New York Life Insurance Company · 3 hours ago
Corporate Vice President - Access Management & Authentication Engineer
New York, United States
Full-time
Hybrid
Senior Level, Lead/Staff
$148K/yr - $211K/yr
10+ years expNew York Life Insurance Company is a Fortune 100 mutual company committed to integrity and purpose. They are seeking a senior technical leader responsible for the design, engineering, and governance of enterprise-wide authentication and access management capabilities.
FinanceFinancial ServicesInsurance
Responsibilities
Lead the design, engineering, and evolution of enterprise web access management (WAM) and authentication platforms supporting workforce and application access
Architect and expand single sign-on (SSO) and federation services using industry-standard identity and authorization protocols
Define and implement modern authentication strategies, including passwordless, phishing-resistant, and strong customer authentication approaches
Design and govern multi-factor authentication (MFA) frameworks, including adaptive, risk-based, and step-up authentication models
Engineer secure session management and token lifecycle controls, ensuring appropriate re-authentication, session integrity, and privilege enforcement
Design and integrate API authorization and access control patterns, aligning OAuth-based authorization with API gateways and platform services
Apply public key infrastructure (PKI) and cryptographic trust models to authentication, federation, and service-to-service access
Establish reusable authentication and access management patterns, guardrails, and reference architectures across web, mobile, API, and cloud environments
Serve as the technical authority for access management and authentication, advising architecture reviews, security assessments, and engineering teams on secure design decisions
Perform security assessments of applications, cloud workloads, identity architectures, and vendor solutions, with a primary focus on IAM, cloud identity, and non-human identity risks
Serve as a senior technical contributor within the Security Review Board (SRB), leading identity-focused reviews and influencing secure architecture decisions
Conduct deep technical analysis of authentication flows, authorization models, role and attribute design, privilege paths, and non-human identity usage
Identify security gaps and risks related to IGA, PAM, WAM, MFA, cloud IAM, and workload identity, and recommend remediation strategies
Support the Information Security exception lifecycle, including: Risk analysis and documentation, Evaluation of compensating controls, Reassessment and expiration management
Develop, update, and govern IAM and identity-related Security Technical Standards, reference architectures, and implementation guidance
Define and maintain reusable security patterns, guardrails, and assessment criteria to improve consistency across SRB reviews and security assessments
Partner with Architecture, Risk, and Engineering teams to resolve findings and guide teams toward compliant, secure designs
Clearly articulate technical risks, tradeoffs, and recommendations to senior technology and security leadership
Track and assess emerging risks related to cloud privilege models, non-human identities, automation, and AI-enabled systems
Qualification
Required
Bachelor's degree in Computer Science, Information Systems, or equivalent practical experience
10+ years of experience in Identity & Access Management, with deep specialization in access management, authentication, and federation technologies
Proven experience designing, engineering, and operating enterprise Web Access Management (WAM) platforms supporting large-scale workforce and application authentication
Hands-on experience with enterprise federation and access management platforms, such as PingFederate, PingProtect, or similar technologies, including authentication policy design, federation trust configuration, and token services
Expert-level knowledge of authentication, authorization, and federation protocols, including SAML 2.0, OAuth 2.0, and OpenID Connect
Strong experience architecting and scaling single sign-on (SSO) and federated identity solutions across web, mobile, API, and cloud-native environments
Demonstrated experience implementing modern authentication approaches, including passwordless and phishing-resistant authentication methods
Deep understanding of multi-factor authentication (MFA) models, including adaptive, risk-based, and step-up authentication strategies
Understanding of the Linux OS
Understanding of LDAP
Hands-on experience with API authorization and access control, including OAuth-based authorization flows and integration with API gateways or platform services
Strong knowledge of session management, token security, and identity token lifecycle controls, including re-authentication and privilege elevation patterns
Practical experience applying public key infrastructure (PKI), certificate-based authentication, and cryptographic trust models within access management and authentication architectures
Ability to serve as a technical authority and design reviewer, influencing architecture decisions and guiding engineering teams toward secure, scalable authentication solutions
Preferred
Proven experience delivering phishing-resistant, passwordless authentication at enterprise scale, including passkeys, FIDO2, and hardware-backed authenticators
Hands-on experience with adaptive, continuous, or risk-based authentication models, incorporating behavioral, device, and contextual signals
Strong understanding of Zero Trust access principles applied to workforce, application, and API authentication and authorization
Experience securing modern API and distributed architectures, including OAuth token exchange, delegation, and fine-grained authorization patterns
Familiarity with identity assurance and authentication strength frameworks, including step-up verification for sensitive or high-risk transactions
Experience applying modern trust and identity models for non-human and workload identities, such as SPIFFE/SPIRE, service-to-service authentication, or mTLS-based access patterns
Exposure to AI-enabled and agent-based access models, including authentication and authorization considerations for AI systems, agents, or platforms (e.g., MCP-based identity contexts, AI service identities, or policy enforcement for AI-driven workflows)
Experience with Windows OS
Experience with AWS and Kubernetes
Understanding of network flows and topology
Hands-on experience with passwordless authentication platforms, such as HYPR or similar FIDO2 / passkey-based solutions
Programmer experience
Benefits
Leave programs
Adoption assistance
Student loan repayment programs
Company
New York Life Insurance Company
For over 180 years, we’ve helped turn your biggest dreams into milestones that last a lifetime.
10001+ employees
H1B Sponsorship
New York Life Insurance Company has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (149)
2024 (99)
2023 (85)
2022 (77)
2021 (48)
2020 (65)
Funding
Current Stage
Late StageLeadership Team
Don Vu
Senior Vice President, Chief Data & Analytics Officer
Deepa Soni
Executive Vice President and Chief Information Officer
Recent News
2026-01-13
2026-01-05
Insurance News in the United States
2025-12-13
Company data provided by crunchbase