
Hedge Fund#72
The Identity and Entitlement Architecture Lead will own the design and implementation of Point72’s enterprise entitlement framework. This role is central to securing human and AI-driven access across internal platforms, cloud services, and agentic AI ecosystems. The successful candidate will bring deep expertise in entitlement models, federated identity protocols, and Zero Trust security — with a proven ability to deliver in highly regulated financial environments.
Key Responsibilities
- Enterprise Entitlement Architecture – Lead the design of a unified entitlement framework supporting RBAC, ABAC, and PBAC for both human users and AI systems.
- AI & Agent Identity Security – Define identity governance and secure propagation across multi-agent AI, autonomous agents, and microservice control planes.
- Federated Identity & Policy Engines – Manage and evolve protocols (OAuth2, OIDC, SAML) and policy frameworks (OPA, Cedar, XACML).
- Integration & Enablement – Build reusable entitlement APIs/middleware; integrate Okta, Microsoft Entra ID (Azure AD), and Active Directory.
- Observability & Risk Detection – Establish entitlement observability and anomaly detection across human and AI actors.
- Collaboration & Governance – Partner with Cloud, Infrastructure Security, Application Security, and Compliance to embed identity-first security into all systems.
- Innovation & Evaluation – Assess and integrate third-party entitlement technologies, balancing build vs. buy strategies.
Required Qualifications
- 10+ years in Identity & Access Management (IAM), including 5+ years in entitlement architecture.
- Proven success architecting policy-driven entitlement frameworks in regulated industries (finance strongly preferred).
- Expertise with entitlement models (RBAC, ABAC, PBAC) and policy engines (OPA, Cedar, XACML).
- Strong hands-on experience with federated identity protocols (OAuth2, OIDC, SCIM, SAML).
- Familiarity with AI and multi-agent control plane architectures and their identity implications.
- Experience with Okta, Microsoft Entra ID (Azure AD), and Active Directory.
- Track record of aligning entitlement strategy with Zero Trust and identity-first security principles.
- Strong communication skills for influencing both technical and non-technical stakeholders.
- Bachelor’s degree in Computer Science, Information Security, or related discipline.
Benefits
- Fully-paid healthcare benefits
- Generous parental and family leave
- Volunteer opportunities and affinity groups (Women, People of Color, LGBTQ+)
- Mental and physical wellness programs
- Tuition assistance
- 401(k) savings plan with employer match