Hi Todd,
Azure Functions can do that. Whether Functions is the right compute option for, depends on your requirements. https://learn.microsoft.com/en-us/azure/architecture/guide/technology-choices/compute-decision-tree
C# can encrypt/decrypt and so can Python. What language is right for you, depends on your requirements. For instance, what language is your team most productive in? Also, since you mention that you are using C# today, maybe the fastest migration is to reuse that code.
When you have working logic, your biggest change will be to work with Functions triggers and bindings. See an example here, available in multiple languages.
One remark on your introduction: Azure Storage provides encryption at rest (when the data is stored on disk) and in transit (when the data is passed from one service to another). More info https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview See the section for client-side encryption which may be relevant for you.
Hope that helps,
Pieter