CO - P4677 - Senior Architecture and Cloud Infrastructure Lead

The Senior Architecture and Cloud Infrastructure Lead serves as the technical authority within the Enterprise Architecture and Infrastructure tower, providing expert guidance on cloud architecture, infrastructure design, data governance, and cloud migration strategy. This role specializes in transforming DEQ's cloud infrastructure maturity, leads cloud-to-cloud migration planning and documentation in partnership with multiple service integrators and VITA service towers, and serves as the agency's primary internal resource for SharePoint data governance and DLP policy implementation. Operating as a peer lead to the Enterprise Architecture and Infrastructure Administrator, the position provides technical oversight, configuration review, and professional mentorship, elevating the team's technical standards and accelerating delivery on modernization initiatives. By aligning cloud and data governance decisions with enterprise architecture goals, VITA requirements, and Commonwealth security, 1. Cloud Architecture Leadership

• Serve as the senior technical authority for cloud architecture decisions across SaaS, PaaS, and IaaS environments, providing design guidance to the EA&I Manager, EAIA, and internal teams.

• Lead the evaluation, design, and documentation of cloud infrastructure solutions; develop reference architectures, design standards, and cloud security baselines aligned with CIS Benchmarks and Commonwealth requirements.

• Monitor and optimize cloud environments for performance, availability, cost, and security posture; proactively identify and remediate deficiencies.

• Provide technical leadership for cloud disaster recovery architecture design, validation, and documentation in alignment with system RTO/RPO requirements.

• Collaborate with business units to evaluate, onboard, and architect cloud-hosted applications that enhance agency operations and align with enterprise standards.

• Participate in Security and Technical Architecture Reviews to ensure cloud solutions align with enterprise architecture roadmaps and security goals.

• Implement and enforce secure cloud configuration baselines across agency cloud environments, including Azure, AWS, and Oracle Cloud Infrastructure (OCI).

2. Cloud-to-Cloud Migration Planning & Oversight

• Serve as the agency's primary technical lead for cloud-to-cloud migration planning, owning architecture documentation from current-state assessment through target-state design and phased migration roadmap.

• Develop and maintain comprehensive migration documentation including architecture diagrams, integration maps, data flow documentation, migration runbooks, and risk assessments.

• Coordinate with VITA, Oracle, and contracted implementation partners on migration execution; serve as the agency's technical point of contact to ensure alignment with agency requirements and operational continuity.

• Ensure migration architecture decisions comply with VITA EA-225 requirements, SEC530 security standards, and Commonwealth IT governance frameworks.

• Produce regular migration progress reports, risk logs, and milestone updates for the EA&I Manager and Director of OIS.

• Support post-migration validation, cutover planning, and stabilization activities in coordination with application owners and VITA.

3. Data Governance & SharePoint Compliance

• Serve as the agency's primary internal resource for SharePoint data governance initiatives, fulfilling responsibilities in collaboration with DEQ Data Governance Officer.

• Review applicable compliance requirements (FOIA, GDCDPA, and Commonwealth data standards) and translate them into actionable, documented Purview governance policies and retention frameworks.

• Collaborate with SharePoint administrators and business data owners across DEQ to design and implement information architecture, site taxonomy, retention timelines, and content governance frameworks aligned with legal and regulatory requirements.

• Develop and implement Microsoft 365 Data Loss Prevention (DLP) policies using the M365 Compliance Center, scoped to protect sensitive agency data across SharePoint, OneDrive, Teams, and Exchange.

• Maintain a data governance registry documenting retention schedule status, DLP policy configuration, and business data owner assignments for each governed data domain.

• Coordinate with the ISO and legal counsel on data handling questions, retention disputes, and compliance audit support.

• Provide guidance and training to business data owners on SharePoint governance responsibilities, retention obligations, and DLP compliance expectations.

4. Server & Infrastructure Technical Oversight

• Provide peer technical oversight and configuration review of infrastructure work performed by the EAIA, including server hardening, patching, and CIS Benchmark implementations across Windows and Linux environments.

• Serve as the technical escalation resource for complex infrastructure issues, network architecture questions, and security incidents requiring senior-level analysis.

• Provide architectural guidance on SDWAN, routing, switching, and firewall configuration to ensure secure and resilient network operations.

• Review and validate SSO and identity federation architecture decisions (OKTA) to ensure secure, scalable, and frictionless access for agency staff.

• Review vulnerability remediation plans and verify timely closure of high and critical findings in coordination with the ISO and VITA.

• Support infrastructure disaster recovery architecture review for cloud and VM environments, ensuring configurations meet defined Continuity Of Operations Plan and RTO/RPO requirements.

5. Architecture Governance Support

• Contribute technical expertise to Technical Architecture Plan (TAP) development and maintenance, providing current-state inventory inputs and gap analysis for the cloud and infrastructure domains.

