Cybersecurity, AVP

Who we are looking for As an Infrastructure Access management team, AVP you will be a member of our highly technical production support team, who supports security for the unstructured data environment. You will be focused on the daily goal of meeting established business Service Level Agreements (SLAs) and/or Service Level Objectives (SLOs) for the bank's internal/external customers, through the utilization of the Enterprise monitoring and triage tools provided. Emphasis on problem resolution, root cause investigation, third level problem detection, vendor engagement, maintenance of event/outage logs and assistance with hardware and software patch/product updates. What you will be responsible for As Infrastructure Access Management Engineer, AVP you will Collaborate with cross-functional teams to ensure PAM controls align with business requirements and industry best practices. Develop and enforce policies and procedures for managing privileged accounts across the organization. Create, update, and retire privileged accounts across systems, applications, and infrastructure Onboard target systems, accounts, and applications into the PAM solution (e.g., CyberArk, BeyondTrust, Thycotic). Manage automated password rotations and ensure compliance with password policies. Reconcile accounts with source-of-truth systems (e.g., Active Directory, HR systems). Manage safe structures, vault permissions, platform configurations, policies, and access workflows Ensure privileged passwords, SSH keys, and certificates are properly vaulted and rotated. Handle break-glass and emergency access requests. Monitor and maintain vault health and storage utilization Configure session recording, proxying, and monitoring capabilities. Investigate and escalate suspicious privileged activity captured through session monitoring tools. Ensure that session logs are retained, encrypted, and auditable. Integrate PAM tooling with on-prem and cloud workloads (Windows, Linux, DB servers, SaaS apps, etc.). Work with application owners to onboard service accounts, application identities, and secrets. Build automation scripts for account onboarding (API, REST, PowerShell, Python). Define and maintain access policies such as: Least privilege Just‑in‑time access (JIT/JEA) Password rotation policies MFA and approval workflows Ensure alignment with regulatory frameworks (SOX, PCI‑DSS, ISO 27001, NIST). Maintain role definitions and segregation-of-duties (SoD) controls. Monitor privileged access alerts from SIEM tools (e.g., Sentinel, Splunk). Investigate anomalous privileged behavior and coordinate with SOC or IR teams. Participate in root‑cause analysis for privilege-related incidents. Maintain PAM infrastructure including vault servers, session managers, connectors, agents, and load balancers. Perform patching, upgrades, high‑availability testing, and DR/BCP planning. Review platform health dashboards and troubleshoot runtime failures. Develop automation for password updates, onboarding, or compliance reporting. Implement DevOps secrets management practices (e.g., dynamic secrets, API integrations). Optimize privileged account lifecycle processes. Support internal/external auditors with evidence collection. Perform periodic access reviews and cleanup of unused or risky accounts. Provide L2/L3 support for PAM tools, policies, and integrations. Train developers, IT admins, and support staff on proper use of PAM tools. Maintain updated runbooks, knowledge base articles, and SOPs. management (SIEM) systems. Automate PAM processes and workflows to enhance efficiency and reduce manual errors. What we value These skills will help you succeed in this role. 10+ Years of IT experience with minimum 6+ years’ experience with Infrastructure Access Management and CyberArk or HashiCorp Ability to work within Production Management Flexibility Work with IDAM team to implement policies and definition. Training the team Develop and maintain PAM policies, standards, and procedures. Stay up to date with evolving PAM technologies, industry trends, and regulatory requirements related to privileged access. Produce audit-ready reports on privileged accounts, session logs, access approvals, and policy compliance. Participate in security incident response activities related to privileged access. Investigate security incidents involving privileged accounts, coordinate response efforts, and implement necessary remediation measures. Education & Preferred Qualifications Bachelor’s degree in computer science, Information Security, or a related field. Relevant certifications such as Certified Information Systems Security Professional (CISSP) or Certified Privileged Access Management Professional (CPAMP) are highly desirable. Additional requirements Willing to work in 24x7 work environment. Being flexible Preferable working in Production support team Strong knowledge of Privileged Access Management principles, practices, and technologies, including privileged account management, session monitoring, and credential vaulting. Familiarity with industry-leading PAM solutions such as CyberArk,HashiCorp, Beyond Trust, or Thycotic. Experience with access control mechanisms, least privilege principles, and role-based access control (RBAC). Knowledge of security compliance standards and regulations, such as GDPR, HIPAA, and PCI DSS, related to privileged access. Proficiency in integrating PAM solutions with IAM platforms and SIEM systems. Strong problem-solving and analytical skills, with the ability to identify and mitigate risks associated with privileged access. Up-to-date knowledge of emerging PAM technologies, security threats, vulnerabilities, and industry trends. Strong knowledge on key access management concepts such as directory services, authentication, authorization, single sign-on, federation, multi-factor authentication (MFA), adaptive MFA, IdP, privilege access, etc. Strong understanding of how to implement concepts such as password less authentication, zero trust model, SASE, etc. Strong technical skills and experience in architecting and implementing at least one or more solutions such as SailPoint IIQ, SailPoint IdentityNow, One Identity, IBM IGI, Saviynt, ForgeRock, Okta, Microsoft Entra ID, Ping Identity, etc. Strong technical skills and experience in architecting and implementing at least one or more PAM solutions such as Beyond Trust PasswordSafe, Beyond Trust Privileged Remote Access, CyberArk, CyberArk Secrets Manager, Delinea, etc. Are you the right candidate? Yes! We truly believe in the power that comes from the diverse backgrounds and experiences our employees bring with them. Although each vacancy details what we are looking for, we don’t necessarily need you to fulfil all of them when applying. If you like change and innovation, seek to see the bigger picture, make data driven decisions and are a good team player, you could be a great fit. Why this role is important to us Our technology function, Global Technology Services (GTS), is vital to State Street and is the key enabler for our business to deliver data and insights to our clients. We’re driving the company’s digital transformation and expanding business capabilities using industry best practices and advanced technologies such as cloud, artificial intelligence and robotics process automation. We offer a collaborative environment where technology skills and innovation are valued in a global organization. We’re looking for top technical talent to join our team and deliver creative technology solutions that help us become an end-to-end, next-generation financial services company. Join us if you want to grow your technical skills, solve real problems and make your mark on our industry. Replace with infrastructure access throughout the doc Have replaced it as IAM Engineer Have reworded to be more OPS specific , the Idea was to get a blended experience of both Ops and Engg as we are lagging on Engg tasks , having blended role will help fast track some of the projects This is an ops role not an engineering role? have reworded them to align as Ops Salary Range: $90,000 - $157,500 Annual The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ. Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans. For a full overview, visit https://hrportal.ehr.com/statestreet/Home. About State Street Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success. We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future. As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law. Discover more information on jobs at StateStreet.com/careers Read our CEO Statement Job Application Disclosure: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success. We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future. As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law. Discover more information on jobs at StateStreet.com/careers Read our CEO Statement