Data Security Architect (Remote)

About The Position

Requirements

• 6–10 years of progressive experience in Information Security, Data Security, Security Architecture, or related technical roles, with demonstrated ownership of data-centric security programs or initiatives.
• Deep knowledge of data security architecture principles, including data classification, access governance, encryption, tokenization, masking, and data loss prevention across hybrid environments spanning on-premises data centers and multi-cloud platforms.
• Hands-on experience with enterprise-scale cloud data platforms (such as Snowflake, Databricks, or equivalent), with the ability to design and assess security controls including governance, access policy, and data sharing frameworks.
• Experience with cloud environments (Microsoft Azure and/or Amazon AWS), including securing data services across IaaS, PaaS, and cloud-native analytical platforms.
• Experience evaluating or deploying DSPM, data governance, or data classification platforms such as Varonis, Securiti, Cyera, Microsoft Purview, BigID, or equivalent.
• Working knowledge of IAM and access governance principles as applied to data platforms, including RBAC, ABAC, and entitlement management across analytical and operational environments.
• Experience conducting security architecture reviews in complex, heterogeneous data environments, including post-M&A assessments, legacy platform migrations, or on-premises data center programs.
• Strong understanding of regulatory frameworks governing sensitive data, including HIPAA/HITECH, GDPR, CCPA, and GxP, with the ability to translate regulatory requirements into architectural controls across a diverse platform estate.
• Foundational to intermediate knowledge of AI and ML security considerations, including LLM application risks, model pipeline security, and the data protection implications of AI features embedded in or connected to enterprise data platforms.
• Demonstrated ability to operate at the intersection of security and data platform teams, communicating architecture decisions to data engineers, platform architects, business data owners, and senior stakeholders.
• Strong written and verbal communication skills, including experience producing architecture documentation, security standards, and executive-level reporting for senior leadership and governance forums.

Nice To Haves

• Experience within regulated industries — life sciences, healthcare, or financial services — with direct exposure to clinical, patient-level, or pharmaceutical data security requirements is preferred.
• Bachelor’s degree in Computer Science, Information Security, Data Management, or equivalent practical experience is preferred.
• Relevant certifications such as CISSP, CISM, CDPSE, CCSP, AWS/Azure Security Specialty, or CIPP/E are preferred but not mandatory.
• Working knowledge of data governance and security frameworks such as NIST Privacy Framework, DAMA-DMBOK, ISO 27001, or similar is an advantage.

Responsibilities

• Define and own IQVIA’s Data Security Architecture strategy, establishing a formal program from the ground up that is aligned to IQVIA’s hybrid, multi-cloud, and post-M&A data environment and the Data Office’s strategic platform direction.
• Lead the evaluation, selection, and implementation of a Data Security Posture Management (DSPM) platform, encompassing sensitive data discovery, classification, exposure analysis, access risk assessment, and continuous posture monitoring across on-premises and cloud-hosted data environments.
• Develop and maintain a comprehensive data security architecture covering data classification frameworks, data access governance, encryption standards, tokenization, masking, and data loss prevention controls across structured and unstructured data at scale.
• Partner closely with the Data Office to align data security architecture with enterprise data governance and platform strategy, ensuring security controls are embedded in data lifecycle management across analytical, operational, and AI workloads.
• Define security architecture standards and guardrails for IQVIA’s strategic data platforms, including cloud-native analytical environments (Snowflake, Databricks), data movement and transformation tooling, and operational database platforms, ensuring consistent security posture across a diverse and evolving estate.
• Provide data security architecture input and oversight for platform migrations, legacy system decommissions, and M&A integration programs — assessing inherited data estates for sensitive data exposure, access control gaps, and regulatory risk, and defining remediation roadmaps aligned to integration timelines.
• Define IQVIA’s data security approach for AI and LLM-integrated platforms, establishing policy and technical controls governing the safe use of AI capabilities embedded in or connected to data platforms, including controls around data inputs, model outputs, and prevention of regulated data exposure in AI workflows.
• Architect data security controls for advanced analytics and AI/ML pipelines, including protection of training datasets, model pipeline integrity, RAG data source governance, and controls preventing unauthorized use of sensitive data in AI-connected systems.
• Develop and govern IQVIA’s enterprise data classification taxonomy and policy framework, working with Legal, Privacy, Compliance, and business data owners to define classification tiers, handling requirements, and technical enforcement mechanisms across business units and regions.
• Establish data access governance principles across IQVIA’s data platforms, including least-privilege access models, periodic entitlement reviews, and integration with IAM and PAM controls at the data tier.
• Define encryption and key management architecture for data at rest and in transit across on-premises databases, cloud storage, data warehouses, and analytical environments, with particular attention to PHI and cross-border data transfer requirements.
• Provide security architecture input to data platform vendor evaluations and contract negotiations, ensuring security requirements, data-use restrictions, telemetry controls, and audit rights are appropriately represented.
• Support regulatory compliance requirements across GDPR, HIPAA, CCPA, GxP, and applicable regional data protection regimes, translating regulatory obligations into architectural controls and providing assurance evidence for audits and assessments.
• Define metrics, KPIs, and reporting frameworks for data security posture, providing actionable visibility to CISO leadership and Data Office stakeholders on data risk, program coverage, and maturity progression.

Benefits

• The potential base pay range for this role, when annualized, is $112,200.00 - $312,700.00.
• Dependent on the position offered, incentive plans, bonuses, and/or other forms of compensation may be offered, in addition to a range of health and welfare and/or other benefits.