Data Security Architect

Role: Data Security Architect (Enterprise Architect) Location: Remote that can travel one week a month to Deerfield Beach, FL (Expenses paid in full) Duration: Long Term on W2 Position Summary: We are seeking a Data Security Architect to lead the design and implementation of enterprise-wide data protection and governance frameworks across cloud and AI platforms. This role will focus on data security strategy, architecture, and compliance to protect sensitive information across Azure, AWS, and hybrid environments, while ensuring integration with IAM, PAM, and AI security controls. The ideal candidate will bring deep expertise in data encryption, governance, classification, and lifecycle management in regulated, large-scale enterprises. Key Responsibilities: • Data Security Architecture & Strategy • Define and implement data protection frameworks across AI, cloud, and enterprise systems. • Architect end-to-end encryption solutions for data in transit, at rest, and in use. • Ensure Zero Trust data access principles across multi-cloud and hybrid environments. • Data Governance & Compliance • Establish policies for data classification, labeling, retention, and lifecycle management. • Integrate governance tools (e.g., Microsoft Purview, AWS Macie) for enterprise-wide visibility. • Align security controls with compliance standards: NIST, ISO 27001, GDPR, HIPAA, CCPA, PCI-DSS. • Integration with Cloud & IAM Security • Partner with IAM Architects to enforce role-based and attribute-based access controls. • Integrate PAM solutions (CyberArk, Azure PIM) for sensitive data access. • Collaborate with Cloud Security Architects on secure data storage, transfer, and DR/HA strategies. • AI/ML Data Protection • Secure training data, inference pipelines, and AI models against poisoning, leakage, and adversarial attacks. • Define data anonymization, masking, and differential privacy techniques for AI workloads. • Work with AI teams to ensure ethical and compliant use of data in LLMs and cognitive services. • Monitoring, Risk, and Incident Response • Implement data loss prevention (DLP) controls across SaaS, IaaS, and PaaS environments. • Design monitoring dashboards using SIEM/SOAR platforms (Azure Sentinel, Splunk, AWS GuardDuty). • Perform risk assessments, threat modeling, and data security audits. • Support incident response for data breaches and coordinate forensic investigations. Required Qualifications: • 10+ years in data security, cloud security, or enterprise security architecture. • Deep expertise in Azure (Purview, Defender for Cloud, Key Vault, Synapse, Data Lake) and AWS (Macie, KMS, Lake Formation, GuardDuty). • Strong knowledge of data encryption, tokenization, key management (KMS/HSMs). • Proven experience in data governance, regulatory compliance, and risk management. • Hands-on experience with IAM/PAM integration for data-centric security. • Familiarity with AI/ML data protection, privacy-preserving techniques, and secure MLOps. • Strong scripting and automation skills (Python, PowerShell, Terraform, Bicep). • Excellent leadership, communication, and stakeholder management skills. Preferred Qualifications: • Certifications: CISSP, CCSP, CISM, CISA, Microsoft Certified: Azure Security Engineer, AWS Security Specialty. • Experience with data-centric security in AI and large-scale cloud environments. • Familiarity with NIST AI RMF, ISO/IEC 23894, MITRE ATLAS. • Prior experience working with enterprises >5,000 employees in regulated industries (finance, healthcare, government).