Corporate Vice President - Lead AI Engineer, Identity & Access Management

About The Position

Requirements

• Strong hands-on experience with agent frameworks such as LangGraph, ADK (Agent Development Kit), AutoGen, or equivalent programmatic agent frameworks
• Experience designing and building multi-agent systems, including planning, tool execution, and orchestration patterns
• Strong prompt engineering and evaluation skills for production-grade systems
• Experience designing short-term and long-term memory architectures for AI agents
• Strong understanding of conversation/session state management and persistence strategies
• Hands-on experience with vector databases and retrieval-based memory systems
• Familiarity with state stores such as Redis, Firestore, Postgres, or equivalent
• Experience building agent-consumable tools and function interfaces using schema-driven APIs
• Strong understanding of Model Context Protocol (MCP) and tool abstraction patterns
• Experience designing and exposing secure, identity-aware APIs using OAuth2, mTLS, service accounts, and secrets management
• Strong hands-on experience with Google Cloud Platform (Gemini Enterprise Agent Platform (FKA Vertex) preferred)
• Experience with Amazon AgentCore or AWS Bedrock Agents is a plus
• Deep IAM expertise across IGA, PAM, WAM, Active Directory, and LDAP
• Hands-on experience with SailPoint IIQ, CyberArk, PingIdentity, and directory services
• Strong understanding of SIEM platforms and identity-related threat patterns, including privilege escalation, anomalous access, and insider risk
• Bachelor’s degree in Computer Science, Information Systems, Engineering, or equivalent practical experience.
• 10+ years of combined experience in identity & access management, security engineering, and/or AI/software engineering — with a demonstrated track record of both hands-on development and technical leadership.
• Strong hands-on experience building and deploying AI agents and agentic pipelines on Google Cloud Platform (GCP), with specific expertise in Gemini Enterprise Agent Platform (FKA Vertex).
• Hands-on experience with Amazon AgentCore or equivalent managed agentic AI frameworks (e.g., AWS Bedrock Agents) for deploying and securing AI agent workflows at scale.
• Demonstrated experience as an AI engineer or AI developer: writing production code, building agent frameworks, integrating LLMs into operational systems, and designing multi-agent orchestration architectures.
• Working knowledge of multi-agent orchestration patterns, retrieval-augmented generation (RAG) architectures, vector databases, MCP tooling, and Agent-to-Agent (A2A) communication protocols.
• Experience building or operating an IAM Orchestration or MCP Identity Gateway platform, with hands-on knowledge of OAuth 2.0 token flows, policy-as-code enforcement (OPA or equivalent), and identity-aware API gateway patterns.
• Experience securing agentic systems against prompt injection, privilege escalation, execution boundary violations, and unsafe automation, embedding these controls into the development lifecycle.
• 7+ years of IAM domain experience across Identity Governance & Administration (IGA), Privileged Access Management (PAM), Web Access Management (WAM), and/or Directory Services.
• Proven experience managing non-human identities (service accounts, APIs, workloads, autonomous agents) using least privilege and lifecycle governance principles.
• Deep understanding of identity and access protocols: OAuth 2.0, OpenID Connect (OIDC), SAML, LDAP, and modern token-based authorization models.
• Strong software engineering and automation skills (Python, PowerShell, Java or equivalent) with demonstrated ability to deliver production systems, not just prototypes.
• Experience with enterprise IAM platforms such as SailPoint (IGA), CyberArk (PAM), PingFederate/PingIdentity (WAM/Federation), and directory services (Active Directory, LDAP).
• Demonstrated ability to lead cross-functional technical delivery, mentor engineers, and drive alignment across organizational boundaries.
• Strong communication skills and able to articulate complex AI and security concepts clearly to both technical teams and executive or governance audiences.

Nice To Haves

• Familiarity with machine and workload identity standards (e.g., SPIFFE/SPIRE, workload identity federation, secrets management).
• Experience designing Agent Card standards, Central Agent Registries, and governed A2A communication frameworks in a multi-agent environment.
• Experience establishing AI inventory and lifecycle management practices for autonomous agents in enterprise production environments.
• Exposure to policy-as-code and fine-grained authorization models beyond OPA (e.g., Cedar, attribute-based access control frameworks).
• Experience supporting Zero Trust architectures and cloud-native security patterns.
• Prior experience serving on or supporting a Security Review Board or Architecture Review Board, particularly for AI or cloud system proposals.
• Prior experience in a large enterprise or regulated financial services environment.
• Relevant certifications (e.g., Google Professional Cloud Security Engineer, Google Professional ML Engineer, AWS Security Specialty, AWS Machine Learning Specialty, SailPoint, CyberArk, CISSP, CISM).

