Corporate Vice President - Access Management & Authentication Engineer

Overview

Location Designation:
Hybrid - 3 days per quarter

The Access Management & Authentication Lead Engineer is a senior, hands-on technical leader responsible for the design, engineering, and governance of enterprise-wide authentication, federation, and web access management (WAM) capabilities across New York Life. This role serves as the technical authority for access management and authentication, including SSO, federation, modern and passwordless authentication, MFA, API authorization, and secure session management. The engineer partners with application, cloud, API, and platform teams to modernize authentication architectures while ensuring strong security posture, regulatory alignment, and consistent enforcement of access controls across hybrid and cloud environments.

In addition to engineering leadership, the role participates in security architecture and assessment activities, including the Security Review Board (SRB), identity-focused architecture reviews, and the development and governance of authentication and access management standards, patterns, and guardrails. The role acts as a trusted advisor to engineering and security leadership, influencing design decisions, defining reusable access patterns, and ensuring authentication and authorization controls are consistently applied across traditional applications, APIs, cloud platforms, and emerging AI-enabled systems.

I AM Engineering

• Lead the design, engineering, and evolution of enterprise web access management (WAM) and authentication platforms supporting workforce and application access.
• Architect and expand single sign-on (SSO) and federation services using industry-standard identity and authorization protocols.
• Define and implement modern authentication strategies, including passwordless, phishing-resistant, and strong customer authentication approaches.
• Design and govern multi-factor authentication (MFA) frameworks, including adaptive, risk-based, and step-up authentication models.
• Engineer secure session management and token lifecycle controls, ensuring appropriate re-authentication, session integrity, and privilege enforcement.
• Design and integrate API authorization and access control patterns, aligning OAuth-based authorization with API gateways and platform services.
• Apply public key infrastructure (PKI) and cryptographic trust models to authentication, federation, and service-to-service access.
• Establish reusable authentication and access management patterns, guardrails, and reference architectures across web, mobile, API, and cloud environments.
• Serve as the technical authority for access management and authentication, advising architecture reviews, security assessments, and engineering teams on secure design decisions.

Security Assessments

• Perform security assessments of applications, cloud workloads, identity architectures, and vendor solutions, focusing on IAM, cloud identity, and non-human identity risks.
• Serve as a senior technical contributor within the SRB, leading identity-focused reviews and influencing secure architecture decisions.
• Conduct deep technical analysis of authentication flows, authorization models, role and attribute design, privilege paths, and non-human identity usage.
• Identify security gaps and risks related to IGA, PAM, WAM, MFA, cloud IAM, and workload identity, and recommend remediation strategies.
• Support the Information Security exception lifecycle, including risk analysis and documentation, evaluation of compensating controls, and reassessment/expiration management.
• Develop, update, and govern IAM and identity-related Security Technical Standards, reference architectures, and implementation guidance.
• Define and maintain reusable security patterns, guardrails, and assessment criteria to improve consistency across SRB reviews and security assessments.
• Partner with Architecture, Risk, and Engineering teams to resolve findings and guide teams toward compliant, secure designs.
• Clearly articulate technical risks, tradeoffs, and recommendations to senior technology and security leadership.
• Track and assess emerging risks related to cloud privilege models, non-human identities, automation, and AI-enabled systems.

What You’ll Bring

• Bachelor’s degree in Computer Science, Information Systems, or equivalent practical experience.
• 10+ years of experience in Identity & Access Management, with deep specialization in access management, authentication, and federation technologies.
• Proven experience designing, engineering, and operating enterprise Web Access Management (WAM) platforms supporting large-scale workforce and application authentication.
• Hands-on experience with enterprise federation and access management platforms, such as Ping Federate, Ping Protect, or similar technologies, including authentication policy design, federation trust configuration, and token services.
• Expert-level knowledge of authentication, authorization, and federation protocols, including SAML 2.0, OAuth 2.0, and OpenID Connect.
• Strong experience…