Corporate Vice President: IAM & AI Security Engineer

Location Designation: Hybrid - 3 days per quarter 

Identity & Access Management (IAM) + AI Security Engineer

As part of Technology, you'll have the opportunity to contribute to groundbreaking initiatives that shape New York Life's digital landscape. Leverage cutting-edge technologies like Generative AI to increase productivity, streamline processes, and create seamless experiences for clients, agents, and employees. Your expertise fuels innovation, agility, and growth — driving the company's success.

The Cyber Resiliency Lead role is responsible for developing, implementing, and overseeing cyber resilience strategies that strengthen the organization’s ability to withstand and recover from advanced cyber disruptions across core technology layers. This role will be part of the first line cybersecurity team within NYL’s Information Technology Department. Responsibilities include resilience planning for core technology infrastructure and applications, as well as driving integration of cyber scenarios into disaster recovery (DR), business continuity (BC), and enterprise resilience efforts. The role serves as the critical bridge between cybersecurity, enterprise technology, and enterprise risk management. 

What You’ll Do:

The IAM + AI Security Engineer is a senior, hands-on technical role responsible for designing, engineering, and modernizing New York Life’s Identity & Access Management (IAM) capabilities across all core IAM domains, including Identity Governance & Administration (IGA), Web Access Management (WAM), Privileged Access Management (PAM), and Directory Services.

This role requires deep expertise in IAM engineering and security architecture, with the ability to design scalable, resilient identity solutions across hybrid and cloud environments. The engineer will serve as a technical leader within the IAM function, applying established security design patterns while evolving identity services to meet emerging enterprise needs.

As New York Life expands its adoption of AI, ML, and agentic systems, this position will extend traditional IAM principles to support non-human identities, machine and workload identities, and autonomous AI agents. The engineer will help define how AI agents are authenticated, authorized, governed, and monitored, ensuring that autonomous actions remain secure, auditable, and aligned with enterprise risk and regulatory requirements.

The IAM + AI Security Engineer will work closely with Cybersecurity Architecture, Cloud Platform, AI Engineering, and Application teams to integrate identity controls into modern platforms, including cloud-native services, AI pipelines, and agent orchestration frameworks. This role balances hands-on engineering, solution design, and architectural influence, and is expected to contribute meaningfully to standards, patterns, and roadmaps without being purely strategic.

Successful candidates will bring 10+ years of experience across multiple IAM domains, strong cloud and security architecture knowledge, and practical experience applying IAM controls to AI-enabled or highly automated systems. 

• Design and implement identity, authentication, and authorization solutions for AI-enabled and agentic systems, treating AI agents as first-class non-human identities.
• Define and enforce lifecycle management, access controls, and revocation for autonomous agents, machine identities, and service accounts.
• Implement delegated and “on-behalf-of” authorization patterns to clearly distinguish human-initiated actions from agent-initiated actions for audit and compliance.
• Apply least-privilege and scope-limiting controls to prevent privilege escalation in automated and multi-agent workflows.
• Design, engineer, and support enterprise IAM solutions across Identity Governance & Administration (IGA), Privileged Access Management (PAM), Web Access Management (WAM), and Directory Services.
• Lead identity lifecycle processes, including provisioning, access governance, certifications, and de-provisioning for human and non-human identities.
• Engineer and support privileged access capabilities, including just-in-time access, credential vaulting, and session management.
• Design and integrate directory and federation services, including Active Directory, Entra/Azure AD, LDAP, SAML, and OpenID Connect (OIDC).
• Apply security architecture principles and IAM design patterns to deliver scalable, resilient, and compliant identity solutions.
• Integrate IAM capabilities across hybrid and cloud environments, with strong hands-on experience in AWS and GCP.
• Implement and support modern authentication and authorization frameworks, including OAuth 2.0, MFA, and passwordless authentication.
• Partner with Cybersecurity Architecture, Cloud, and Application teams to ensure IAM solutions meet security, risk, and regulatory requirements.
• Troubleshoot and resolve complex IAM-related authentication, authorization, and integration issues.
• Integrate IAM controls into AI/ML pipelines and automation frameworks, enabling real-time authorization, logging, and monitoring of agent activity.
• Collaborate with AI platform and infrastructure teams to support identity-aware enforcement of execution boundaries and access controls.
• Serve as a senior technical contributor within the IAM function, providing design guidance and technical mentoring.
• Contribute to the development of IAM and AI identity standards, reference architectures, and reusable engineering patterns.
• Evaluate emerging identity, cloud, and AI security technologies to inform platform enhancements and engineering roadmap decisions.

