Identity and Entitlement Architecture Lead

Hedge Fund#72

The Identity and Entitlement Architecture Lead will own the design and implementation of Point72’s enterprise entitlement framework. This role is central to securing human and AI-driven access across internal platforms, cloud services, and agentic AI ecosystems. The successful candidate will bring deep expertise in entitlement models, federated identity protocols, and Zero Trust security — with a proven ability to deliver in highly regulated financial environments.


Key Responsibilities

  • Enterprise Entitlement Architecture – Lead the design of a unified entitlement framework supporting RBAC, ABAC, and PBAC for both human users and AI systems.
  • AI & Agent Identity Security – Define identity governance and secure propagation across multi-agent AI, autonomous agents, and microservice control planes.
  • Federated Identity & Policy Engines – Manage and evolve protocols (OAuth2, OIDC, SAML) and policy frameworks (OPA, Cedar, XACML).
  • Integration & Enablement – Build reusable entitlement APIs/middleware; integrate Okta, Microsoft Entra ID (Azure AD), and Active Directory.
  • Observability & Risk Detection – Establish entitlement observability and anomaly detection across human and AI actors.
  • Collaboration & Governance – Partner with Cloud, Infrastructure Security, Application Security, and Compliance to embed identity-first security into all systems.
  • Innovation & Evaluation – Assess and integrate third-party entitlement technologies, balancing build vs. buy strategies.

Required Qualifications

  • 10+ years in Identity & Access Management (IAM), including 5+ years in entitlement architecture.
  • Proven success architecting policy-driven entitlement frameworks in regulated industries (finance strongly preferred).
  • Expertise with entitlement models (RBAC, ABAC, PBAC) and policy engines (OPA, Cedar, XACML).
  • Strong hands-on experience with federated identity protocols (OAuth2, OIDC, SCIM, SAML).
  • Familiarity with AI and multi-agent control plane architectures and their identity implications.
  • Experience with Okta, Microsoft Entra ID (Azure AD), and Active Directory.
  • Track record of aligning entitlement strategy with Zero Trust and identity-first security principles.
  • Strong communication skills for influencing both technical and non-technical stakeholders.
  • Bachelor’s degree in Computer Science, Information Security, or related discipline.

Benefits

  • Fully-paid healthcare benefits
  • Generous parental and family leave
  • Volunteer opportunities and affinity groups (Women, People of Color, LGBTQ+)
  • Mental and physical wellness programs
  • Tuition assistance
  • 401(k) savings plan with employer match

To apply for this job email your details to Graham.Gates@TechExecOnline.com

Job Overview
Job Location