Role Summary

The Cloud Technology Architect - Data & Cloud Security is responsible for defining and governing the enterprise cloud and data security architecture across Microsoft Azure and Microsoft 365 platforms. This role owns the security-by-design strategy for cloud workloads, data protection, identity-driven access, and compliance, ensuring that sensitive data is classified, protected, monitored, and governed throughout its lifecycle.

The architect serves as the authoritative design authority for Microsoft Purview, DLP, Zero Trust security, cloud governance, and security monitoring integration, while providing leadership during high impact security incidents and audits. The role requires a strong blend of architecture leadership, hands on security engineering expertise, and cross functional influence.

Key Responsibilities

1) Cloud & Data Security Architecture

- Define and maintain the enterprise cloud and data security reference architecture for Azure and Microsoft 365.

- Design Zero Trust-aligned architectures, including identity centric access, least privilege models, Conditional Access, and identity protection.

- Establish architectural standards for secure cloud adoption, data classification, protection, and access governance.

- Review and approve security designs for new cloud workloads, SaaS solutions, and data platforms.

2) Microsoft Purview Architecture & Governance

- Architect and govern Microsoft Purview across the organization, including:

Data Map and automated scanning

Information Protection and Sensitivity Labeling

Data Loss Prevention (DLP)

Records Management and Retention

eDiscovery and legal hold workflows

- Define data classification, labeling, and lifecycle standards aligned with regulatory and business requirements.

- Ensure Purview controls are consistently applied across Microsoft 365, Azure data services, endpoints, and third party integrations.

3) Data Loss Prevention & Insider Risk Architecture

- Design and continuously optimize DLP architecture across Endpoint, SharePoint Online, OneDrive, Exchange Online, and Teams.

- Balance risk reduction and user productivity by minimizing false positives through tuning and contextual controls.

- Define architectural patterns for insider risk management, anomaly detection, and misuse prevention.

4) Azure Cloud Security Architecture

- Architect and govern Azure-native security controls, including:

Defender for Cloud (Secure Score, workload protection)

Identity and access security

Network segmentation and isolation patterns

Encryption standards (BYOK/CMK, Key Vault)

- Define security baselines and guardrails for IaaS, PaaS, and SaaS workloads.

- Ensure secure landing zones and policy-driven cloud governance.

5) Security Monitoring, Detection & Response Integration

- Architect integration of data and cloud security signals with Microsoft Sentinel.

- Define analytic use cases, KQL-based detection logic, and SOAR automation patterns for data risk and cloud security events.

- Partner with SOC teams to ensure effective triage, escalation, and response for security incidents involving data or cloud platforms.

6) Governance, Risk & Compliance

- Lead architecture alignment for data residency, privacy mandates, retention, and regulatory compliance.

- Ensure continuous audit readiness through design controls, evidence generation, and documentation.

- Conduct architectural risk assessments and define mitigation strategies for data exposure and cloud misconfigurations.

7) Incident Leadership & Advisory

- Act as the architecture authority during high severity security incidents involving data leakage, unauthorized access, or anomalous behavior.

- Guide root cause analysis and design corrective, preventive, and detective control improvements.

- Drive long term architectural remediation rather than tactical fixes.

8) Cross Functional Enablement & Influence

- Partner with Cloud, Infrastructure, Network, Legal, Compliance, HR, and Application teams to establish a unified data governance and security framework.

- Define role based access models and secure data handling standards across the organization.

- Lead security architecture reviews, knowledge sharing, and executive level design discussions.

9) Architecture Documentation & Standards

- Maintain architecture diagrams, standards, policies, threat models, and risk assessments.

- Define reusable patterns and blueprints for secure cloud and data platforms.

- Ensure architectural decisions are documented and traceable.

Technical Skills (Mandatory)

Cloud & Data Security Architecture

- Azure Security Architecture: Defender for Cloud, identity protection, network security, encryption standards, Key Vault

- Microsoft Purview: Data Map, classification, sensitivity labels, DLP, records management, eDiscovery

- Microsoft Defender XDR: Endpoint, Identity, Cloud Apps (MCAS), Microsoft 365

- Microsoft Sentinel: KQL analytics, threat hunting, SOAR automation patterns

Microsoft 365 Security & Compliance

- Conditional Access, Insider Risk Management, audit logging, secure collaboration controls

Automation & Engineering

- PowerShell, Microsoft Graph API

- Policy as code using JSON / YAML

- Automated governance and compliance workflows

Data Governance & Compliance

- Data lifecycle management, retention, privacy controls, regulatory alignment

Behavioral & Leadership Competencies

- Strong architectural judgment and decision making in high impact security scenarios

- Ability to influence senior stakeholders and drive adoption without direct authority

- Governance driven mindset with focus on risk reduction, resilience, and compliance

- Analytical approach to identifying systemic security gaps and architectural weaknesses

- Excellent communication skills to articulate complex security concepts clearly