Who we're looking for We're looking for a PKI Operations and Engineering leader at the Assistant Vice President level.
This role owns the operational backbone of our certificate authority platforms, key management systems, and enterprise certificate lifecycle automation.
The ideal candidate has hands-on experience running and scaling internal and external CAs, working with HSM-protected keys, and building automation that removes self-signed certificates and shortens rotation timelines without disrupting the business.
You'll partner with security architects, infrastructure teams, and platform owners to strengthen our PKI footprint across data centers and cloud environments.
This role needs someone who can translate technical requirements into clear standards, improve inventory coverage, and push execution across teams with confidence.
Why this role matters PKI is a core security control in our environment.
Certificates enable trusted authentication between users, workloads, and systems, and they're central to protecting financial infrastructure, regulatory compliance, and Zero Trust initiatives.
This team ensures our cryptographic identity layer is reliable, compliant, and automated at scale.
What you will own Strategy, advisory, and standards Shape and execute the enterprise PKI strategy with a strong operational lens Define and document certificate and signing key standards for internal systems and cloud platforms Set requirements for certificate rotation, revocation, and incident response paths Evaluate and onboard automation and discovery tools that expand certificate inventory coverage Influence and align engineering, platform, and security teams on practical PKI priorities Operations and engineering execution Run internal CA platforms and integrations with external CAs Manage HSM-backed private keys and secure signing workflows Build and scale certificate automation for issuance, renewal, rotation, and revocation Integrate PKI into CI/CD pipelines, cloud workloads, and service identities Partner with infrastructure teams to remove self-signed certificates and reduce certificate sprawl Design workflows for compromised, expired, or non-compliant certificates Track metrics for inventory completeness, revocation SLAs, rotation success, and automation coverage Produce executive-level updates that clearly show progress, risk, and operational health Skills that matter most Experience running enterprise PKI platforms (internal + external CAs) Certificate lifecycle automation and inventory expansion at scale Cryptographic key management using HSMs and vault platforms Windows and Linux system administration Comfort operating in regulated financial environments Clear communicator who can drive change across teams Self-starter who takes ownership of outcomes and improves what they touch Education and qualifications Bachelor's degree in a technical field or equivalent experience 3–5 years working with certificate management, KMS, or CA platforms 3–5 years administering Windows and Linux/Unix systems Experience with:Internal and external CAsCertificate lifecycle automationHSM-backed key storage and signingSecrets or certificate discovery platformsIncident paths for compromised and expired certificatesPKI integrations in cloud and CI/CD pipelines Nice to have: IAM experience, MFA, privileged access controls, DR resiliency planning About State Street Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability.
We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.
We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential.
As an essential partner in our shared success, you'll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most.
Join us in shaping the future.
As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.
Discover more information on jobs at StateStreet.com/careers Read our CEO Statement