VP Privileged Access Management (PAM) Architect

VP Privileged Access Management (PAM) Architect | Finance | Boston, MA | $270k RSU

Role: VP PAM Architect

Location: Boston, MA | 50/50 onsite/remote schedule

Compensation: $250,000 - $270,000 cash comp Strong RSU offering

Overview

A leading, technology‑driven financial services enterprise is seeking a VP‑level PAM Architect to define and deliver the next generation of Privileged Access Management (PAM) across the organization. This net new role sits within Enterprise Architecture and partners closely with Enterprise Security. You’ll design the vision, drive proof‑of‑concepts, and collaborate with engineering to build and operationalize scalable PAM solutions.

This position was created in direct response to heightened investment in cybersecurity following a 2023 security incident impacting a small subset of customers. The organization has accelerated hiring, introduced modern tools, and is now completing the “third leg” of people, process, and technology — with PAM as a strategic capstone.

Why This Role Matters (Context)

• Strategic priority: PAM has become a top initiative to strengthen identity, workload access controls, and secrets management.
• Maturity journey: The company historically leveraged homegrown approaches and is now modernizing with best‑in‑class tools and frameworks.
• Net new, VP scope: This is a high‑visibility role requiring leadership, vision, and the ability to influence senior stakeholders across security, engineering, and enterprise architecture.

Where the Role Sits

• Embedded in Enterprise Architecture, supporting the cybersecurity program.
• Partners with security stakeholders, product teams, and engineering to design, pilot (POCs), and transition solutions for build‑out and operationalization.
• Reports into leadership responsible for enterprise cybersecurity architecture, with peer teams aligned to other business units.

What You’ll Do

• Define the PAM strategy and architecture aligned to organizational objectives and regulatory requirements.
• Design and guide deployment of PAM capabilities with emphasis on workload identities, access controls, and secrets management.
• Apply SPIFFE/SPIRE to establish secure, scalable, and standardized workload identity across hybrid environments.
• Leverage enterprise tools including CyberArk and HashiCorp Vault (experience with Delinea and Microsoft Entra ID is a plus).
• Establish policies, standards, and procedures for consistent, compliant privileged access.
• Measure and optimize controls using data‑driven insights to reduce risk and enhance posture.
• Run POCs and solution reviews; hand off designs to engineering for delivery.
• Collaborate with Cloud Security, IAM, product, and architecture governance to align designs and resolve risks.
• Stay current on emerging PAM and cybersecurity trends to continually mature the environment.

What You Bring

• 10 years in cybersecurity architecture within highly regulated industries.
• Bachelor’s in information security, Computer Science, or related; master’s preferred.
• Proven enterprise architecture experience designing and owning PAM solutions end‑to‑end.
• Deep expertise in identity and access management, privileged controls, secrets management, and related security technologies.
• Familiarity with PCI DSS, HIPAA, GDPR, and similar regulatory frameworks.
• Experience assessing build vs. buy options and driving platform decisions.
• Strong cloud architecture background (IAM with enterprise services, SSDLC, data protection, cryptography, key management).
• Executive presence with the ability to lead, influence, and gain consensus across complex organizations.
• Excellent communication skills for translating complex topics to non‑technical stakeholders.
• Relevant certifications such as CISSP, CISM, CRISC are highly desirable.

Work Style & Culture

• Hybrid: One week onsite, one week remote; flexible for life events and personal needs.
• Balance: Strong work/life culture; hours are flexible and typically under 40 per week.
• Technology‑forward: Patent‑oriented, innovation‑driven environment with dedicated teams pushing AI/ML, VR, robotics, and quantum initiatives.

Compensation – Base, Bonus & RSU (indicative for VP level)

• Base salary: $180K – $190K band; (broader ranges considered for exceptional profiles).
• Annual bonus: Target ~50% of base.
• Total cash: Typically ~$270K, depending on performance and level.
• Long‑term incentives:
• Restricted stock units (RSUs): Annual grants; example structure where initial grant vests after ~1 year, with subsequent annual vesting tranches.
• Performance shares: Paid in staged tranches (e.g., 1/3, then 2/3, then full), with materially higher value potential tied to performance outcomes.
• Award timing: New hires may receive first award in the next annual cycle (e.g., awards granted in November, vesting could begin 2027 with payout in 2028, depending on start date and plan rules).
• Make‑whole support: Potential for accelerated LTI if candidates are forfeiting RSUs/bonuses from current employer.

(Exact compensation, equity structure, and timing are subject to plan terms and individual negotiations.)

Interview Process

1. Security stakeholder round (e.g., Cloud Security, IAM): depth in PAM and identity controls.
2. Architecture review session with senior architects: walk through past solutions and thought process (mimics council/ARB format).
3. Product team collaboration round: evaluate cross‑functional partnering and delivery mindset.
4. Executive stakeholder round: with leadership over cybersecurity architecture and IAM.

Contact Info - s.obrien@huxley.com | (857) 317-5044 | LinkedIn DM | Apply via the live job