AI IAM Architect

Where Ambition Meets Innovation
 

Build a career that matches all your initiative with an impressive dose of innovation. From cutting-edge resources and a collaborative environment to the freedom to make an impact and more, you’ll find the ingredients you need at LPL Financial to shape your success while helping clients pursue their financial goals.

Job Overview:

We are seeking an experienced Identity and Access Management (IAM) Architect with a strong AI and agent-integration focus to lead the design, proof-of-concept (POC), and hands-on implementation of identity patterns for AI workloads, conversational agents, and AI platform integrations across the enterprise. The ideal candidate combines deep IAM architecture expertise with practical engineering skills—building POCs, configuring OAuth/OIDC flows, and partnering directly with AI engineering teams to secure agent runtimes, tool access, and human-in-the-loop experiences.

This role owns IAM architecture for AI use cases, including delegated and service-to-service access, API gateway/BFF token flows, scoped credentials, and governance alignment. You will design and validate OAuth/OIDC patterns (Auth Code + PKCE, OBO, token exchange, client credentials) across identity providers (PingOne AIC, Entra ID), gateways, and agent platforms. The AI IAM Architect partners across AI/platform engineering, IAM, security, and enterprise architecture to define reusable, secure, and production-ready identity standards for agents.

Key Responsibilities:

• Discover AI/agent identity requirements across users, services, runtimes, tools, and APIs.

• Assess existing SSO, MFA, federation, and API authorization models; identify gaps in delegation, token lifecycle, scopes, secrets, and auditability.

• Design enterprise IAM patterns (user context propagation, delegation chains, BFF sessions, least-privilege access) and OAuth/OIDC client models.

• Define standards for securing agent tools, data access, and cross-domain integrations; align to zero trust and regulatory controls.

• Produce architecture artifacts (CAD/HLD/PSS) and reference implementations.

• Lead and build IAM POCs (end-to-end flows, token exchange, gateway enforcement, delegated agent access).

• Configure/test identity flows; troubleshoot tokens, scopes, and integrations.

• Implement or guide IAM integrations across gateways, BFFs, agent orchestration, and observability.

• Transition validated patterns to IAM engineering for production rollout.

• Define agent identity lifecycle (registration, credential rotation, revocation, environment separation).

• Integrate IAM across AI platform components; support CI/CD and IaC for IAM configurations.

• Establish patterns for human-in-the-loop controls, break-glass access, and rate limiting.

• Maintain documentation, decision records, diagrams, and runbooks.

• Deliver POC summaries, evaluations, and implementation guidance; communicate risks and dependencies.

• Ensure regulatory compliance; partner on threat modeling and controls (secrets, PAM, audit evidence).

• Serve as IAM SME for AI initiatives; mentor engineers.

• Deliver production-ready IAM patterns and reduce identity risk across AI workloads.

Requirements:

• 10+ years in IAM, security architecture, or platform engineering with significant IAM scope.

• 2+ years building IAM POCs and troubleshooting OAuth 2.0 / OIDC flows (Auth Code + PKCE, refresh tokens, client credentials, token exchange, OBO).

• 2+ years with PingOne AIC and/or Microsoft Entra ID.

Core Competencies:

• Hands-on experience designing identity for APIs, microservices, and BFF architectures.

• Experience integrating IAM with API gateways, AI/ML platforms, and modern application stacks.

• Strong knowledge of SAML, OAuth, OIDC, JWT, scopes, and authorization patterns.

• Familiarity with agent/tool identity models and secure integration patterns.

• Ability to translate AI requirements into secure identity designs; strong communication skills.

Preferences:

• Experience delivering AI/ML agents or copilots to production.

• Experience with SailPoint, CyberArk/Delinea, or Auth0/CIAM.

• Knowledge of AI-aware API gateways (e.g., Kong).

• Experience with IAM modernization or M&A programs.

• Relevant certifications (CISSP, CCSP, Entra, Ping, SailPoint, AWS).

• Familiarity with zero trust and identity threat detection.

 

Pay Range:

$153,470.00 - $255,749.00
 Actual base salary varies based on factors, including but not limited to, relevant skill, prior experience, education, base salary of internal peers, demonstrated performance, and geographic location. Additionally, LPL Total Rewards package is highly competitive, designed to support your success at work, at home, and at play – such as 401K matching, health benefits, employee stock options, paid time off, volunteer time off, and more. Your recruiter will be happy to discuss all that LPL has to offer!
 

Company Overview:

LPL Financial Holdings Inc. (Nasdaq: LPLA) is among the fastest growing wealth management firms in the U.S. As a leader in the financial advisor-mediated marketplace(6) , LPL supports over 32,000 financial advisors and the wealth management practices of approximately 1,100 financial institutions, servicing and custodying approximately $2.3 trillion in brokerage and advisory assets on behalf of approximately 8 million Americans. The firm provides a wide range of advisor affiliation models, investment solutions, fintech tools and practice management services, ensuring that advisors and institutions have the flexibility to choose the business model, services, and technology resources they need to run thriving businesses. For further information about LPL, please visit www.lpl.com.

At LPL, independence means that advisors and institution leaders have the freedom they deserve to choose the business model, services, and technology resources that allow them to run a thriving business. They have the flexibility to do business their way. And they have the freedom to manage their client relationships, because they know their clients best. Simply put, we take care of our advisors and institutions, so they can take care of their clients.

For further information about LPL, please visit www.lpl.com.

Join the LPL team and help us make a difference by turning life’s aspirations into financial realities. Please log in or create an account to apply to this position. Principals only. EOE.

Information on Interviews:

LPL will only communicate with a job applicant directly from an @lplfinancial.com email address and will never conduct an interview online or in a chatroom forum.  During an interview, LPL will not request any form of payment from the applicant, or information regarding an applicant’s bank or credit card.  Should you have any questions regarding the application process, please contact LPL’s Human Resources Solutions Center at (855) 575-6947.

EAC 5.19.26