Sr Technical Data Security Architect- Remote (Anywhere in the U.S.)

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.Position SummaryWe are seeking an experienced and strategic Senior Technical Data Security Architect to join our growing data platform team. In this highly visible role, you will be responsible for designing, implementing, and governing enterprise-grade data security frameworks across the Microsoft data ecosystem and Databricks lakehouse platform. You will serve as the authoritative technical expert on data protection, privacy, access governance, and compliance, partnering closely with engineering, architecture, and business stakeholders to embed security by design at every layer of the data stack.Key ResponsibilitiesData Security Architecture & StrategyDesign and maintain end-to-end data security architecture across Microsoft Azure, Microsoft Fabric, Azure Synapse Analytics, Azure Data Lake Storage (ADLS Gen2), and Databricks Lakehouse Platform.Define and enforce enterprise data classification, labeling, and handling standards aligned with Microsoft Purview Information Protection.Develop reference architectures and security blueprints for data ingestion, transformation, storage, and consumption layers.Lead threat modeling sessions for data pipelines and analytics workloads, identifying and mitigating risks proactively.Establish a Zero Trust data security model across all data platforms and integration points.Microsoft Data Technologies - Security FocusArchitect and govern data security controls within Microsoft Fabric, including workspace-level and item-level permissions, sensitivity labels, and OneLake security.Design role-based access control (RBAC) and attribute-based access control (ABAC) strategies across Azure Data Factory, Azure Synapse, Azure Databricks, and Azure SQL.Implement and operationalize Microsoft Purview for data catalog governance, data lineage, and automated sensitivity classification across hybrid and multi-cloud data estates.Configure and manage Azure Private Endpoints, VNet integration, and network security groups for data services to eliminate public exposure.Oversee encryption strategies including Azure Key Vault integration, customer-managed keys (CMK), and data-at-rest / data-in-transit encryption standards.Partner with identity teams to enforce Entra ID Conditional Access policies, Privileged Identity Management (PIM), and managed identities for data service authentication.Lead the implementation and tuning of Microsoft Defender for Cloud data security posture management (DSPM) capabilities.Databricks Security ArchitectureArchitect and implement Unity Catalog as the enterprise-wide data governance layer across Databricks workspaces, including metastore design, catalog/schema/table-level permissions, and row/column-level security.Design Databricks workspace security including network isolation (no-public-IP, vNet injection, private link), cluster policies, and IP access lists.Define and enforce Databricks credential passthrough, service principal governance, and OAuth integration with Azure Entra ID.Implement dynamic data masking and column-level security policies within Unity Catalog to protect PII, PHI, and sensitive financial data.Establish Delta Lake security patterns including table ACLs, fine-grained access control, and audit logging strategies via Databricks system tables.Oversee the security of Databricks workflows, notebooks, and job clusters, including secrets management integration with Azure Key Vault-backed secret scopes.Conduct security reviews of MLflow models and Feature Store configurations to address data leakage risks in ML pipelines.Compliance, Audit & Risk ManagementEnsure data platform compliance with relevant regulatory frameworks including GDPR, CCPA, HIPAA, SOC 2 Type II, and PCI-DSS where applicable.Design and maintain audit trail and data access logging architectures across Microsoft and Databricks platforms.Conduct regular security risk assessments, gap analyses, and maturity evaluations of the data security program.Develop and maintain security runbooks, policies, and standards documentation for data platform operations.Coordinate with legal, compliance, and privacy teams to respond to data subject access requests (DSARs) and regulatory inquiries.Cross-Functional Collaboration & LeadershipServe as the primary security advisor to data engineering, analytics engineering, and BI teams throughout the development lifecycle.Lead security architecture review boards for new data initiatives, third-party data integrations, and major platform changes.Develop and lead a structured mentoring program for junior and mid-