• 3+ years’ experience administering Azure, M365, or Power Platform environments.
• Strong knowledge of Azure RBAC, Managed Identities, Service Principals, resource groups

Preferred skills (Non-Mandatory):

Core Platform & Technical Knowledge

• Microsoft Copilot Administration
• Understanding of Copilot for M365, Copilot Studio, and tenant level configuration
• Knowledge of Copilot access policies, data controls, audit logging, connectors, and plugin governance
• Familiarity with M365 Graph permissions, sensitivity labels, and tenant-scoped security boundaries

• Microsoft Purview
• Purview Information Protection (labels, policies, auto labeling, DLP, encryption)
• Purview Data Lifecycle Management (retention labels, retention policies)
• Purview Audit (logging, advanced audit, data access reporting)
• Purview Data Map & Data Governance (optional but beneficial)

• Microsoft Foundry / Azure AI Foundry
• Knowledge of AI resource provisioning (AI hubs, projects, resource groups)
• Understanding of model catalogs, API endpoints, safety filters, evaluation, and monitoring
• Familiarity with network isolation, managed identities, API keys, inference limits, and cost controls

• Microsoft 365 Administration
• M365 Admin Center (users, groups, licenses, roles)
• Entra ID (formerly Azure AD) identity, conditional access, role-based access control
• SharePoint/OneDrive governance (permissions, site settings, data boundaries)
• Teams app policies, admin controls, and governance of AI enabled experiences

At Finning, we prioritize creating a diverse and inclusive environment. We are proud to be an equal opportunity employer, and we actively encourage all individuals to express themselves and achieve their full potential. As a company, we continuously strive to enhance our outreach to individuals of all backgrounds and identities. We do not discriminate against applicants based on gender identity, race, national and ethnic origin, religion, age, sexual orientation, marital and family status, and/or mental or physical disabilities. Furthermore, Finning is committed to collaborating with and providing reasonable accommodations /adjustments to individuals with disabilities. If you require an adjustment/accommodation at any point during the recruitment process, please inform your recruiter.