Data Security Architect

Job Description

Position: Data Security Architect

Location: Ashburn VA ( Remote)

Duration: 6 months Contract extension

Interview Process: 2 interviews

Must HAVES:

• Microsoft Azure Purview and Defender for Cloud to include using Purview information barriers with SharePoint Online
• Informatica Cloud Data Governance & Catalog
• ServiceNow Vault data protection services
• Varonis Big ID and other recognized leading solutions

Keys/notes

• Hybrid Azure environment
• Servicenow
• Data integrations with databricks
• Will work on designing/ implementing new security architecture
• Data governance

Architect in the Office of Data Security and Technology (ODST) located in Ashburn Virginia office.

Key objectives critical to success:

• This is a handson position that requires previous experience with architecting integrating and implementing a data/information inventory classification and protection solutions/products and technology. Infrastructure considerations that the solution will need to account for include:
• Onpremises (hosted within datacenters and operations in regional offices)
• Cloud (IaaS/PaaS and SaaS) Azure and ServiceNow environments
• Analytics services (Azure Databricks and Power BI)
• Remote workforce
• With highly technical handson expertise inventorying both structured and unstructured enterprise data/information applying sensitivity classifications and building data protection capabilities. The ideal candidate will have proven experience architecting designing implementing and maintaining a comprehensive security architecture/framework to protect sensitive data/information and secrets across an organization.
• The successful candidate will be responsible for driving the data/information protection architecture practices and patterns to ensure that projects software and services meet defined PCAOB standards and regulatory requirements. Additionally the successful candidate will be expected to demonstrate relevant experience dealing with complex data/information protection challenges and serve as trusted advisor to the broader technology functions and business lines.

Responsibilities

• Evaluate the existing data/information governance (Inventory Classification and Protection) toolsets and technical capabilities to meet the PCAOBs defined current and emerging requirements.
• Investigate environment to understand business needs and technical constraints
• Recommend initial and subsequent iterative improvements to technology environment and processes
• Create and maintain a trusted partnership with business owners to understand and document use cases that can be leveraged and are represented in delivered architectural artifacts
• Architect and build a data/information protection program that addressed the following key tenants across the operated and/or managed on premises and Cloud environments:
• Data/information (structured and unstructured) inventory and catalog creation
• Classification and labeling in accordance with defined requirements and classification schema
• Automation of data/information protection control workflows access authorization flow control (both internal and external) and key management solutions and patterns to protect sensitive data/information and secrets
• Monitoring and reporting a single pane of glass for data owners to sustain the data protection program
• Document data/information technical security control objective design implementation and maintenance/sustainment (user manuals diagrams).
• Develop strategies and roadmaps for data/information security capabilities using technologies such as Data Loss Prevention Data Encryption/Tokenization/Masking Endpoint and Network Data Controls and Data Lifecycle Management.
• Provide guidance and technical leadership to project teams to ensure data/information security requirements are properly integrated into software development and infrastructure projects.
• Partner and collaborate with crossfunctional teams to identify and address data/information security risks across the organization.

Qualifications Required:

• Established Senior Data Protection Architect with at least 10 years within the broader Cyber Security disciplines and technologies.
• At least 5 years of handson experience in the architecting design and implementation of technical solutions providing data/information inventory classification and protection capabilities.
• Data labeling/tagging (structured and unstructured information/data)
• Access and Flow control integration and workflow automation:
• Cloud Access Security Broker
• Content Filtering
• Encryption/Tokenization/Obfuscation/Masking
• Rights Management
• Database (SQL and NonSQL) Email Endpoint Security User Entity Behavior Analytics (UEBA)
• Logging monitoring and reporting
• Handson experience with data/information inventory classification and protection solutions within the following environments:
• Onpremises MS SQL databases
• Cloud (IaaS/PaaS and SaaS) with primary focus on Azure analytics services (Azure Databricks and Power BI) and ServiceNow environments
• Handson subject matter expertise with data cataloging and protection tools and technologies such as the following:
• Microsoft Azure Purview and Defender for Cloud to include using Purview information barriers with SharePoint Online
• Informatica Cloud Data Governance & Catalog
• ServiceNow Vault data protection services
• Varonis Big ID and other recognized leading solutions.
• Experience developing requirements and models for the futurestate current state and gaps in data inventory classification and protection capabilities and controls (preventive detective and corrective).
• Data security architecture experience applying enterprise architecture principles and methods in supporting IT programs and projects.
• Demonstrable understanding of security solutions and designs from the view of people process and technology.
• Strong knowledge of encryption standards and technologies such as AES RSA and PKI.
• Knowledge and experience implementing established information security frameworks and standards (i.e. NIST CSF NIST 80053 and ISO 2700x) and their application into diverse environments
• Knowledge of laws like GDPR HIPAA or CCPA which govern how personal data is collected stored and shared.
• Ability to articulate technical security gaps in terms of business risk
• Cyber Security related qualification (s) such as CISSPISSAP CCSP GDSA CRTSA CDPSE CISM
• Data Certifications: Azure Data Engineer Associate Associate Big Data Engineer Senior Big Data Engineer