Data Security Architect

Responsibilities

• Evaluate the existing data/information governance (Inventory, Classification and Protection) toolsets and technical capabilities to meet the PCAOB’s defined current and emerging requirements. 
• Investigate environment to understand business needs and technical constraints 
• Recommend initial and subsequent iterative improvements to technology environment and processes 
• Create and maintain a trusted partnership with business owners to understand and document use cases that can be leveraged and are represented in delivered architectural artifacts 
• Architect and build a data/information protection program that addressed the following key tenants across the operated and/or managed on premises and Cloud environments: 
• Data/information (structured and unstructured) inventory and catalog creation  
• Classification and labeling in accordance with defined requirements and classification schema 
• Automation of data/information protection control workflows - access authorization, flow control (both internal and external) and key management solutions and patterns to protect sensitive data/information and secrets 
• Monitoring and reporting - a single pane of glass for data owners to sustain the data protection program  
• Document data/information technical security control objective, design, implementation, and maintenance/sustainment (user manuals, diagrams). 
• Develop strategies and roadmaps for data/information security capabilities using technologies such as Data Loss Prevention, Data Encryption/Tokenization/Masking, Endpoint and Network Data Controls, and Data Lifecycle Management. 
• Provide guidance and technical leadership to project teams to ensure data/information security requirements are properly integrated into software development and infrastructure projects. 
• Partner and collaborate with cross-functional teams to identify and address data/information security risks across the organization. 

Qualifications Required: 

• Established Senior Data Protection Architect with at least 10 years within the broader Cyber Security disciplines and technologies. 
• At least 5 years of hands-on experience in the architecting, design and implementation of technical solutions providing data/information inventory, classification and protection capabilities. 
• Data labeling/tagging (structured and unstructured information/data) 
• Access and Flow control integration and workflow automation: 
• Cloud Access Security Broker 
• Content Filtering 
• Encryption/Tokenization/Obfuscation/Masking 
• Rights Management 
• Database (SQL and Non-SQL), Email, Endpoint Security, User Entity Behavior Analytics (UEBA)  
• Logging, monitoring and reporting 
• Hands-on experience with data/information inventory, classification and protection solutions within the following environments: 
• On-premises MS SQL databases 
• Cloud (IaaS/PaaS and SaaS) with primary focus on Azure, analytics services (Azure Databricks and Power BI) and ServiceNow environments 
• Hands-on subject matter expertise with data cataloging and protection tools and technologies, such as the following: 
• Microsoft Azure Purview and Defender for Cloud to include using Purview information barriers with SharePoint Online 
• Informatica Cloud Data Governance & Catalog  
• ServiceNow Vault data protection services  
• Varonis, Big ID and other recognized leading solutions. 
• Experience developing requirements and models for the future-state, current state and gaps in data inventory, classification and protection capabilities and controls (preventive, detective and corrective). 
• Data security architecture experience applying enterprise architecture principles and methods in supporting IT programs and projects. 
• Demonstrable understanding of security solutions and designs from the view of people, process and technology. 
• Strong knowledge of encryption standards and technologies, such as AES, RSA, and PKI. 
• Knowledge and experience implementing established information security frameworks and standards (i.e. NIST CSF, NIST 800-53 and ISO 2700x) and their application into diverse environments  
• Knowledge of laws like GDPR, HIPAA, or CCPA, which govern how personal data is collected, stored, and shared. 
• Ability to articulate technical security gaps in terms of business risk 
• Cyber Security related qualification (s) such as CISSP-ISSAP, CCSP, GDSA, CRTSA, CDPSE, CISM 
• Data Certifications: Azure Data Engineer Associate, Associate Big Data Engineer, Senior Big Data Engineer