Data Security Principal Architect

Job description

Company Summary Statement

As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners and the communities we serve.

Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation.

PPL’s companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid.

We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net-zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve.

PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today.
Overview

**This is a hybrid position requiring on-site presence three days per week at one of our local offices, located in Allentown, PA (Lehigh Valley), Louisville, KY, or Providence, RI.** LI-Hybrid #INDPPL

PPL is seeking a highly skilled Data Security Principal Architect to join our Cybersecurity organization.

The Data Security Principal Architect will serve as a strategic leader and technical expert, responsible for defining and implementing robust data protection frameworks across our digital estate.

This hybrid role bridges traditional Microsoft Information Protection and compliance tools with modern AI-centric data security practices, including encryption for LLM pipelines, secure vector stores, and legacy data remediation.

This individual will collaborate closely with Security Engineering, Data Governance, Cloud Ops, and AI/ML teams to secure data throughout its lifecycle.

Responsibilities

**ESSENTIAL FUNCTIONS** :

+ Define and own the data protection strategy across structured, semi-structured, and unstructured data.

Align with regulatory, legal, and business mandates (e.g., NERC, SOX, CCPA, GDPR).
+ Architect and deploy Azure Purview for data classification, and insider risk management policies.
+ Lead secure implementation of AI Data Pipelines (RAG, Vector DBs), TDE for SQL workloads, and explore applicability of Fully Homomorphic Encryption (FHE) and Differential Privacy (DP) for AI/LLM pipelines.
+ Develop strategies for legacy data de-duplication, archiving, and migration.

Evaluate long-term retention risk and optimize lifecycle policies.
+ Implement and manage DLP rules across email, endpoints, cloud storage, and collaboration platforms (e.g., Microsoft 365, SharePoint).
+ Provide architectural guidance to product teams and AI/ML engineers.

Author security patterns, threat models, and playbooks.
+ Evaluate and integrate third-party tools for data discovery, monitoring, and tokenization.

Drive automation around classification and response.
+ Define DSPM Strategy and Architecture.
+ Define Data Incident Protocol and Playbook.
+ Performs other duties as assigned.
+ Complies with all policies and standards.

Qualifications

**REQUIRED EDUCATION** :

+ Bachelor's Degree in Computer Science, Information Security, and/or a related field or an equivalent level of experience on a year on year basis.

**REQUIRED EXPERIENCE** :

+ 10+ years in information security or date architecture roles.

**PREFERRED QUALIFICATIONS** :

+ Previous experience with utilities or highly regulated industries.
+ Working knowledge of structured data protection in data lakes or Azure Synapse.
+ Experience contributing to LLM security or responsible AI design patterns.
+ SANS/GIAC, CISSP, or Azure Security certification.
+ Experience with legacy data cleanup initiatives, e.g., tape archive migration.
+ Experience with DSPM platform.
+ Strong understanding of cryptographic primitives and modern data security standards (AES, SHA, TLS, etc.) as well as an understanding of proposed quantum ready cryptography standards.
+ Excellent communication skills and the ability to influence technical and executive stakeholders.
+ Demonstrated ability to assess risk trade-offs between security, usability, and operational efficiency.
+ Deep interest in AI safety, responsible data stewardship, and future-proofing sensitive workloads.

**REQUIRED EDUCATION** :

+ Bachelor's Degree in Computer Science, Information Security, and/or a related field or an equivalent level of experience on a year on year basis.

**REQUIRED EXPERIENCE** :

+ 10+ years in information security or date architecture roles.

**PREFERRED QUALIFICATIONS** :

+ Previous experience with utilities or highly regulated industries.
+ Working knowledge of structured data protection in data lakes or Azure Synapse.
+ Experience contributing to LLM security or responsible AI design patterns.
+ SANS/GIAC, CISSP, or Azure Security certification.
+ Experience with legacy data cleanup initiatives, e.g., tape archive migration.
+ Experience with DSPM platform.
+ Strong understanding of cryptographic primitives and modern data security standards (AES, SHA, TLS, etc.) as well as an understanding of proposed quantum ready cryptography standards.
+ Excellent communication skills and the ability to influence technical and executive stakeholders.
+ Demonstrated ability to assess risk trade-offs between security, usability, and operational efficiency.
+ Deep interest in AI safety, responsible data stewardship, and future-proofing sensitive workloads.

**ESSENTIAL FUNCTIONS** :

+ Define and own the data protection strategy across structured, semi-structured, and unstructured data.

Align with regulatory, legal, and business mandates (e.g., NERC, SOX, CCPA, GDPR).
+ Architect and deploy Azure Purview for data classification, and insider risk management policies.
+ Lead secure implementation of AI Data Pipelines (RAG, Vector DBs), TDE for SQL workloads, and explore applicability of Fully Homomorphic Encryption (FHE) and Differential Privacy (DP) for AI/LLM pipelines.
+ Develop strategies for legacy data de-duplication, archiving, and migration.

Evaluate long-term retention risk and optimize lifecycle policies.
+ Implement and manage DLP rules across email, endpoints, cloud storage, and collaboration platforms (e.g., Microsoft 365, SharePoint).
+ Provide architectural guidance to product teams and AI/ML engineers.

Author security patterns, threat models, and playbooks.
+ Evaluate and integrate third-party tools for data discovery, monitoring, and tokenization.

Drive automation around classification and response.
+ Define DSPM Strategy and Architecture.
+ Define Data Incident Protocol and Playbook.
+ Performs other duties as assigned.
+ Complies with all policies and standards.

Remote Work
The company reserves the right to determine if this position will be assigned to work on-site, remotely, or a combination of both.

Assigned work location may change.

In the case of remote work, physical presence in the office/on-site may be required to engage in face-to-face interaction and coordination of work among direct reports and co-workers.

Equal Employment Opportunity

Our company is an equal opportunity employer.

All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, national origin, protected veteran status, sexual orientation, gender identify, genetic information, disability status, or any other protected characteristic.

Required Skill Profession

Other General