• Author and maintain Architecture Decision Records (ADRs) for cloud architecture decisions, migration choices, and infrastructure design patterns within the EA&I domain.

• Participate in Change Review Board (CRB) as a technical reviewer for enterprise-tier and high-complexity changes involving cloud infrastructure, migrations, and platform integrations.

• Support EA-225 technology roadmap compliance tracking by providing technical assessments of cloud technologies mapped to COV classifications (Approved, Emerging, Divest, Prohibited).

• Participate in Security and Technical Architecture Review processes, providing senior cloud architecture perspective on submitted initiatives.

6. VITA & Partnership Engagement

• Serve as a senior technical liaison to VITA on cloud infrastructure, Oracle migration, and data governance matters.

• Provide technical input and oversight on VITA-initiated infrastructure changes, lifecycle management activities, and migration workstreams affecting DEQ environments.

• Coordinate agency demands and solution requests requiring senior cloud or data governance expertise, ensuring alignment with enterprise architecture and VITA compliance requirements.

• Maintain working relationships with Oracle, Microsoft, and other cloud platform vendors to stay current on capabilities, licensing, and roadmap changes relevant to DEQ.

7. Technology Strategy, Peer Leadership & Innovation

• Provide peer technical leadership to the Enterprise Architecture and Infrastructure Administrator, including configuration reviews, architecture guidance, and professional development support.

• Identify emerging cloud technologies and governance tools; provide business case summaries to the EA&I Manager with recommendations grounded in mission impact, security posture, VITA compliance, and cost-effectiveness.

• Contribute to the agency's technology roadmap by proposing cloud-forward, security-aligned infrastructure improvements aligned with DEQ's strategic goals and VITA IT Strategic Plans.

• Support implementation of approved modernization initiatives, ensuring technical execution aligns with enterprise architecture standards and Commonwealth security requirements.

• Participate in Security and Technical Architecture Review processes as a senior technical contributor.

Do you have experience in Windows?, standards, this position ensures DEQ's infrastructure remains secure, compliant, and mission-ready. Please note this position follows a hybrid work schedule to include both in-office and telework. Candidates must be able to work from the assigned work location in Virginia., * Minimum 7 years of progressive, hands-on experience in cloud architecture, infrastructure design, and enterprise systems administration.

• Demonstrated expertise in Oracle Cloud Infrastructure (OCI), Microsoft Azure, or AWS; multi-cloud experience strongly preferred.

• Proven experience leading cloud-to-cloud or on-premises-to-cloud migration planning, architecture, and documentation; experience with Oracle workloads or Oracle Fusion/ERP migrations is a plus.

• Working knowledge of data governance frameworks, information lifecycle management, SharePoint information architecture, and Microsoft 365 Compliance Center (DLP, retention policies, sensitivity labels).

• Strong proficiency in administering and securing Windows and Linux server environments, including patching, hardening, and performance tuning against CIS Benchmarks.

• Working knowledge of network infrastructure including SDWAN, routing, switching, and firewalls.

• Experience with identity and access management, including SSO and federation using OKTA or similar enterprise IAM platforms.

• Familiarity with VITA frameworks, EA-225 technology roadmap standards, SEC530 security controls, and Commonwealth IT governance requirements.

• Strong technical documentation skills including architecture diagrams, migration runbooks, ADRs, and data governance registries.

• Excellent communication skills with the ability to translate complex technical concepts for non-technical stakeholders, including agency leadership and business data owners.

• Demonstrated ability to provide peer technical leadership, review configurations, and support professional development of fellow technical staff.

• Familiarity with ITIL, change management practices, and architecture governance processes.

Addtional Qualifications:

• Certifications such as:

• Oracle Cloud Infrastructure Architect Associate or Professional

2. Microsoft Azure Solutions Architect Expert

3. AWS Certified Solutions Architect - Associate or Professional

4. Microsoft Certified: Information Protection and Compliance Administrator Associate (SC-400)

• Experience working in a Commonwealth of Virginia (COV) or similar government IT environment.

• Familiarity with FOIA, GDCDPA, and Commonwealth data retention requirements as they apply to state agency IT systems.

• Familiarity with DevOps practices, infrastructure as code (IaC), and automation tools.

• Experience working alongside or managing contracted technical resources and coordinating with state oversight bodies.

The Virginia Department of Environmental Quality (DEQ) is the primary environmental permitting agency in the Commonwealth of Virginia. It is responsible for administering laws and regulations related to air quality, water quality, water supply, renewable energy, and land protection. Through the dedication and work of over 800 employees across six regional offices and the Central Office in Richmond, DEQ issues permits, conducts monitoring and inspections, and enforces the law.