More jobs:
Data Security Architect
Job in
Concord, Merrimack County, New Hampshire, 03306, USA
Listed on 2026-07-08
Listing for:
IDEXX
Full Time
position Listed on 2026-07-08
Job specializations:
-
IT/Tech
Data Security, Cybersecurity, Cloud Computing: Infrastructure & Operations, Data Engineering
Job Description & How to Apply Below
The Data Security Architect is responsible for defining the enterprise architecture, control patterns, and design standards for protecting sensitive data across IDEXX’s platforms, including Snowflake, Databricks, M365, Box, and cloud applications (AWS-first). This role ensures that data security capabilities—such as DSPM, DLP, and data platform controls—are designed correctly, integrated across systems, and scalable, enabling consistent protection of sensitive data across the enterprise.
This is a design and architecture leadership role, focused on the “how” of data protection, not day-to-day program execution or tool operations.
- Data Security Architecture & Design
- Define the enterprise data security architecture, including:
- Data discovery and classification (DSPM integration)
- DLP/CASB control strategy (M365, Box, endpoint)
- Data platform security controls (Snowflake, Databricks)
- Application/API data protection patterns (cloud-first)
- Establish standard control patterns, including:
- Data classification and tagging models
- Encryption, tokenization, and masking strategies
- Data access control models (RBAC, ABAC, RLS)
- Data movement and sharing controls
- Ensure consistency and scalability of data protection across SaaS, cloud, and application environments
- Define the enterprise data security architecture, including:
- Platform Integration & Control Alignment
- Design and drive integration across:
- Snowflake and Alation (data catalog and ownership mapping)
- Entra (identity-driven access controls and policy enforcement)
- M365 and Box (data loss prevention and collaboration controls)
- Cloud environments (AWS, Azure, GCP)
- Ensure alignment between:
- DSPM findings
- DLP policies
- Data platform controls
- Translate data risk insights into technical control implementation requirements
- Design and drive integration across:
- Reference Architecture & Engineering Enablement
- Develop and maintain a Data Security Reference Architecture
- Define secure design patterns and implementation guidance for:
- Data engineering teams
- Application development teams
- Cloud platform teams
- Enable engineering teams to embed data protection into systems and workflows, rather than relying solely on downstream tooling
- Collaboration with Program & Engineering Teams
- Partner with:
- Data Security Program Lead (execution and governance)
- Data Security Engineering Lead (implementation delivery)
- Cyber Defense / SOC teams (operational integration)
- Provide architectural direction and design input while ensuring:
- Execution teams can implement effectively
- Controls remain aligned to risk priorities
- Partner with:
- Standards, Governance & Continuous Improvement
- Define and evolve data protection standards aligned to:
- Data Management Policy (classification, handling, retention)
- Regulatory requirements (HIPAA, GDPR, etc.)
- Evaluate emerging capabilities and tools:
- DSPM platforms
- DLP/CASB solutions
- Data platform‑native controls
- Continuously improve architecture based on:
- New data risks
- Platform evolution (Snowflake, AWS, etc.)
- Feedback from operations and engineering
- Define and evolve data protection standards aligned to:
- 7–10+ years experience in:
Data security, cloud security, or security architecture - Location:
We are looking for someone driving distance to our HQ in Westbrook, Maine for a flexible hybrid requirement of 8 days per month. Alternatively, we are open to those in NH or MA that can travel in less frequently. - Strong experience designing security for:
- Cloud‑native data platforms (Snowflake, Databricks)
- SaaS and collaboration environments (M365, Box)
- Enterprise identity systems (Entra )
- Proven ability (via outcomes) to design and scale:
- Data classification and tagging models
- Data protection controls (DLP, masking, encryption)
- Access control models (RBAC, ABAC)
- Experience working across:
- Data engineering
- Application engineering
- Cloud platform teams
- Deep understanding of:
- Data protection architecture and lifecycle management
- Data platforms (Snowflake strongly preferred)
- Cloud environments (AWS preferred; Azure/GCP familiarity)
- Working familiarity with:
- DSPM tools (e.g., Cyera, BigID, etc.)
- CASB/DLP platforms (M365, endpoint, etc.)
- Data catalog and governance tools (e.g., Alation)
- Knowledge of:
- Encryption, tokenization, and data masking techniques
- Data access governance models and patterns
- Understanding of regulatory frameworks relevant to…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×