The
Data Security Architect role presents a foundational opportunity to establish and lead IQVIA's Data Security Architecture practice. As a data-driven global life sciences company, IQVIA manages one of the world's most complex and sensitive healthcare data estates - spanning clinical research, real-world evidence, commercial analytics, and patient-level health information across dozens of markets worldwide.
IQVIA's data environment reflects the scale and complexity of a global enterprise with a significant M&A history: a hybrid estate encompassing on-premises data centers, multi-cloud infrastructure, modern analytical platforms, and a broad portfolio of operational and data movement technologies. Sensitive data - including PHI, PII, pharmaceutical client intellectual property, and clinical trial data - is distributed across this estate and must be protected consistently, at scale, and in alignment with a growing set of global regulatory requirements.
The Data Security Architect will define how IQVIA discovers, classifies, governs, and protects its data assets across the enterprise - building the architecture, standards, and program foundations that underpin regulatory compliance, vendor governance, and AI security as IQVIA advances its data platform strategy.
This role sits within the global Information Security organization and operates in close partnership with the Data Office, Cloud Security, Application Security, IAM, Legal, Privacy, and Compliance. It carries direct engagement with senior data platform and business stakeholders across IQVIA's global business units.
Principal Responsibilities- Define and own IQVIA's Data Security Architecture strategy, establishing a formal program from the ground up that is aligned to IQVIA's hybrid, multi-cloud, and post-M&A data environment and the Data Office's strategic platform direction.
- Lead the evaluation, selection, and implementation of a Data Security Posture Management (DSPM) platform, encompassing sensitive data discovery, classification, exposure analysis, access risk assessment, and continuous posture monitoring across on-premises and cloud-hosted data environments.
- Develop and maintain a comprehensive data security architecture covering data classification frameworks, data access governance, encryption standards, tokenization, masking, and data loss prevention controls across structured and unstructured data at scale.
- Partner closely with the Data Office to align data security architecture with enterprise data governance and platform strategy, ensuring security controls are embedded in data lifecycle management across analytical, operational, and AI workloads.
- Define security architecture standards and guardrails for IQVIA's strategic data platforms, including cloud-native analytical environments (Snowflake, Databricks), data movement and transformation tooling, and operational database platforms, ensuring consistent security posture across a diverse and evolving estate.
- Provide data security architecture input and oversight for platform migrations, legacy system decommissions, and M&A integration programs - assessing inherited data estates for sensitive data exposure, access control gaps, and regulatory risk, and defining remediation roadmaps aligned to integration timelines.
- Define IQVIA's data security approach for AI and LLM-integrated platforms, establishing policy and technical controls governing the safe use of AI capabilities embedded in or connected to data platforms, including controls around data inputs, model outputs, and prevention of regulated data exposure in AI workflows.
- Architect data security controls for advanced analytics and AI/ML pipelines, including protection of training datasets, model pipeline integrity, RAG data source governance, and controls preventing unauthorized use of sensitive data in AI-connected systems.
- Develop and govern IQVIA's enterprise data classification taxonomy and policy framework, working with Legal, Privacy, Compliance, and business data owners to define classification tiers, handling requirements, and technical enforcement mechanisms across business units and regions.
- Establish data access governance principles across IQVIA's data platforms, including least-privilege access models, periodic entitlement reviews, and integration with IAM and PAM controls at the data tier.
- Define encryption and key management architecture for data at rest and in transit across on-premises databases, cloud storage, data warehouses, and analytical environments, with particular attention to PHI and cross-border data transfer requirements.
- Provide security architecture input to data platform vendor evaluations and contract negotiations, ensuring security requirements, data-use restrictions, telemetry controls, and audit rights are appropriately represented.
- Support regulatory compliance requirements across GDPR, HIPAA, CCPA, GxP, and applicable regional data protection regimes, translating regulatory obligations into architectural controls and providing assurance evidence for audits and assessments.
- Define metrics, KPIs, and reporting frameworks for data security posture, providing actionable visibility to CISO leadership and Data Office stakeholders on data risk, program coverage, and maturity progression.
Required Experience and Qualifications- 6-10 years of progressive experience in Information Security, Data Security, Security Architecture, or related technical roles, with demonstrated ownership of data-centric security programs or initiatives.
- Deep knowledge of data security architecture principles, including data classification, access governance, encryption, tokenization, masking, and data loss prevention across hybrid environments spanning on-premises data centers and multi-cloud platforms.
- Hands-on experience with enterprise-scale cloud data platforms (such as Snowflake, Databricks, or equivalent), with the ability to design and assess security controls including governance, access policy, and data sharing frameworks.
- Experience with cloud environments (Microsoft Azure and/or Amazon AWS), including securing data services across IaaS, PaaS, and cloud-native analytical platforms.
- Experience evaluating or deploying DSPM, data governance, or data classification platforms such as Varonis, Securiti, Cyera, Microsoft Purview, BigID, or equivalent.
- Working knowledge of IAM and access governance principles as applied to data platforms, including RBAC, ABAC, and entitlement management across analytical and operational environments.
- Experience conducting security architecture reviews in complex, heterogeneous data environments, including post-M&A assessments, legacy platform migrations, or on-premises data center programs.
- Strong understanding of regulatory frameworks governing sensitive data, including HIPAA/HITECH, GDPR, CCPA, and GxP, with the ability to translate regulatory requirements into architectural controls across a diverse platform estate.
- Foundational to intermediate knowledge of AI and ML security considerations, including LLM application risks, model pipeline security, and the data protection implications of AI features embedded in or connected to enterprise data platforms.
- Demonstrated ability to operate at the intersection of security and data platform teams, communicating architecture decisions to data engineers, platform architects, business data owners, and senior stakeholders.
- Experience within regulated industries - life sciences, healthcare, or financial services - with direct exposure to clinical, patient-level, or pharmaceutical data security requirements is preferred.
- Bachelor's degree in Computer Science, Information Security, Data Management, or equivalent practical experience is preferred.
- Relevant certifications such as CISSP, CISM, CDPSE, CCSP, AWS/Azure Security Specialty, or CIPP/E are preferred but not mandatory.
- Working knowledge of data governance and security frameworks such as NIST Privacy Framework, DAMA-DMBOK, ISO 27001, or similar is an advantage.
- Strong written and verbal communication skills, including experience producing architecture documentation, security standards, and executive-level reporting for senior leadership and governance forums.
The potential base pay range for this role, when annualized, is $112,200.00 - $312,700.00. The actual base pay offered may vary based on a number of factors including job-related qualifications such as knowledge, skills, education, and experience; location; and/or schedule (full or part-time). Dependent on the position offered, incentive plans, bonuses, and/or other forms of compensation may be offered, in addition to a range of health and welfare and/or other benefits.
