Identity and Entitlement Architecture Lead

The Identity and Entitlement Architecture Lead will own the design and implementation of Point72’s enterprise entitlement framework. This role is central to securing human and AI-driven access across internal platforms, cloud services, and agentic AI ecosystems. The successful candidate will bring deep expertise in entitlement models, federated identity protocols, and Zero Trust security — with a proven ability to deliver in highly regulated financial environments.

Key Responsibilities

• Enterprise Entitlement Architecture – Lead the design of a unified entitlement framework supporting RBAC, ABAC, and PBAC for both human users and AI systems.
• AI & Agent Identity Security – Define identity governance and secure propagation across multi-agent AI, autonomous agents, and microservice control planes.
• Federated Identity & Policy Engines – Manage and evolve protocols (OAuth2, OIDC, SAML) and policy frameworks (OPA, Cedar, XACML).
• Integration & Enablement – Build reusable entitlement APIs/middleware; integrate Okta, Microsoft Entra ID (Azure AD), and Active Directory.
• Observability & Risk Detection – Establish entitlement observability and anomaly detection across human and AI actors.
• Collaboration & Governance – Partner with Cloud, Infrastructure Security, Application Security, and Compliance to embed identity-first security into all systems.
• Innovation & Evaluation – Assess and integrate third-party entitlement technologies, balancing build vs. buy strategies.

Required Qualifications

• 10+ years in Identity & Access Management (IAM), including 5+ years in entitlement architecture.
• Proven success architecting policy-driven entitlement frameworks in regulated industries (finance strongly preferred).
• Expertise with entitlement models (RBAC, ABAC, PBAC) and policy engines (OPA, Cedar, XACML).
• Strong hands-on experience with federated identity protocols (OAuth2, OIDC, SCIM, SAML).
• Familiarity with AI and multi-agent control plane architectures and their identity implications.
• Experience with Okta, Microsoft Entra ID (Azure AD), and Active Directory.
• Track record of aligning entitlement strategy with Zero Trust and identity-first security principles.
• Strong communication skills for influencing both technical and non-technical stakeholders.
• Bachelor’s degree in Computer Science, Information Security, or related discipline.

Benefits

• Fully-paid healthcare benefits
• Generous parental and family leave
• Volunteer opportunities and affinity groups (Women, People of Color, LGBTQ+)
• Mental and physical wellness programs
• Tuition assistance
• 401(k) savings plan with employer match