Stand up and own the Azure landing zone: subscriptions, resource organisation, networking (private endpoints, VNets), and the Malaysia West region setup for in-country data residency.
Identity & access.
Own identity and access end-to-end: Entra ID for SSO with the JCG group, role-based access control, MFA, conditional access, and break-glass procedures.
CI/CD & IaC
Build and run CI/CD (Azure DevOps or GitHub Actions) and infrastructure-as-code (Bicep or Terraform) so every environment — dev, test, staging, production — is reproducible and promotion is controlled.
Security
Implement the security posture:Microsoft Defender for Cloud, Azure Policy, Key Vault for secrets, data classification, encryption, and the immutable audit trail the platform's governance and regulatory requirements depend on.
Sovereignty
Ensure confidential data and AI workloads never leave the approved in-...