Responsibilities

• Own the engineering, configuration, and ongoing operation of the enterprise IAM Orchestration and MCP Identity Gateway platform.
• Drive onboarding and adoption across internal teams, applications, and AI agents, serving as the primary technical point of contact for integration efforts.
• Engineer and maintain the gateway as the centralized enforcement layer for OAuth 2.0-based authentication, token delegation, and policy-driven authorization (via OPA) across human and non-human access patterns.
• Design and implement MCP integrations that expose backend enterprise systems as standardized, secure tool endpoints consumable by AI agents.
• Ensure the platform provides robust rate limiting, quota management, kill-switch controls, and full audit logging in alignment with enterprise risk and compliance requirements.
• Collaborate with identity platform teams (IDP, PAM, IGA, Directory Services) to maintain seamless identity orchestration across the enterprise stack.
• Define and execute an integration roadmap to extend gateway capabilities, including human-in-the-loop controls and cross-cloud identity flows.
• Lead the design, development, and phased delivery of the Cyber Multi-Agent Ecosystem, functioning as the primary AI engineer and technical lead for the initiative.
• Architect and implement a centralized, multi-agent platform on Gemini Enterprise Agent Platform (FKA Vertex) and/or Amazon AgentCore, integrating MCP tooling, vector databases, and retrieval-augmented generation (RAG) architectures for intelligent Cyber and IAM automation.
• Develop and operationalize AI agents across Cyber sub-domains including Identity Governance (UAG), Privileged Access Management (PAM), Web Access Management (WAM), Active Directory, and LDAP enabling end-to-end workflow automation and near real-time SLAs.
• Design and implement Agent Card standards, a Central Agent Registry, and Agent-to-Agent (A2A) communication protocols to support a governed, extensible multi-agent operating model.
• Build an OPA-based policy engine for runtime authorization, Separation of Duties (SoD) enforcement, and governance across all agents and pipelines.
• Establish AI inventory and lifecycle management practices to ensure all deployed agents are registered, governed, audited, and compliant with enterprise security standards.
• Define and enforce Secure Development & Deployment (SDD) guardrails for the agentic ecosystem, including controls for prompt injection mitigation, execution isolation, and unsafe automation prevention.
• Partner with AI platform, data engineering, and cloud infrastructure teams to architect and finalize the unified data layer (databases, vector stores, caching) that underpins the agentic ecosystem.
• Provide technical leadership and mentorship to sub-domain teams (UAG, PAM, WAM, AD, LDAP), enabling each team to contribute agents and tools aligned to central standards.
• Maintain strong delivery governance — managing the linkage between Jira backlog, agent development, and production execution to ensure traceability and accountability end-to-end.
• Drive POC-first, incrementally scaled rollout across IAM domains, building reusable agentic components centrally for re-use across the ecosystem.
• Serve as the CISO organization’s designated representative on the Enterprise Security Review Board (SRB), providing authoritative security assessment and approval recommendations for all AI-related submissions.
• Assess AI system and agentic workflow proposals for security risk, including prompt injection, privilege escalation, unauthorized data access, synthetic identity abuse, and unsafe automation patterns.
• Evaluate proposed AI architectures for alignment with enterprise IAM, zero trust, and cloud security standards prior to production approval.
• Provide clear, actionable security guidance and remediation requirements to AI development and product teams during the SRB process.
• Maintain and evolve the enterprise AI security governance framework, contributing to standards, guardrails, and reference architectures leveraged across the organization.
• Represent the CISO organization credibly across cross-functional governance forums, including Architecture Review Boards and enterprise AI working groups.
• Design and implement identity, authentication, and authorization solutions for both traditional and AI-enabled systems, treating AI agents as first-class non-human identities.
• Define and enforce lifecycle management, access controls, and revocation for autonomous agents, machine identities, and service accounts using least-privilege principles.
• Implement delegated and “on-behalf-of” authorization patterns to distinguish human-initiated from agent-initiated actions for audit and compliance purposes.
• Apply least-privilege and scope-limiting controls to prevent privilege escalation in automated and multi-agent workflows.
• Design and support enterprise IAM solutions across Identity Governance & Administration (IGA), Privileged Access Management (PAM), Web Access Management (WAM), and Directory Services.
• Integrate IAM controls across hybrid and cloud environments, with strong hands-on experience in GCP and AWS.
• Implement modern authentication and authorization frameworks including OAuth 2.0, MFA, and password less authentication.

Benefits

• leave programs
• adoption assistance
• student loan repayment programs