Job Details

The Data Security Principal Architect will serve as a strategic leader and technical expert within the Cybersecurity organization. This role is responsible for defining, implementing, and governing enterprise-wide data protection frameworks across structured, semi-structured, and unstructured data. The position bridges traditional Microsoft Information Protection tools with modern AI-centric security practices, including encryption for LLM pipelines, secure vector stores, and legacy data remediation. The architect will collaborate with Security Engineering, Data Governance, Cloud Ops, and AI/ML teams to secure data throughout its lifecycle while ensuring compliance with regulatory, legal, and business mandates.

Key Responsibilities

• Define and own the data protection strategy, aligning with regulatory mandates such as NERC, SOX, CCPA, and GDPR
• Architect and deploy Azure Purview for data classification and insider risk management policies
• Lead secure implementation of AI Data Pipelines (RAG, Vector DBs), TDE for SQL workloads, and evaluate FHE and Differential Privacy for AI/LLM pipelines
• Develop strategies for legacy data de-duplication, archiving, and migration, and optimize lifecycle policies
• Implement and manage DLP rules across email, endpoints, cloud storage, and collaboration platforms (Microsoft 365, SharePoint)
• Provide architectural guidance to product teams and AI/ML engineers; author security patterns, threat models, and playbooks
• Evaluate and integrate third-party tools for data discovery, monitoring, and tokenization; drive automation around classification and response
• Define DSPM strategy and architecture
• Develop data incident protocols and playbooks
• Perform other duties as assigned and comply with all policies and standards

Level of Autonomy

• Makes strategic and technical decisions independently within the scope of data security and architecture
• Provides guidance and oversight to product, cloud, and AI/ML teams while influencing enterprise security posture

Job Requirements

Education: Bachelor's Degree in Computer Science, Information Security, or a related field, or equivalent experience.

Experience: 10+ years in information security or data architecture roles; hands‑on experience with Snowflake, Microsoft Defender, DLP tools, Azure Purview, and data engineering oversight; previous experience in utilities or highly regulated industries preferred; experience contributing to LLM security or responsible AI design patterns preferred.

Knowledge, Skills, and Abilities

• Deep understanding of cryptographic primitives and modern data security standards (AES, SHA, TLS) and familiarity with quantum-ready cryptography standards
• Strong experience with structured data protection in data lakes or Azure Synapse
• Knowledge of legacy data cleanup, tape archive migration, and DSPM platforms
• Excellent communication and influencing skills with technical and executive stakeholders
• Ability to assess risk trade‑offs between security, usability, and operational efficiency
• Strong interest in AI safety, responsible data stewardship, and securing sensitive workloads

Certifications (Preferred)

SANS/GIAC, CISSP, or Azure Security certification.