Senior Data Security Architect (Data Platform Security)
McKesson · Columbus, OH · 1 wk ago
Information Technology$124k–$207k/yrFull-time
About the role
CoverMyMeds Technology is seeking a Senior Data Security Architect (Data Platform Security) to join our Data & Analytics organization. This is a highly specialized role responsible for defining, implementing, and governing enterprise-wide data security architecture across cloud and hybrid data platforms. You will serve as the security authority across the data lifecycle — ensuring that sensitive healthcare data is protected, compliant, and audit-ready while enabling scalable analytics and external data sharing. This role directly supports mission-critical healthcare operations where security, privacy, and trust are foundational.
Responsibilities
- Own and evolve enterprise data security architecture across Databricks, Azure Data Lake, and enterprise reporting platforms
- Design and enforce fine-grained data access controls (RBAC, ABAC, row/column-level security) using Unity Catalog and governed tagging frameworks
- Architect identity and access management (IAM) patterns integrating Okta, Microsoft Entra ID, SailPoint, and privileged access platforms
- Define and implement PHI/PII protection strategies, including tokenization, encryption, de-identification, and masking across environments
- Establish secure data sharing and multi-tenant access models for external customers, partners, and embedded analytics
- Lead architecture for data rights, entitlements, and consent-based access controls, ensuring compliance with contractual and regulatory requirements
- Build and operationalize security controls aligned to SOX ITGC, including logical access controls, change management, and audit evidence frameworks
- Design audit-ready security architectures supporting HIPAA, SOC 2 Type II, and FedRAMP compliance requirements
- Partner with engineering, SRE, and platform teams to embed security into CI/CD pipelines, platform onboarding, and development standards
- Define and govern data classification, tagging, and lineage-aware security policies across medallion architectures
- Evaluate and recommend enterprise security tooling and governance platforms
- Produce architecture artifacts (decision records, control matrices, audit evidence) consumable by internal and external auditors
Requirements
- Bachelor’s degree in Computer Science, Information Systems, or a related field, or equivalent experience, and typically requires 7+ years of relevant experience in data security, cybersecurity, or data architecture, with significant focus in cloud-based environments
- Proven experience implementing data security and governance controls in regulated environments (HIPAA, healthcare strongly preferred)
- Strong expertise in SOX IT General Controls (ITGC) domains, including logical access, change management, and audit controls
- Hands-on experience with Databricks Unity Catalog security models, including RBAC, ABAC, and data masking
- Deep knowledge of Azure cloud security architecture, including networking, identity, and secrets management
- Experience designing identity and access management solutions (Okta, Entra ID, SailPoint, privileged access tools)
- Demonstrated experience implementing encryption, tokenization, and de-identification strategies for sensitive data
- Experience designing secure data architectures for external/customer-facing analytics products
- Ability to translate regulatory requirements into implemented technical controls and audit artifacts
- Strong communication skills with ability to present architecture concepts to technical, business, and audit stakeholders
Qualifications
Preferred Skills / Experience:
- Experience supporting SOC 2 Type II and/or FedRAMP compliance programs
- Knowledge of healthcare data sharing frameworks and consent models
- Experience designing data entitlement models and purpose-based access controls at scale
- Familiarity with FHIR-based data platforms and interoperability security
- Experience with DSPM/CSPM tools for cloud data security
- Experience implementing non-production data masking and synthetic data solutions
- Exposure to CI/CD security architecture and service principal hardening
- Experience operating in large, matrixed enterprise governance environments