Identity and Entitlement Architecture Lead

JOB TITLE

Identity and Entitlement Architecture Lead

A Career with point72’s technology team

As Point72 reimagines the future of investing, our Technology group is constantly improving our company’s IT infrastructure, positioning us at the forefront of a rapidly evolving technology landscape. We’re a team of experts experimenting, discovering new ways to harness the power of open-source solutions, and embracing enterprise agile methodology. We encourage professional development to ensure you bring innovative ideas to our products while satisfying your own intellectual curiosity.

The mission of our Information Security team is to ensure the development, implementation, and management of a comprehensive program that effectively protects the confidentiality, integrity, and availability of Point72 information assets. Our team is comprised of security professionals with expertise in a diverse portfolio of security disciplines.

What you’ll do

• Architect and implement a unified, scalable entitlement management framework across the firm, enabling consistent, policy-driven access across internal applications, cloud services, and AI ecosystems.

• Define and lead the development of role-based, attribute-based, and policy-based access control (RBAC, ABAC, PBAC) models tailored for both human and AI actors.

• Establish a governance and execution framework for secure identity propagation across agentic AI, multi-agent systems, and microservice control planes.

• Partner with AI platform teams to build access patterns for autonomous agents, ensuring support for dynamic delegation, trust chains, and secure decision-making boundaries.

• Design reusable identity middleware and entitlement APIs to accelerate adoption across the firm’s developer ecosystem.

• Manage and evolve the use of federated identity protocols (OAuth2, OIDC, SAML) and entitlements orchestration tools (e.g., OPA, Cedar, XACML).

• Build on our identity infrastructure by leveraging industry-standard platforms such as Okta, Microsoft Entra ID (formerly Azure AD), and on-premises Active Directory.

• Define the roadmap for entitlement observability and anomaly detection across identities and AI agents.

• Collaborate closely with Infrastructure Security, Cloud Engineering, Compliance, and Application Security to embed entitlement policies into all aspects of the firm’s security posture.

• Evaluate and integrate third-party identity and entitlement technologies as needed, balancing build vs. buy considerations.

What’s REQUIRED

• 10+ years of experience in identity and access management, including at least 5 years in entitlement design or identity architecture.

• Bachelor's degree in computer science, information security, or a related field.

• Strong track record of delivering secure IAM/entitlement solutions in regulated environments, ideally in financial services or high-security industries.

• Proven experience architecting or implementing policy-driven entitlement frameworks, including OPA, AWS Cedar, XACML, or custom engines.

• Familiarity with AI systems, including agentic and multi-agent control plane (MCP) architectures and their identity implications.

• Expertise in federated identity and delegated authorization models (OAuth2, OIDC, SCIM, etc.).

• Experience with Okta, Microsoft Entra ID (Azure AD), and Active Directory.

• Experience building identity-aware APIs, SDKs, or developer-facing entitlement interfaces.

• Experience aligning entitlement strategies with Zero Trust principles and identity-first security architectures.

• Exceptional communication skills with the ability to engage and influence technical and non-technical stakeholders.

• Commitment to the highest ethical standards.

We take care of our people

We invest in our people, their careers, their health, and their well-being. When you work here, we provide:

• Fully-paid health care benefits

• Generous parental and family leave policies

• Volunteer opportunities

• Support for employee-led affinity groups representing women, people of color and the LGBT+ community

• Mental and physical wellness programs

• Tuition assistance

• A 401(k) savings program with an employer match and more

About point72

Point72 is a leading global alternative investment firm led by Steven A. Cohen. Building on more than 30 years of investing experience, Point72 seeks to deliver superior returns for its investors through fundamental and systematic investing strategies across asset classes and geographies. We aim to attract and retain the industry’s brightest talent by cultivating an investor-led culture and committing to our people’s long-term growth. For more information, visit www.Point72.com.

The annual base salary range for this role is $300,000-$350,000 (USD) , which does not include discretionary bonus compensation or our comprehensive benefits package. Actual compensation offered to the successful candidate may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level, among other things.