Digital Workplace Architect

We are seeking a strategic and hands-on Digital Workplace Architect (d/f/m) to shape, lead, and govern enterprise-scale workplace transformations across Germany and the wider DACH region. You will define target architectures, lead complex solution designs (M365, Intune/UEM, Windows/macOS, mobile, VDI, collaboration, experience analytics), and partner with business, security, and works councils to deliver a secure, compliant, high-performing digital employee experience. This role combines enterprise architecture leadership, presales/orals, solution governance, and delivery assurance with a strong focus on Zero Trust, automation, and measurable experience outcomes., Architecture & Strategy

• Own the Digital Workplace target architecture and multi-year roadmap (Windows 11, macOS, iOS/iPadOS, Android; physical/virtual endpoints; on-prem/cloud services).
• Define reference architectures, blueprints, standards, and patterns (e.g., Zero Trust endpoint posture, identity-first access, modern management, AI-powered support).
• Perform current-state assessments, develop To-Be architectures, and lead transition states and migration strategies at scale.
• Align workplace strategy to business value drivers (productivity, cost, compliance, sustainability, and employee experience).

Solution Design & Governance

• Lead end-to-end solutioning across M365 (Teams, Exchange Online, SharePoint/OneDrive), Intune/UEM, Autopilot/ABM/DEP, GPO to MDM modernization, VDI (Citrix/AVD/VMware), collaboration and meeting rooms, printing, and experience analytics (Nexthink/Lakeside).
• Define security and compliance controls (Conditional Access, Defender, DLP, data residency, encryption, app protection, least privilege), partnering with Security/Privacy/Legal.
• Establish architecture governance, patterns, guardrails, and technical debt management; run design reviews and ensure traceability to requirements and policies.
• Drive standards for packaging, patching, app lifecycle, image-less provisioning, configuration drift management, and endpoint telemetry.

Delivery Leadership & Assurance

• Provide delivery oversight, architectural runway, and risk management across programs and complex work-streams.
• Define KPIs/OKRs (DEX score, login times, crash rates, patch latency, ticket deflection, MTTR, CSAT/eNPS) and ensure continuous experience improvement.
• Champion automation (PowerShell, Graph API, proactive remediations), self-service, and AIOps to reduce TCO and elevate employee experience.
• Guide capacity & performance planning, resiliency, and Business Continuity for critical workplace services.

Stakeholder, Presales & Financials

• Serve as the senior architectural point of contact for CIO/CTO, CISO, HR, Procurement, Facilities, and Betriebsrat (Works Council) partners.
• Lead presales: RFP/RFI/RFQ, solution costing, BoE/BoM, orals, demos/PoCs; articulate business cases and TCO/ROI.
• Support vendor selection and commercial negotiations; oversee license optimization (M365 E3/E5, security add-ons).
• Contribute to portfolio development, thought leadership, and reusable accelerators.

Compliance & Germany-Specific Requirements

• Ensure designs comply with GDPR, BDSG, and data minimization principles; define privacy-by-design in telemetry, DEX tooling, and remote support.
• Engage collaboratively with Works Councils on employee data, monitoring, and change impacts; create transparent DPIAs and Betriebsvereinbarungen where applicable.
• Consider BITV 2.0 accessibility requirements and ArbSchG (occupational safety) in the workplace design and device standards.
• Align identity and device trust with EU data residency and sovereign requirements where relevant., Success Metrics (Illustrative)

• 25% reduction in high-impact incidents / MTTR; >20% improvement in DEX scores within 12 months.

• 30% automation-driven ticket deflection in endpoint support.

• 95%+ patch compliance within SLA; GPO MDM migration completion on plan.
• Positive Works Council outcomes and zero critical audit findings.
• Realized TCO/ROI per business case (license optimization, endpoint standardization, energy savings).

Do you have experience in macOS?, * 12-15+ years in End-User Computing/Digital Workplace with 7+ years in architecture/strategy roles; successful delivery of large enterprise transformations (10k+ endpoints).

• Deep hands-on expertise with:

• Microsoft 365 (Teams, Exchange Online, SharePoint/OneDrive), Entra ID (Azure AD), Conditional Access, Defender suite.
• Endpoint Management/UEM: Microsoft Intune, Autopilot, co-management, Win11 servicing, macOS management (Jamf/Intune), iOS/Android (Intune/ABM/DEP).
• VDI/EUC: Citrix / Azure Virtual Desktop / VMware Horizon (image strategy, profiles, app layering, HDX/FSLogix).
• Automation & Scripting: PowerShell, Graph API, proactive remediations, packaging (Win32/MSIX), CI/CD for workspace configs.
• Experience Analytics/DEX: Nexthink, Lakeside, or equivalent (SLAs/XLAs, sentiment, synthetic tests).

• Strong grasp of Zero Trust for endpoints, identity-driven security, DLP, MAM/APP, encryption, and least-privilege models.
• Proven governance: standards, patterns, risk controls, and audit readiness.
• Presales/Consulting experience: RFPs, solution costing, orals, and C-suite communication.
• Language: Fluent German (C1) and English (written and spoken).
• Ability to travel within Germany/DACH (approx. 20-40%)., * TOGAF, ITIL v4, Microsoft Certified: Cybersecurity Architect / Identity and Access Administrator / Endpoint Administrator / Solutions Architect, Citrix CTA/CCE-V, Nexthink Associate/Professional.
• Exposure to ServiceNow ITSM/ITOM, SCCM/ConfigMgr to Intune transitions, software metering, and license optimization.
• Knowledge of network (Wi-Fi/802.1X/NAC), printing modernization, and meeting room/AV solutions (Teams Rooms).
• Experience with co-determination processes and drafting Works Council agreements for IT/DEX solutions.
• Familiarity with sustainability in EUC (device lifecycle, e-waste, energy management) and FinOps for M365.

Soft Skills & Leadership

• Executive presence; able to translate complex technology into business value and regulatory outcomes.
• Influential stakeholder management with Works Councils, Security, and Compliance teams.
• High ownership, structured thinking, and data-driven decision making.
• Talent development and mentoring of architects/engineers; culture of continuous improvement.

• Competitive compensation with performance incentives, learning budget, and certification support.
• Hybrid working model with modern collaboration tooling.