Security, governance, and data foundations
iTCart
2 - 5 years
Bengaluru
Posted: 10/01/2026
Getting a referral is 5x more effective than applying directly
Job Description
Role Overview
We are seeking a Principal Security & Data Architect to design, govern, and continuously evolve the security, identity, data, and AI trust foundations of our SaaS platform. This role will ensure that security, privacy, and compliance are embedded by design, not retrofitted.
You will act as the final technical authority on:
Platform security architecture
Identity & access models
Data governance & privacy
AI safety & compliance
Enterprise and regulatory readiness
This role partners closely with the Chief / Product Platform Architect, Engineering Leaders, and Compliance teams to build a secure, scalable, and audit-ready ecosystem.
Key Responsibilities
1. Security & Identity Architecture
Define end-to-end security architecture for multi-tenant SaaS platforms.
Design and govern identity and access management (IAM) including:
RBAC, ABAC, policy-based authorization
Tenant-level isolation strategies
Zero-Trust access models
Own authentication strategies:
OAuth2, OIDC, SAML, MFA
Passwordless, OTP, federated identity (AAD, Okta, etc.)
Define secure API standards (JWT, mTLS, token lifecycles).
2. Data Architecture & Governance
Architect secure, scalable data platforms supporting:
Transactional data
Analytical data
AI/ML pipelines
Define data classification, retention, encryption, and access policies.
Ensure data isolation per tenant at logical and physical levels.
Govern schema evolution, data lineage, and data quality.
Lead privacy-by-design implementations.
3. AI Security & Trust Foundations
Define AI governance frameworks including:
Model access controls
Prompt security
Training data compliance
Ensure ethical AI, explainability, and bias mitigation.
Design secure architectures for:
Vector databases
Feature stores
Model inference pipelines
Implement privacy-preserving AI techniques (masking, anonymization, tokenization).
4. Compliance, Risk & Governance
Lead platform readiness for:
SOC 2
ISO 27001
GDPR, DPDP, HIPAA (where applicable)
Define audit logging, traceability, and forensics standards.
Own risk assessments, threat modeling, and security reviews.
Partner with Legal & Compliance for policy enforcement.
Establish governance for third-party integrations and vendors.
5. Platform Resilience & Security Engineering
Define security patterns for:
Microservices
Event-driven architectures
Cloud-native deployments
Lead secure SDLC practices:
SAST, DAST, dependency scanning
Secrets management
CI/CD security controls
Define incident response, DR, and BCP strategies.
Ensure platform resilience, availability, and observability.
6. Leadership & Influence
Act as principal technical advisor on security and data.
Mentor architects, senior engineers, and security champions.
Review and approve high-risk architectural decisions.
Drive security culture across engineering teams.
Collaborate with Product, Platform, and Infrastructure leaders.
Required Experience & Skills
Experience
1218+ years in software architecture, security, and data platforms.
Proven experience designing enterprise SaaS platforms.
Hands-on experience with identity systems, access control, and policy engines.
Experience supporting compliance audits and enterprise customers.
Prior experience in AI-enabled or data-intensive platforms.
Technical Expertise
Security: IAM, OAuth2, OIDC, JWT, mTLS, Zero Trust
Data: PostgreSQL, NoSQL, Data Lakes, Warehouses
AI/Data: Vector DBs, ML pipelines, feature stores
Cloud: AWS / Azure / GCP security services
DevSecOps: CI/CD security, secrets management
Architecture: Microservices, event-driven, API-first systems
Soft Skills & Mindset
Strong architectural judgment and risk-based thinking
Ability to say no when security or data integrity is compromised
Excellent communication with technical and non-technical stakeholders
Systems thinker with long-term platform vision
Pragmatic balances security with product velocity
What Success Looks Like
Security incidents are rare, contained, and well-handled
Platform passes audits with minimal remediation
Developers build securely by default
Customers trust the platform with sensitive enterprise data
AI systems are explainable, compliant, and safe
Nice to Have
Experience in BFSI, HealthTech, or regulated industries
Contributions to security standards or open-source
Prior role as Chief Security Architect or Principal Architect
Services you might be interested in
Improve Your Resume Today
Boost your chances with professional resume services!
Get expert-reviewed, ATS-optimized resumes tailored for your experience level. Start your journey now.
