Rodeo
ResourcesPartnersSign in

State Street

Head of Workforce Authentication Services, MD

Boston
$170k – $282.5k/yr
Posted about 23 hours ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Who we are looking for

Global Cybersecurity (GCS) protects State Street and its clients from the impact of cyber-attacks against systems by understanding the risks these attacks present and mitigating them through a robust, continuously evolving cybersecurity program and control environment.

Reporting to the Head of Identity & Access Management, the Head of Workforce Authentication Services, MD will lead the strategic direction, engineering, operations, and compliance posture of all workforce authentication platforms at State Street. This role consolidates capabilities currently distributed across two towers into a single, accountable engineering and operations leadership role.

Why this role is important to us

The successful candidate will also serve as the engineering leader for the Workforce Passwordless program, owning the end-to-end technical execution and the elimination of password-dependent authentication protocols across the enterprise.

What you will be responsible for

Scope of Platforms and Services

The role owns engineering, operations, resilience, and compliance for the workforce authentication platform stack, including but not limited to:

  • Directory & Identity Plane: Active Directory (on-premises forests, domain controllers, Kerberos, Group Policy), Microsoft Entra ID, Entra Connect, Cloud Kerberos Trust, Conditional Access
  • Federation & SSO: Identity Providers, SAML/OIDC federation, SSO onboarding intake, and engineering
  • Strong Authentication & MFA: MFA systems, FIDO2, MFA compliance reporting, and exception management
  • Passwordless Program (Workforce): Engineering leadership across the full passwordless roadmap — vendor assessments, CA policy design, OS/endpoint integration, and other touch points in the technology stack.
  • Resilience & Operations: 24x7 run of authentication services, DR/BCP, capacity, patching, DC exit programs, vulnerability, and pen-test finding remediation across the authentication estate

Key Responsibilities

Strategic Leadership

  • Develop and execute a single, unified Workforce Authentication strategy that consolidates all authentication services into one engineering and operations function with one accountable leader.
  • Define the multi-year target architecture for authentication aligned to State Street's Technology and Security strategies.
  • Partner with the Heads of CIAM, Privileged & Infrastructure Access, IGA, and IAM Oversight to ensure a coherent, end-to-end IAM operating model.

Engineering Leadership – Workforce Passwordless

  • Serve as the engineering owner of the Workforce Passwordless program, accountable for delivery against EC-committed milestones and the financial plan.
  • Lead the technical design and rollout of supporting technologies required to enable transition to passwordless authentication.
  • Drive vendor and product assessments and lead comparative POCs aligned to State Street use cases.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Standards, Compliance & Lines of Defence

  • Own the Authentication compliance with IAM Standard (Account Authentication, Password Parameters, MFA, Federation/SSO, Session Management) and ensure alignment to NIST SP 800-53, NIST SP 800-63B, DORA, BAIT, UK PRA SS1/21, MAS TRM, HKMA SPM, and APRA CPS 234.
  • Support assurance compliance with the Second Line of Defence (Technology Risk Management), Third Line (Corporate Audit), and External Auditors (E&Y) — including evidence ownership, RCSA control mapping, and finding remediation.
  • Provide support and data for compliance management across the workforce authentication environment: control design, control testing readiness, KRI/KPI reporting to the IAM Governance Council, Cybersecurity Risk Committee (CRC), and Technology Risk Committee (TRC).

Remediation & Audit/Pen-Test Findings

  • Own end-to-end remediation of all audit, regulatory, and penetration-test findings affecting workforce authentication.

Resilience & Operations of Critical Systems

  • Accountable for the availability, performance, and resilience of Tier-0 authentication services, including DR posture, recovery testing, capacity management, and major-incident command for authentication outages.
  • Own the operational interface for Authentication Services with key partners including End User Computing, Platform Engineering, Production Management, Network, and the regional IT heads.

People & Operating Model

  • Lead a globally distributed team across; evolve the operating model in line with the IAM portfolio management framework.
  • Drive talent strategy, succession, and a culture of engineering excellence, multi-disciplinary delivery, and accountable ownership.

What we value

These skills will help you succeed in this role

  • 15+ years in technology / engineering / security roles, with at least 8 years leading large-scale authentication engineering and operations functions ideally in a regulated financial services environment.
  • Deep, hands-on technical depth across Active Directory, Microsoft Entra ID, Kerberos, LDAP, SAML, OIDC, FIDO2/WebAuthn, MFA, and federation platforms.
  • Proven track record of regulator-facing and audit-facing accountability, with the ability to defend control design and enhancement plans to PRA, FCA, DORA, MAS, HKMA, APRA, and internal/external audit.
  • Experience operating Tier-0 critical services with strict availability, DR, and resilience SLAs.

Education & Preferred Qualifications

  • Experience consolidating previously siloed identity/authentication towers into a single accountable function.
  • Experience leading globally distributed teams across US, EMEA, and India.
  • Bachelor's Degree in Cyber Security or related technical discipline

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Salary Range:

$170,000 - $282,500 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Benefits

Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.

For a full overview, visit https://hrportal.ehr.com/statestreet/Home.

About State Street

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at StateStreet.com/careers

Read our CEO Statement

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Active Directory
Microsoft Entra ID
Kerberos
SAML
OIDC
FIDO2
MFA
Identity & Access Management
Cybersecurity Strategy
Regulatory Compliance
Passwordless Authentication
Disaster Recovery
Vendor Assessment
Engineering Leadership
Stakeholder Management
Audit Remediation

Location

London, England, United Kingdom

Sign up to applySee more jobs like this