Privileged Access Management Architect and Product Owner - CTO Office New York, NY Posted today

Our team:

We are the CTO Infrastructure group. We solve complex systems problems, enabling our engineers to quickly ship new products, and prototype the next generation of infrastructure security technologies. Whether we’re designing our next generation security controls, or threat modeling our distributed systems, our goal is to define the future of how we secure Bloomberg’s infrastructure. That’s where you come in.

As an architect and product owner in the CTO’s office, you’ll be trusted to understand the intersections between Bloomberg’s global technology footprint, unique software stack and security requirements, provide guidance for usable infrastructure security, ensure that logical security controls are manageable at our scale, and much more. Your leadership skills will influence the roadmap for future security technologies, while working alongside motivated engineers across the company to keep Bloomberg at the cutting edge. Our team works across many areas of security architecture, and you will have the opportunity to focus on the projects you are passionate about and bring your expertise to help reach our team’s goals.

We’ll expect you to:

• Develop a strategy for enterprise privileged access management, building on industry best practices and establishing a clear roadmap for adoption in collaboration with security, infrastructure, and application teams.

• Lead the evolution of our privileged access platform, including integration with identity management systems, secure vaulting solutions, just-in-time (JIT) access, and session management technologies.

• Continuously assess and identify opportunities to improve the security and efficiency of privileged access workflows and technologies, aligning them with organizational needs and regulatory requirements.

• Take a leadership role in defining the tools, techniques, and technologies used to control, monitor, and secure privileged access across Bloomberg’s infrastructure and systems.

• Drive modernization of PAM-related infrastructure, guiding teams toward secure architectures and updated access control standards.

• Foster a culture of least privilege and access transparency while understanding and managing the trade-offs between security, operational agility, and user productivity.

• Collaborate with vendors, consultants, and industry peers to exchange knowledge and stay informed on the latest developments in PAM tools, standards, and threat landscapes.

You’ll need to have:

• 10+ years of experience designing, implementing, and managing security controls in large-scale, distributed systems—with a strong emphasis on access control and identity governance.

• Proven expertise in privileged access management, including integration, automation, and policy enforcement for tools like CyberArk, BeyondTrust, or HashiCorp Vault.

• A history of building collaborative partnerships across engineering, operations, and risk teams to align privileged access strategies with enterprise goals.

• Strong ability to prototype and implement access control solutions, innovate on access models, and partner with engineering to drive enterprise-wide adoption.

• Experience evaluating build vs. buy tradeoffs, with a focus on scalability, security, and maintainability.

• Deep understanding of identity and access control protocols such as LDAP, Kerberos, SAML, OAuth, OIDC, and how these intersect with privileged access strategies.

We’d love to see:

• Solid understanding of cryptographic principles as they relate to secrets management, credential rotation, and secure remote access.

• Experience managing infrastructure at scale with an emphasis on secure automation and privileged task execution.

• Familiarity with operating system-level security controls used to enforce access restrictions (e.g., sudo policies, SELinux, eBPF, auditd).

• Experience integrating and securing both homegrown and third-party systems within a PAM framework.

• Hands-on experience designing and operating privileged access management platforms in complex enterprise environments.

• Understanding of enterprise identity ecosystems and how privileged access fits into broader governance and compliance initiatives.

Bloomberg is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy or parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law.

Bloomberg is a disability inclusive employer. Please let us know if you require any reasonable adjustments to be made for the recruitment process. If you would prefer to discuss this confidentially, please email amer_recruit@bloomberg.net