Identity and Data Security Architect

About The Position

Requirements

• 6+ years of progressive experience in identity, data security, or access governance roles, ideally within consulting, professional services, or complex enterprise environments
• Demonstrated ability to own outcomes end-to-end, from strategy through hands-on implementation
• Hands-on experience deploying and operationalizing DSPM platforms (Cyera, Laminar) as a core security control
• Strong experience with IAM and IGA platforms such as Entra ID, and Okta including access governance and enforcement
• Practical experience using tools such as Cyera, Laminar, BigID and Varonis to perform data discovery, classification, masking, DSPM, and DLP
• Solid understanding of identity-based API authentication and authorization
• Understanding of modern cloud, data platforms, and identity-aware application architectures
• Working knowledge of incident response, business impact analysis, and BC/DR concepts as they relate to identity and data access
• Strong customer-facing communication skills, comfortable with engineers and executive stakeholders
• Note: Experience focused primarily on network security or secure service edge platforms without meaningful exposure to data discovery and access governance is unlikely to be sufficient for this role.

Nice To Haves

• CISSP or CCSP
• Microsoft SC-100 (Cybersecurity Architect Expert)
• Okta Consultant or Administrator certification, or equivalent IAM certification

Responsibilities

• Data Visibility & Posture Management Lead DSPM-led data discovery and posture management deployments across cloud, SaaS, and data platforms
• Lead discovery engagements to identify where sensitive data resides, how it is accessed, and where controls break down
• Translate findings into prioritized technical roadmaps aligned to business impact and cyber risk
• Identity & Access Architecture Own the data access control plane and operate alongside secure access and network security architectures
• Design controls that govern who can access sensitive data independent of how or where users connect, including SaaS, APIs, and AI workloads
• Define access models for human users, service accounts, and application and API workloads
• Implement conditional access, lifecycle governance, and identity controls tied directly to data sensitivity
• IAM / IGA Platform Architecture & Configuration Architect and configure IAM and IGA platforms such as Microsoft Entra ID and Okta
• Personally architect, configure, and validate identity and data security platforms
• Enforcement & Data Controls Translate DSPM findings into enforcement actions, including entitlement reduction, access governance changes, DLP and browser-based control updates, and API access restrictions
• Design and enforce DLP strategies for data at rest and data in transit, aligned to classification and identity context
• Implement browser- and endpoint-based data controls using secure access technologies as appropriate
• Architect API and non-human identity security models using identity-based authentication and authorization
• Reduce risk from token misuse, over-privileged APIs, long-lived secrets, and lateral data movement
• Data Platform Security Secure data lakes, warehouses, and lakehouses using identity-aware access, classification, and policy enforcement
• AI / ML & LLM Workload Security Design controls governing access to data used in analytics, AI/ML, and LLM-enabled workloads
• Address AI-specific risks including data leakage, unauthorized access, and model abuse
• Delivery Leadership & Solution Quality Act as a player and coach on larger engagements, providing design leadership while contributing directly to execution
• Ensure solutions are functional, testable, and enforceable
• Resilience, Incident Readiness & Recovery Design identity and data access controls that function during incidents, recovery events, and degraded operating states
• Align architectures with incident response, cyber recovery, and BC/DR plans
• Internal Standards & Presales Support Develop internal reference architectures, patterns, and delivery standards for identity and data access security
• Support presales and solution shaping by articulating clear, outcome-based security approaches