Description:
The Data Security Architect is a role in the Data and Integration Platform team and reports to the Head of Technology, Data & Integration Platforms. This is an enterprise-wide role responsible for designing the information management framework and corresponding data security management practices, tools and processes. This role will collaborate closely with data governance and information security team for development, communication and implementation of security controls focused on the access, storage, collection, and use of data.
You are an excellent communicator, who can sell through your vision and explain/demonstrate complex concepts, not only to technical resources, but also to business heads to influence the evolution of the company’s data architecture related to security and governance. You will provide expertise to the definition, implementation, and execution of the internal architecture framework. You will be the subject matter expert on relevant regulations and policies affecting the consumption and usage of data and be foundational in the data governance program. You will develop relevant business cases by identifying needs, analyzing potential options, and assessing expected return on investment. In this role, you will lead change management programs of varying scope and type, including readiness assessments, planning, stakeholder management, execution, evaluation, and sustainment of initiatives. As a SME, you will keep abreast of industry activities and relevant data technologies.
What you will be doing:
- In collaboration with the Data Governance, Information Security, Risk, Legal and Compliance, the Data Security Architect is responsible for data security standards for the organization as they relate to systems that store and process data. This includes defining, communicating and enforcing a set of rules, policies, and models that determine; what kind of data gets collected, and how it gets used, accessed, processed, and stored within a Equitable’s systems.
- Guides and facilitates policies for accountable people across the business who are the data owners for the organization to ensure the integrity and performance for solutions where that data is leveraged.
- Develops, administers, and governs the data security architecture principles on which the entire framework is based. They consider data as an asset defined on pre-set parameters and is accessible, shareable, manageable, and can be secured.
- Deploy data security architecture to primarily convert business needs into data and system requirements, align business processes with IT systems, and manage the complex flow of data and information within the organization.
- Work with the architecture peers (cloud, enterprise, solution, etc. architects) to create the evolving data assets aligning to overall enterprise and business unit strategy
- Provides the rules and guidance for data extraction to maintain data integrity and performance
- Ownership and communication of the evolving company architectural roadmap
- Collaboration with IT business units to create business cases, presenting the data architectural roadmap identifying quantifiable project value
- Collaborate with the SysOps and ITSec teams to create the ideal support model for the future architectural state
What you will bring:
- 10+ years of combined applied experience and an advanced university degree in related discipline(s) with concentration in computer science, engineering, information systems or information technology
- Experience building a strategy focused on data security from the ground up, with an understanding of how to implement modern capabilities on legacy and modern technologies.
- Must have at least one, preferably more of the following Security certification GIAC, CISSP, CISM, CISA, CEH.
- Demonstrated knowledge of architecture frameworks, methodologies, and tools. (e.g., possesses The Open Group Architecture Framework [TOGAF] accreditation).
- In-depth knowledge of related regulatory controls (OSFI)
- Demonstrated experience designing solutions for PKI, Data Encryption, DLP, PII and sensitive data.
- Knowledge of PIPEDA and GDPR