[Remote] Corporate Vice President - Lead AI Engineer, Identity & Access Management Job Details | New York Life Insurance Co

Note: The job is a remote job and is open to candidates in USA. New York Life is a Fortune 100 mutual company with a legacy of purpose and integrity. They are seeking a Lead AI Engineer in Identity & Access Management to design, develop, and deliver AI-driven solutions while providing technical leadership and mentorship across the cybersecurity team.

Responsibilities

• Own the engineering, configuration, and ongoing operation of the enterprise IAM Orchestration and MCP Identity Gateway platform
• Drive onboarding and adoption across internal teams, applications, and AI agents, serving as the primary technical point of contact for integration efforts
• Engineer and maintain the gateway as the centralized enforcement layer for OAuth 2.0-based authentication, token delegation, and policy-driven authorization (via OPA) across human and non-human access patterns
• Design and implement MCP integrations that expose backend enterprise systems as standardized, secure tool endpoints consumable by AI agents
• Ensure the platform provides robust rate limiting, quota management, kill-switch controls, and full audit logging in alignment with enterprise risk and compliance requirements
• Collaborate with identity platform teams (IDP, PAM, IGA, Directory Services) to maintain seamless identity orchestration across the enterprise stack
• Define and execute an integration roadmap to extend gateway capabilities, including human-in-the-loop controls and cross-cloud identity flows
• Lead the design, development, and phased delivery of the Cyber Multi-Agent Ecosystem, functioning as the primary AI engineer and technical lead for the initiative
• Architect and implement a centralized, multi-agent platform on Gemini Enterprise Agent Platform (FKA Vertex) and/or Amazon AgentCore, integrating MCP tooling, vector databases, and retrieval-augmented generation (RAG) architectures for intelligent Cyber and IAM automation
• Develop and operationalize AI agents across Cyber sub-domains including Identity Governance (UAG), Privileged Access Management (PAM), Web Access Management (WAM), Active Directory, and LDAP enabling end-to-end workflow automation and near real-time SLAs
• Design and implement Agent Card standards, a Central Agent Registry, and Agent-to-Agent (A2A) communication protocols to support a governed, extensible multi-agent operating model
• Build an OPA-based policy engine for runtime authorization, Separation of Duties (SoD) enforcement, and governance across all agents and pipelines
• Establish AI inventory and lifecycle management practices to ensure all deployed agents are registered, governed, audited, and compliant with enterprise security standards
• Define and enforce Secure Development & Deployment (SDD) guardrails for the agentic ecosystem, including controls for prompt injection mitigation, execution isolation, and unsafe automation prevention
• Partner with AI platform, data engineering, and cloud infrastructure teams to architect and finalize the unified data layer (databases, vector stores, caching) that underpins the agentic ecosystem
• Provide technical leadership and mentorship to sub-domain teams (UAG, PAM, WAM, AD, LDAP), enabling each team to contribute agents and tools aligned to central standards
• Maintain strong delivery governance — managing the linkage between Jira backlog, agent development, and production execution to ensure traceability and accountability end-to-end
• Drive POC-first, incrementally scaled rollout across IAM domains, building reusable agentic components centrally for re-use across the ecosystem
• Serve as the CISO organization’s designated representative on the Enterprise Security Review Board (SRB), providing authoritative security assessment and approval recommendations for all AI-related submissions
• Assess AI system and agentic workflow proposals for security risk, including prompt injection, privilege escalation, unauthorized data access, synthetic identity abuse, and unsafe automation patterns
• Evaluate proposed AI architectures for alignment with enterprise IAM, zero trust, and cloud security standards prior to production approval
• Provide clear, actionable security guidance and remediation requirements to AI development and product teams during the SRB process
• Maintain and evolve the enterprise AI security governance framework, contributing to standards, guardrails, and reference architectures leveraged across the organization
• Represent the CISO organization credibly across cross-functional governance forums, including Architecture Review Boards and enterprise AI working groups
• Design and implement identity, authentication, and authorization solutions for both traditional and AI-enabled systems, treating AI agents as first-class non-human identities
• Define and enforce lifecycle management, access controls, and revocation for autonomous agents, machine identities, and service accounts using least-privilege principles
• Implement delegated and “on-behalf-of” authorization patterns to distinguish human-initiated from agent-initiated actions for audit and compliance purposes
• Apply least-privilege and scope-limiting controls to prevent privilege escalation in automated and multi-agent workflows
• Design and support enterprise IAM solutions across Identity Governance & Administration (IGA), Privileged Access Management (PAM), Web Access Management (WAM), and Directory Services
• Integrate IAM controls across hybrid and cloud environments, with strong hands-on experience in GCP and AWS
• Implement modern authentication and authorization frameworks including OAuth 2.0, MFA, and password less authentication

