Data Security Architect, Sr

About The Position

Requirements

• H.S. Diploma or GED
• 10 years' experience in information security, computer management, identity access management, or IS networking, including at least 5 years of information security experience
• 3–5 years of experience in GRC, IT audit, information security, or risk management within a regulated industry (healthcare or insurance preferred).
• Working knowledge of frameworks such as NIST CSF, NIST SP 800-53, HIPAA Security Rule, and state or accreditation-based security standards (e.g., Texas HHS, TDI, Joint Commission).
• Familiarity with internal controls over financial reporting audit requirements such as SOX, AFRMR (MAR).
• Understanding of emerging AI governance and compliance considerations, with the ability to recommend appropriate controls to mitigate AI-related risks.
• Experience using GRC platforms (e.g., ServiceNow GRC, Archer, OneTrust, or similar).
• Strong understanding of IT and security control domains (access management, configuration management, vulnerability management, incident response, asset protection, etc.).
• Excellent communication and presentation skills with the ability to translate technical details into business-relevant insights.

Nice To Haves

• Licenses/Certifications: CISSP - Cert.Info.Sys Security Profes. ISC2
• SANS - SysAdmin, Audit, Network, Sec. SANS
• HCISPP – Cert.Info.Sec.Priv.Profes. ISC2
• Security+ CompTIA
• CCSP Cert.Cloud.Sec.Profes. ISC2
• SSCP Sys.Sec.Cert.Profes. ISC2
• Note: An associates degree will substitute for 2 years of experience. A bachelor's degree will substitute for 4 years of experience.

Responsibilities

• Provide guidance on IT and cybersecurity risk-related matters, including identifying, assessing, and prioritizing risks across systems and business processes.
• Collaborate with business owners, service owners, control owners, and technical teams to design, implement, and maintain risk-mitigating controls that reduce exposure to threats and support organizational compliance objectives.
• Perform assessments of IT and security controls to verify effectiveness, ensure ongoing compliance, and identify opportunities for improvement.
• Support the execution and delivery of internal and external assurance activities such as audits, security assessments, certifications, and compliance reviews, ensuring control evidence and documentation are complete and accurate.
• Track, document, and report gaps, control exceptions, and issues; guide remediation activities and validate resolution to closure.
• Review and provide input on information security policies, standards, and procedures to ensure continued alignment with applicable laws, regulations, and industry frameworks.
• Provide advisory support to other GRC workstreams such as vendor risk management, and security awareness, ensuring consistent control expectations across the enterprise.
• Offer guidance on implementing controls to mitigate risks associated with the use of AI technologies, including data privacy, model integrity, and algorithmic transparency, ensuring alignment with internal AI policies and applicable regulatory requirements.
• Serve as a subject matter expert to various departments and project teams, offering guidance on appropriate security, technical, and privacy controls that safeguard organizational assets and sensitive data.
• Develop or assist in creating executive-level presentations, reports, and dashboards that communicate cybersecurity performance, risk metrics, and control effectiveness to leadership for strategic decision-making.
• Utilize enterprise GRC platforms such as ServiceNow GRC to manage risk and compliance workflows; familiarity with Data Loss Prevention (DLP), Data Classification, Shadow IT tools, and other cybersecurity tools is preferred.