Staff Cybersecurity Architect - Data Security & Data Loss Prevention

About The Position

Requirements

• Bachelor’s degree in arts/sciences (BA/BS) or equivalent experience – Required
• 8+ years of progressive experience in information technology security/infrastructure engineering/architecture – Required
• 6+ years of data security and data loss prevention control implementation/architecture experience focused on technical control design, implementation, and validation in enterprise environments - Required
• Demonstrated success designing and deploying enterprise data security and data loss prevention technology controls, platforms, and programs – Required
• Deep understanding of industry best practices, ISO 27001/27701, SOC 2 and NIST aligned compliance and security frameworks, particularly as they relate to data protection and DLP – Required
• Strong technical background in data classification, Varonis Data Security, Microsoft Purview, and Microsoft Defender security suite across hybrid on-premise and multi-cloud infrastructure. – Required
• Proven experience supporting audit, regulatory, or certification efforts through technical control implementation and validation – Required
• Ability to map and document complex systems and data flows; advanced analytical and problem-solving skills, including competency with tooling such as Lucid chart, Visio, Excel – Required
• Advanced analytical and problem solving skills with strong attention to detail – Required
• Advanced oral and written communication skills, with a strong ability to work collaboratively to convey technical concepts to engineering, audit, and leadership audiences fostering an outcome focused environment – Required
• Demonstrated capability to analyze, operationalize, and continuously improve security controls and business processes – Required
• Hands on experience automating security controls, validation testing, and evidence collection using scripting, APIs, or SOAR platforms – Required
• Strong understanding of cryptographic controls, certificate‑based authentication, mutual TLS, and their role in zero trust and data protection architectures – Preferred
• Demonstrated experience designing, operating, or modernizing enterprise PKI solutions, including certificate lifecycle management, trust models, and integration with identity and infrastructure platforms – Preferred
• Experience implementing automation for certificate issuance, renewal, revocation, and inventory using native tooling, scripting, APIs, or platform‑integrated services – Preferred
• Proven ability to influence outcomes and drive adoption in a matrixed organization without direct authority – Preferred

Nice To Haves

• Active CIPT, CDPSE, CISSP certification – Preferred
• Additional certifications (e.g., Microsoft SC100/SC400/AZ500, Varonis DSE, CDP, CISA, GIAC, CCSP) – Preferred
• Strong understanding of cryptographic controls, certificate‑based authentication, mutual TLS, and their role in zero trust and data protection architectures – Preferred
• Demonstrated experience designing, operating, or modernizing enterprise PKI solutions, including certificate lifecycle management, trust models, and integration with identity and infrastructure platforms – Preferred
• Experience implementing automation for certificate issuance, renewal, revocation, and inventory using native tooling, scripting, APIs, or platform‑integrated services – Preferred
• Proven ability to influence outcomes and drive adoption in a matrixed organization without direct authority – Preferred

Responsibilities

• Develop, maintain, and evolve enterprise data security and data loss prevention architectures aligned to business objectives, regulatory requirements, and data classification standards.
• Champion the integration of datacentric security controls across endpoint, identity, collaboration, storage, and data platforms, ensuring secure by default and least privilege principles.
• Design and operationalize Microsoft Purview Information Protection and DLP capabilities, including sensitivity labeling, classification, policy enforcement, and user experience considerations.
• Architect and implement Microsoft Defender capabilities (Endpoint, Identity, Office 365, Cloud Apps) to protect data throughout its lifecycle.
• Serve as a senior technical authority for data security and DLP across Windows, macOS, Windows Server, and Linux environments, ensuring consistent enforcement across heterogeneous platforms.
• Integrate Microsoft Security capabilities with complementary platforms such as Varonis Data Security to provide comprehensive data protection.
• Author and maintain data security and DLP standards, reference architectures, and technical guardrails aligned to NIST and internal security frameworks.
• Convert business risks and regulatory obligations into technical requirements and traceable, measurable mitigation strategies.
• Evaluate new platforms, tools, and vendors for strategic fit, security posture, and architectural impact.
• Provide technical leadership, mentorship, and escalation support for complex data security and DLP challenges.
• Communicate control posture, risks, and recommendations clearly to engineering, audit, and leadership stakeholders.
• Continuously assess and improve data security posture through metrics, dashboards, and control validation.
• Collaborate with PKI teams to manage certificate lifecycle operations, including issuance, renewal, revocation, and inventory.
• Perform other duties as assigned.

Benefits

• RGA also maintains a full range of health, retirement, and other employee benefits.