Skills

• Bachelor's degree in Computer Science, Information Systems, Engineering, or equivalent practical experience
• 10+ years of combined experience in identity & access management, security engineering, and/or AI/software engineering — with a demonstrated track record of both hands-on development and technical leadership
• Strong hands-on experience building and deploying AI agents and agentic pipelines on Google Cloud Platform (GCP), with specific expertise in Gemini Enterprise Agent Platform (FKA Vertex)
• Hands-on experience with Amazon AgentCore or equivalent managed agentic AI frameworks (e.g., AWS Bedrock Agents) for deploying and securing AI agent workflows at scale
• Demonstrated experience as an AI engineer or AI developer: writing production code, building agent frameworks, integrating LLMs into operational systems, and designing multi-agent orchestration architectures
• Working knowledge of multi-agent orchestration patterns, retrieval-augmented generation (RAG) architectures, vector databases, MCP tooling, and Agent-to-Agent (A2A) communication protocols
• Experience building or operating an IAM Orchestration or MCP Identity Gateway platform, with hands-on knowledge of OAuth 2.0 token flows, policy-as-code enforcement (OPA or equivalent), and identity-aware API gateway patterns
• Experience securing agentic systems against prompt injection, privilege escalation, execution boundary violations, and unsafe automation, embedding these controls into the development lifecycle
• 7+ years of IAM domain experience across Identity Governance & Administration (IGA), Privileged Access Management (PAM), Web Access Management (WAM), and/or Directory Services
• Proven experience managing non-human identities (service accounts, APIs, workloads, autonomous agents) using least privilege and lifecycle governance principles
• Deep understanding of identity and access protocols: OAuth 2.0, OpenID Connect (OIDC), SAML, LDAP, and modern token-based authorization models
• Strong software engineering and automation skills (Python, PowerShell, Java or equivalent) with demonstrated ability to deliver production systems, not just prototypes
• Experience with enterprise IAM platforms such as SailPoint (IGA), CyberArk (PAM), PingFederate/PingIdentity (WAM/Federation), and directory services (Active Directory, LDAP)
• Demonstrated ability to lead cross-functional technical delivery, mentor engineers, and drive alignment across organizational boundaries
• Strong communication skills and able to articulate complex AI and security concepts clearly to both technical teams and executive or governance audiences
• Familiarity with machine and workload identity standards (e.g., SPIFFE/SPIRE, workload identity federation, secrets management)
• Experience designing Agent Card standards, Central Agent Registries, and governed A2A communication frameworks in a multi-agent environment
• Experience establishing AI inventory and lifecycle management practices for autonomous agents in enterprise production environments
• Exposure to policy-as-code and fine-grained authorization models beyond OPA (e.g., Cedar, attribute-based access control frameworks)
• Experience supporting Zero Trust architectures and cloud-native security patterns
• Prior experience serving on or supporting a Security Review Board or Architecture Review Board, particularly for AI or cloud system proposals
• Prior experience in a large enterprise or regulated financial services environment
• Relevant certifications (e.g., Google Professional Cloud Security Engineer, Google Professional ML Engineer, AWS Security Specialty, AWS Machine Learning Specialty, SailPoint, CyberArk, CISSP, CISM)

Benefits

• Overtime eligible: Exempt
• Discretionary bonus eligible: Yes
• Sales bonus eligible: No
• Additionally, employees are eligible for an annual discretionary bonus.
• In addition to base salary, employees may also be eligible to participate in an incentive program.
• We provide a full package of benefits for employees – and have unique offerings for a modern workforce, including leave programs, adoption assistance, and student loan repayment programs.
• Based on feedback from our employees, we continue to refine and add benefits to our offering, so that you can flourish both inside and outside of work.

Company Overview

Company H1B Sponsorship