Purview Data Security Architect (RARR Job 6253)

The Data Security Architect is responsible for the design and delivery of the organization's Microsoft Purview-based data security program. The role is responsible for translating data governance policy into scalable technical controls across information protection, data loss prevention, and information risk management, working closely with governance, compliance, and operational teams to ensure the program is fit for purpose and sustainable.

• Design and own the end-to-end Microsoft Purview architecture covering Sensitive Information Types (SITs), sensitivity labels, data classification, DLP policies, and data lifecycle controls.
• Establish technical standards and governance frameworks that guide engineers and operational teams in consistent policy-aligned implementation.
• Work with the Data Governance function to translate data protection policies and regulatory requirements into implementable Purview configurations.
• Provide technical guidance on the DLP enforcement strategy, including policy scope, workload coverage, and the approach to targeted data scanning.
• Define integration patterns across the Microsoft 365 estate and advise on how platform capabilities, including Adaptive Protection and Insider Risk Management, can be used to strengthen the organization's data security posture.
• Engage with stakeholders to communicate program direction, architectural decisions, and tradeoffs in a clear and accessible way.
• Stay current on the Microsoft Purview roadmap and identify platform developments that can advance program objectives or address gaps.

• Hands-on experience with Microsoft Purview sensitivity labels, SITs, auto-classification, and DLP policy design. Ability to communicate technical design clearly to non-technical stakeholders and senior leadership.
• Understanding of Microsoft 365 data security capabilities across Exchange, SharePoint, OneDrive, Teams, and Endpoint. Working knowledge of relevant data protection frameworks (e.g., GDPR, industry-specific regulations).
• Experience designing data classification frameworks and translating governance policy into technical controls. Experience leading technical solutions in enterprise security or governance programs.
• Familiarity with Insider Risk Management and how it integrates with DLP and broader M365 signals. Microsoft certifications desirable: SC401, SC100, or equivalent.