Location: Stuttgart
Department:
Digital Workplace / End‑User Computing (EUC)
Reports to:
Director / Head of Digital Workplace Architecture
Employment Type:
Full‑time
Role Summary
We are seeking a strategic and hands‑on
Digital Workplace Architect (d/f/m)
to shape, lead, and govern enterprise‑scale workplace transformations across Germany and the wider DACH region. You will define target architectures, lead complex solution designs (M365, Intune/UEM, Windows/macOS, mobile, VDI, collaboration, experience analytics), and partner with business, security, and works councils to deliver a secure, compliant, high‑performing digital employee experience. This role combines
enterprise architecture leadership, presales/orals
, solution governance, and
delivery assurance
with a strong focus on
Zero Trust, automation, and measurable experience outcomes
.
Key Responsibilities
Architecture & Strategy
* Own the
Digital Workplace target architecture
and multi‑year roadmap (Windows 11, macOS, iOS/iPadOS, Android; physical/virtual endpoints; on‑prem/cloud services).
* Define
reference architectures
, blueprints, standards, and patterns (e.g., Zero Trust endpoint posture, identity‑first access, modern management, AI‑powered support).
* Perform current‑state assessments, develop
To‑Be
architectures, and lead
transition states
and migration strategies at scale.
* Align workplace strategy to business value drivers (productivity, cost, compliance, sustainability, and employee experience).
Solution Design & Governance
* Lead end‑to‑end
solutioning
across M365 (Teams, Exchange Online, SharePoint/OneDrive),
Intune/UEM
,
Autopilot/ABM/DEP
,
GPO to MDM
modernization,
VDI
(Citrix/AVD/VMware), collaboration and meeting rooms, printing, and
experience analytics
(Nexthink/Lakeside).
* Define
security
and
compliance
controls (Conditional Access, Defender, DLP, data residency, encryption, app protection, least privilege), partnering with Security/Privacy/Legal.
* Establish architecture governance, patterns,
guardrails
, and
technical debt
management; run design reviews and ensure
traceability
to requirements and policies.
* Drive
standards
for packaging, patching, app lifecycle, image‑less provisioning, configuration drift management, and endpoint telemetry.
Delivery Leadership & Assurance
* Provide
delivery oversight
, architectural runway, and risk management across programs and complex work‑streams.
* Define
KPIs/OKRs
(DEX score, login times, crash rates, patch latency, ticket deflection, MTTR, CSAT/eNPS) and ensure continuous experience improvement.
* Champion
automation
(PowerShell, Graph API, proactive remediations), self‑service, and
AIOps
to reduce TCO and elevate employee experience.
* Guide
capacity & performance planning
,
resiliency
, and
Business Continuity
for critical workplace services.
Stakeholder, Presales & Financials
* Serve as the senior
architectural point of contact
for CIO/CTO, CISO, HR, Procurement, Facilities, and
Betriebsrat (Works Council)
partners.
* Lead presales:
RFP/RFI/RFQ
, solution costing, BoE/BoM,
orals
, demos/PoCs; articulate business cases and
TCO/ROI
.
* Support
vendor selection
and commercial negotiations; oversee license optimization (M365 E3/E5, security add‑ons).
* Contribute to portfolio development, thought leadership, and
reusable accelerators
.
Compliance & Germany‑Specific Requirements
* Ensure designs comply with
GDPR
,
BDSG
, and data minimization principles; define
privacy‑by‑design
in telemetry, DEX tooling, and remote support.
* Engage collaboratively with
Works Councils
on employee data, monitoring, and change impacts; create transparent DPIAs and Betriebsvereinbarungen where applicable.
* Consider
BITV 2.0
accessibility requirements and
ArbSchG
(occupational safety) in the workplace design and device standards.
* Align identity and device trust with
EU data residency
and sovereign requirements where relevant.
Required Qualifications & Experience
* 12–15+ years
in End‑User Computing/Digital Workplace with
7+ years
in architecture/strategy roles; successful delivery of
large enterprise
transformations (10k+ endpoints).
* Deep hands‑on expertise with:
* Microsoft 365
(Teams, Exchange Online, SharePoint/OneDrive),
Entra ID (Azure AD)
,
Conditional Access
,
Defender
suite.
* Endpoint Management/UEM
: Microsoft
Intune
, Autopilot, co‑management, Win11 servicing, macOS management (Jamf/Intune), iOS/Android (Intune/ABM/DEP).
* VDI/EUC
:
Citrix
/
Azure Virtual Desktop
/ VMware Horizon (image strategy, profiles, app layering, HDX/FSLogix).
* Automation & Scripting
:
PowerShell
, Graph API, proactive remediations, packaging (Win32/MSIX), CI/CD for workspace configs.
* Experience Analytics/DEX
: Nexthink, Lakeside, or equivalent (SLAs/XLAs, sentiment, synthetic tests).
* Strong grasp of
Zero Trust
for endpoints, identity‑driven security, DLP, MAM/APP, encryption, and
least‑privilege
models.
* Proven
governance
: standards, patterns, risk controls, and audit readiness.
* Presales/Consulting
experience: RFPs, solution costing, orals, and C‑suite communication.
* Language:
Fluent
German (C1)
and
English
(written and spoken).
* Ability to travel within
Germany/DACH
(approx. 20–40%).
Preferred Qualifications
* TOGAF
,
ITIL v4
,
Microsoft Certified: Cybersecurity Architect / Identity and Access Administrator / Endpoint Administrator / Solutions Architect
,
Citrix CTA/CCE‑V
,
Nexthink Associate/Professional
.
* Exposure to
ServiceNow ITSM/ITOM
,
SCCM/ConfigMgr to Intune
transitions, software metering, and license optimization.
* Knowledge of
network
(Wi‑Fi/802.1X/NAC),
printing modernization
, and
meeting room/AV
solutions (Teams Rooms).
* Experience with
co‑determination
processes and drafting
Works Council agreements
for IT/DEX solutions.
* Familiarity with
sustainability
in EUC (device lifecycle, e‑waste, energy management) and
FinOps
for M365.
Soft Skills & Leadership
* Executive presence; able to
translate
complex technology into business value and regulatory outcomes.
* Influential stakeholder management with
Works Councils
, Security, and Compliance teams.
* High ownership, structured thinking, and
data‑driven decision making
.
* Talent development and
mentoring
of architects/engineers; culture of continuous improvement.
Success Metrics (Illustrative)
* >25% reduction
in high‑impact incidents / MTTR;
>20% improvement
in DEX scores within 12 months.
* >30% automation‑driven
ticket deflection in endpoint support.
* 95%+
patch compliance within SLA;
GPO→MDM
migration completion on plan.
* Positive Works Council outcomes and
zero critical audit findings
.
* Realized
TCO/ROI
per business case (license optimization, endpoint standardization, energy savings).
What We Offer
* Opportunity to lead
industry‑defining
workplace transformations across DACH.
* Autonomy to set
architecture vision
and invest in accelerators/automation.
* Competitive compensation with performance incentives, learning budget, and certification support.
* Hybrid working model with modern collaboration tooling.
Equal Opportunity
We are an equal opportunity employer. All qualified applicants will be considered without regard to gender, age, disability, ethnic origin, religion or belief, sexual orientation, or identity. We welcome applications from candidates with disabilities. (m/f/d)