We're in alpha · Starting with US & Canada · Shipping weekly — your feedback shapes RiseMe
RiseMe
LoginSign Up
BNY logo
BNY Verified
Financial Services, Investment Banking, Asset Management

IAM Security Architect (contract)

Pittsburgh, Pennsylvania, United StatesOnsiteContractPosted 1 day agoVisa sponsorship available

At BNY, our culture allows us to run our company better and enables you to grow and succeed. As a leading global financial services company at the heart of the global financial system, we influence nearly 20% of the world’s investible assets. Every day, our teams harness cutting-edge AI and breakthrough technologies to collaborate with clients, driving transformative solutions that redefine industries and uplift communities worldwide.
Recognized as a top destination for innovators and champions of inclusion, BNY is where bold ideas meet advanced technology and exceptional talent. Together, we power the future of finance – and this is what is all about. Join us and be part of something extraordinary.
Job Summary
BNY is seeking an IAM Security Architect to guide the secure design of internal applications and enterprise AI initiatives. This role is responsible for defining identity and access management guardrails, reference architectures, and security baselines that support human, machine, workload, and agent identities across AI platforms.
The position is based in Pittsburgh, PA or Lake Mary, FL, with a 4 day on-site hybrid schedule, for a 12-month assignment.
Key Responsibilities

  • AI IAM Architecture & Guardrails: Develop clear guardrails and reference architectures for human, machine, workload, and agent identities across AI platforms and internal applications.
  • Fine-Grained Authorization: Define standardized authorization patterns for model and data access, including dataset and model permissions, environment-scoped access, and safe execution of agent tools.
  • Enterprise IAM Alignment: Support and extend the enterprise IAM vision and reference architectures, including identity providers, federation, workload identity, policy decision and enforcement points, and token lifecycle management for AI services.
  • Security Baseline Definition: Establish minimum security baselines for AI platforms (feature stores, model registries, orchestration tools, and inference gateways), incorporating scoped credentials, conditional access, and role- or attribute-based access models.
  • Workload, Machine & Agent Identity: Architect secure workload identity patterns, agent identities, and tool authorization models for AI orchestration and agentic workflows.
  • Identity Lifecycle & Governance (IGA): Implement authoritative source models and automated provisioning/deprovisioning for AI roles (e.g., data scientist, ML engineer, platform admin) and non-human identities such as pipelines and agents.
  • Entitlement Governance: Define access certification standards, segregation of duties (e.g., training vs. deployment vs. production overrides), and policy-as-code approaches for AI access governance.
  • Privileged Access Management (PAM): Establish standards for privileged operations on AI infrastructure, including model registry administration, key rotation, dataset approvals, and runtime overrides using vaulting, session management, and just-in-time access.
  • Secrets, Keys & Token Management: Architect secure secrets and key management practices for AI services, including KMS/HSM integration, token scoping, rotation policies, and secure handling of system prompts and configuration secrets.
  • Zero Trust & Runtime Controls: Operationalize identity-aware access and continuous verification across AI development, training, and inference environments, including runtime guardrails, anomaly detection, and step-up authentication for high-risk actions.
  • Observability & Incident Response: Define identity-centric telemetry standards for AI platforms, including access events, agent tool invocation, privilege elevation, and token issuance; lead tabletop exercises for AI compromise scenarios.
  • Vendor & Platform Governance: Evaluate IAM capabilities of AI platforms and tools, define onboarding criteria, security baselines, SBOM expectations, and exit strategies.

Qualifications

  • 8+ years of experience in IAM architecture and security architecture roles
  • Hands-on engineering experience with identity platforms such as SailPoint, Entra ID (Azure AD), Okta, or similar tools
  • Strong understanding of IAM patterns including federation, workload identity, access governance, PAM, and token-based authentication
  • Experience designing and implementing security architectures for enterprise applications
  • Experience supporting AI platforms, machine learning environments, or data-driven systems
  • Strong written and verbal communication skills with the ability to articulate complex technical concepts clearly
  • Bachelor’s degree required

Preferred Experience

  • Familiarity with Zero Trust security principles applied to non-human identities and workloads
  • Experience integrating IAM telemetry with SOC and security monitoring tools
  • Background working in regulated or enterprise-scale environments

Why Join Us
This role offers a unique opportunity to help shape how identity and access security is applied to AI initiatives at enterprise scale. As one of the primary IAM architecture contributors in this space, you will play a critical role in defining standards, guiding design decisions, and supporting high-visibility programs across the organization.
At BNY, our culture speaks for itself, check out the latest BNY news at:
BNY Newsroom
BNY LinkedIn
Here’s a few of our recent awards:
America’s Most Innovative Companies, Fortune, 2025
World’s Most Admired Companies, Fortune 2025
“Most Just Companies”, Just Capital and CNBC, 2025
Pay Rate Range
66.4 - 83 USD hourly
Additional Notes
*Applications will be accepted on an ongoing basis.*
*This posting is for a contract assignment with Tundra Technical Solutions to provide services to Bank of New York (BNY). Please note that this is not a full-time employment opportunity. Candidates selected for this role will be engaged as contractors for the specified duration of the project. For any inquiries regarding the terms of the contract or engagement, please contact Tundra Technical Solutions directly.*
Benefits Information
*Optional benefits offering include medical, dental, vision and retirement benefits via Tundra Technical Solutions*

Ready to apply?
You'll be redirected to BNY's application page.