Staff Cybersecurity Architect - Data Security & Data Loss Prevention

The Staff Cybersecurity Architect – Data Security & Data Loss Prevention is a senior technical leader responsible for designing, implementing, validating, and continuously measuring enterprise data security posture, data protection controls, and reference architectures. This role ensures data protection controls are embedded throughout endpoint, identity, collaboration, storage, data platforms and cryptographic trust services, applying secure by design and zero trust principles across multi-cloud, SaaS, and on premises environments. 

The Data Security & Data Loss Prevention architect operates at the intersection of architecture, engineering, and audit readiness, proactively translating regulatory and business risk into deployable, testable, and measurable controls. The architect will champion controls that are not only well designed but operationalized, continuously validated, and demonstrably effective. Through close collaboration with platform stakeholders and service owners, the role advances the organization’s data protection maturity while enabling scalable, audit ready defenses. 

Principle Duties 

• Develop, maintain, and evolve enterprise data security and data loss prevention architectures aligned to business objectives, regulatory requirements, and data classification standards. 

• Champion the integration of datacentric security controls across endpoint, identity, collaboration, storage, and data platforms, ensuring secure by default and least privilege principles. 

• Design and operationalize Microsoft Purview Information Protection and DLP capabilities, including sensitivity labeling, classification, policy enforcement, and user experience considerations. 

• Architect and implement Microsoft Defender capabilities (Endpoint, Identity, Office 365, Cloud Apps) to protect data throughout its lifecycle. 

• Serve as a senior technical authority for data security and DLP across Windows, macOS, Windows Server, and Linux environments, ensuring consistent enforcement across heterogeneous platforms. 

• Integrate Microsoft Security capabilities with complementary platforms such as Varonis Data Security to provide comprehensive data protection. 

• Author and maintain data security and DLP standards, reference architectures, and technical guardrails aligned to NIST and internal security frameworks. 

• Convert business risks and regulatory obligations into technical requirements and traceable, measurable mitigation strategies. 

• Evaluate new platforms, tools, and vendors for strategic fit, security posture, and architectural impact. 

• Provide technical leadership, mentorship, and escalation support for complex data security and DLP challenges. 

• Communicate control posture, risks, and recommendations clearly to engineering, audit, and leadership stakeholders. 

• Continuously assess and improve data security posture through metrics, dashboards, and control validation. 

• Collaborate with PKI teams to manage certificate lifecycle operations, including issuance, renewal, revocation, and inventory. 

• Perform other duties as assigned. 

Education 

• Bachelor’s degree in arts/sciences (BA/BS) or equivalent experience – Required 

• Active CIPT, CDPSE, CISSP certification – Preferred 

• Additional certifications (e.g., Microsoft SC100/SC400/AZ500, Varonis DSE,  CDP, CISA, GIAC, CCSP) – Preferred 

Work Experience

• 8+ years of progressive experience in information technology security/infrastructure engineering/architecture – Required 

• 6+ years of data security and data loss prevention control implementation/architecture experience focused on technical control design, implementation, and validation in enterprise environments - Required 

• Demonstrated success designing and deploying enterprise data security and data loss prevention technology controls, platforms, and programs – Required 

• Deep understanding of industry best practices, ISO 27001/27701, SOC 2 and NIST aligned compliance and security frameworks, particularly as they relate to data protection and DLP – Required 

• Strong technical background in data classification, Varonis Data Security, Microsoft Purview, and Microsoft Defender security suite across hybrid on-premise and multi-cloud infrastructure. – Required 

• Proven experience supporting audit, regulatory, or certification efforts through technical control implementation and validation – Required 

• Ability to map and document complex systems and data flows; advanced analytical and problem-solving skills, including competency with tooling such as Lucid chart, Visio, Excel – Required 

• Advanced analytical and problem solving skills with strong attention to detail – Required 

• Advanced oral and written communication skills, with a strong ability to work collaboratively to convey technical concepts to engineering, audit, and leadership audiences fostering an outcome focused environment – Required 

• Demonstrated capability to analyze, operationalize, and continuously improve security controls and business processes – Required 

• Hands on experience automating security controls, validation testing, and evidence collection using scripting, APIs, or SOAR platforms – Required 

• Strong understanding of cryptographic controls, certificate‑based authentication, mutual TLS, and their role in zero trust and data protection architectures – Preferred 

• Demonstrated experience designing, operating, or modernizing enterprise PKI solutions, including certificate lifecycle management, trust models, and integration with identity and infrastructure platforms – Preferred 

• Experience implementing automation for certificate issuance, renewal, revocation, and inventory using native tooling, scripting, APIs, or platform‑integrated services – Preferred 

• Proven ability to influence outcomes and drive adoption in a matrixed organization without direct authority – Preferred 

#LI-CW1

#LI-Remote