AI and Future-Facing Responsibilities

• Identity Threat Defense: Engineer IAM controls to mitigate AI-driven risks, including synthetic identities, AI-enabled credential abuse, deepfake impersonation, and adaptive MFA bypass techniques.
• AI/ML-Enabled IAM Capabilities: Design and integrate AI/ML-driven solutions for anomaly detection, risk scoring, intelligent access governance, and adaptive authentication.
• Non-Human Identity (NHI) Governance: Build and enforce lifecycle governance for service accounts, APIs, bots, and autonomous AI agents using just-in-time access and least-privilege principles.
• AI Model & Agent Access Control: Treat AI models and agents as privileged entities and implement role-based and attribute-based authorization for model access, training, and invocation.
• Automation and Integration: Develop automation (e.g., Python, PowerShell, Java) to integrate IAM with AI platforms, security orchestration, and operational workflows.

What You’ll Bring:

• Bachelor’s degree in Computer Science, Information Systems, Engineering, or equivalent practical experience.
• 10+ years of hands-on experience in identity, access management, and security engineering, including 7+ years operating across multiple IAM domains such as Identity Governance & Administration (IGA), Privileged Access Management (PAM), Web Access Management (WAM), and Directory Services.
• Experience securing and integrating agentic and AI platforms (e.g., AWS Bedrock, LangChain-based or similar frameworks), applying security-first patterns such as prompt injection mitigation, secure authentication (OAuth2/OIDC), and execution isolation.
• Working knowledge of multi-agent orchestration, retrieval-augmented generation (RAG) architectures, vector databases, and MCP integrations, with emphasis on identity, access control, and governance.
• Demonstrated experience designing and implementing IAM solutions using security architecture principles and established design patterns in large, complex environments.
• 2–3+ years of hands-on experience securing or integrating AI/ML or agentic systems, including applying identity, authentication, and authorization controls to AI-enabled or highly automated workflows.
• Proven experience managing non-human identities, including service accounts, APIs, workloads, and automated agents, using least-privilege and lifecycle governance principles.
• Strong experience with cloud identity and access management, with hands-on expertise in AWS and GCP.
• Deep understanding of identity and access protocols and standards, including OAuth 2.0, OpenID Connect (OIDC), SAML, LDAP, and modern token-based authorization models.
• Experience implementing and supporting modern authentication mechanisms, including MFA and passwordless authentication.
• Strong scripting and automation skills (e.g., Python, PowerShell, Java) to integrate IAM platforms with cloud, AI, and security tooling.
• Solid understanding of security, risk, and compliance requirements applicable to IAM in regulated environments.
• Ability to work effectively in a team-oriented, collaborative environment, with strong problem-solving skills.

Preferred Qualifications

• Experience integrating IAM controls into AI/ML platforms, pipelines, or agent orchestration frameworks.
• Familiarity with machine and workload identity standards and tooling (e.g., SPIFFE, workload identity federation, secrets management).
• Exposure to policy-as-code and fine-grained authorization models (e.g., OPA, Cedar, attribute-based access control).
• Experience supporting Zero Trust architectures and cloud-native security patterns.
• Prior experience in a large enterprise or financial services environment.
• Relevant IAM or security certifications (e.g., SailPoint, CyberArk, Ping Identity, cloud security certifications).

​

Pay Transparency

Salary Range: $144,000-$205,500 

Overtime eligible: Exempt 

Discretionary bonus eligible: Yes 

Sales bonus eligible: No 

Actual base salary will be determined based on several factors but not limited to individual’s experience, skills, qualifications, and job location. Additionally, employees are eligible for an annual discretionary bonus. In addition to base salary, employees may also be eligible to participate in an incentive program.

Our Benefits

We provide a full package of benefits for employees – and have unique offerings for a modern workforce, including leave programs, adoption assistance, and student loan repayment programs. Based on feedback from our employees, we continue to refine and add benefits to our offering, so that you can flourish both inside and outside of work. Click here to discover more about our comprehensive benefit options or visit our NYL Benefits Site.

Our Commitment to Inclusion
At New York Life, fostering an inclusive workplace is fundamental to who we are and how we serve our communities. We have a longstanding commitment to creating an environment where individuals can contribute their best and succeed together. This foundation is rooted in our core values of humanity and integrity, ensuring that every employee feels valued and supported. By embracing a broad range of perspectives and experiences, we achieve greater success and fulfill our promise of providing financial security and peace of mind to families across all communities. Click here to learn more about New York Life’s leadership in this space.​

Recognized as one of Fortune’s World’s Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and volunteerism, supported by the Foundation. We're proud that due to our mutuality, we operate in the best interests of our policy owners. To learn more about career opportunities at New York Life, please visit the Careers page of www.NewYorkLife.com.

​Visit our LinkedIn to see how our employees and agents are leading the industry and impacting communities.

Visit our Newsroom to learn more about how our company is constantly evolving to meet our clients' and employees’ needs.

Job Requisition ID: 93165