IAM Security Architect (contract) jobs in United States
cer-icon
Apply on Employer Site
company-logo

BNY · 6 hours ago

IAM Security Architect (contract)

positionPittsburgh, PA
timeContract
remoteHybrid
senioritySenior Level, Lead/Staff
money$66.40/hr - $83/hr
date8+ years exp

BNY Mellon is a leading global financial services company that influences nearly 20% of the world’s investible assets. They are seeking an IAM Security Architect to guide the secure design of internal applications and enterprise AI initiatives, focusing on defining identity and access management guardrails and security baselines across AI platforms.

Financial Services

Responsibilities

AI IAM Architecture & Guardrails: Develop clear guardrails and reference architectures for human, machine, workload, and agent identities across AI platforms and internal applications
Fine-Grained Authorization: Define standardized authorization patterns for model and data access, including dataset and model permissions, environment-scoped access, and safe execution of agent tools
Enterprise IAM Alignment: Support and extend the enterprise IAM vision and reference architectures, including identity providers, federation, workload identity, policy decision and enforcement points, and token lifecycle management for AI services
Security Baseline Definition: Establish minimum security baselines for AI platforms (feature stores, model registries, orchestration tools, and inference gateways), incorporating scoped credentials, conditional access, and role- or attribute-based access models
Workload, Machine & Agent Identity: Architect secure workload identity patterns, agent identities, and tool authorization models for AI orchestration and agentic workflows
Identity Lifecycle & Governance (IGA): Implement authoritative source models and automated provisioning/deprovisioning for AI roles (e.g., data scientist, ML engineer, platform admin) and non-human identities such as pipelines and agents
Entitlement Governance: Define access certification standards, segregation of duties (e.g., training vs. deployment vs. production overrides), and policy-as-code approaches for AI access governance
Privileged Access Management (PAM): Establish standards for privileged operations on AI infrastructure, including model registry administration, key rotation, dataset approvals, and runtime overrides using vaulting, session management, and just-in-time access
Secrets, Keys & Token Management: Architect secure secrets and key management practices for AI services, including KMS/HSM integration, token scoping, rotation policies, and secure handling of system prompts and configuration secrets
Zero Trust & Runtime Controls: Operationalize identity-aware access and continuous verification across AI development, training, and inference environments, including runtime guardrails, anomaly detection, and step-up authentication for high-risk actions
Observability & Incident Response : Define identity-centric telemetry standards for AI platforms, including access events, agent tool invocation, privilege elevation, and token issuance; lead tabletop exercises for AI compromise scenarios
Vendor & Platform Governance: Evaluate IAM capabilities of AI platforms and tools, define onboarding criteria, security baselines, SBOM expectations, and exit strategies

Qualification

IAM architectureSecurity architectureIdentity platformsAI platformsZero Trust principlesAccess governancePAMCommunication skillsTeam collaboration

Required

8+ years of experience in IAM architecture and security architecture roles
Hands-on engineering experience with identity platforms such as SailPoint, Entra ID (Azure AD), Okta, or similar tools
Strong understanding of IAM patterns including federation, workload identity, access governance, PAM, and token-based authentication
Experience designing and implementing security architectures for enterprise applications
Experience supporting AI platforms, machine learning environments, or data-driven systems
Strong written and verbal communication skills with the ability to articulate complex technical concepts clearly
Bachelor's degree required

Preferred

Familiarity with Zero Trust security principles applied to non-human identities and workloads
Experience integrating IAM telemetry with SOC and security monitoring tools
Background working in regulated or enterprise-scale environments

Benefits

Optional benefits offering include medical, dental, vision and retirement benefits via Tundra Technical Solutions

Company

BNY

twitter
Glassdoor3.6
company-logo
For more than 240 years BNY has partnered alongside clients, using its expertise and platforms to help them operate more efficiently and accelerate growth.
dateFounded in 1784
location
New York, NY, US
people-size10001+ employees
web-link
https://www.bny.com

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Brian A. Ruane
CEO Government Securities Services & Global Client Management
linkedin
leader-logo
Chris Kearns
CEO, Depositary Receipts
linkedin

Recent News

PR Newswire
BNY to Manage U.S. Department of the Treasury's Largest Prepaid Debit Card Program for Federal Benefits - Direct Express®
2024-11-21
PR Newswire
BNY Closes Acquisition of Archer
2024-11-01
PRNewswire
MUFG Bank, Ltd. Launches MUFG CashFolio™ Leveraging BNY's LiquidityDirect® Capabilities
2024-10-28
Company data provided by crunchbase