Data Security Principal Architect

Job Title: Data Security Principal Architect

Duration: 1 Year Contract

Location: Allentown, PA (Lehigh Valley) or Providence, RI (Hybrid Role)

Looking for experience with Snowflake, Microsoft Defender, DLP tools, Azure Purview and with a data engineering background that is operating in an oversight role or assisting a larger organization using those tools.

Job Description:

• The client is seeking a highly skilled Data Security Principal Architect to join our Cybersecurity organization.
• The Data Security Principal Architect will serve as a strategic leader and technical expert, responsible for defining and implementing robust data protection frameworks across our digital estate.
• This hybrid role bridges traditional Microsoft Information Protection and compliance tools with modern AI-centric data security practices, including encryption for LLM pipelines, secure vector stores, and legacy data remediation.
• This individual will collaborate closely with Security Engineering, Data Governance, Cloud Ops, and AI/ML teams to secure data throughout its lifecycle.

Responsibilities:

• Define and own the data protection strategy across structured, semi-structured, and unstructured data. Align with regulatory, legal, and business mandates (e.g., NERC, SOX, CCPA, GDPR).
• Architect and deploy Azure Purview for data classification, and insider risk management policies.
• Lead secure implementation of AI Data Pipelines (RAG, Vector DBs), TDE for SQL workloads, and explore applicability of Fully Homomorphic Encryption (FHE) and Differential Privacy (DP) for AI/LLM pipelines.
• Develop strategies for legacy data de-duplication, archiving, and migration. Evaluate long-term retention risk and optimize lifecycle policies.
• Implement and manage DLP rules across email, endpoints, cloud storage, and collaboration platforms (e.g., Microsoft 365, SharePoint).
• Provide architectural guidance to product teams and AI/ML engineers. Author security patterns, threat models, and playbooks.
• Evaluate and integrate third-party tools for data discovery, monitoring, and tokenization. Drive automation around classification and response.
• Define DSPM Strategy and Architecture.
• Define Data Incident Protocol and Playbook.

Qualifications:

• Bachelor’s degree in computer science, Information Security, and/or a related field or an equivalent level of experience on a year-on-year basis.

Required Experience:

• 10 years in information security or date architecture roles.

Preferred Qualifications:

• Previous experience with utilities or highly regulated industries.
• Working knowledge of structured data protection in data lakes or Azure Synapse.
• Experience contributing to LLM security or responsible AI design patterns.
• SANS/GIAC, CISSP, or Azure Security certification.
• Experience with legacy data cleanup initiatives, e.g., tape archive migration.
• Experience with DSPM platform.
• Strong understanding of cryptographic primitives and modern data security standards (AES, SHA, TLS, etc.) as well as an understanding of proposed quantum ready cryptography standards.
• Excellent communication skills and the ability to influence technical and executive stakeholders.
• Demonstrated ability to assess risk trade-offs between security, usability, and operational efficiency.
• Deep interest in AI safety, responsible data stewardship, and future-proofing sensitive workloads.