Who we're looking forWe're looking for a PKI Operations and Engineering leader at the Assistant Vice President level. This role owns the operational backbone of our certificate authority platforms, key management systems, and enterprise certificate lifecycle automation. The ideal candidate has hands-on experience running and scaling internal and external CAs, working with HSM-protected keys, and building automation that removes self-signed certificates and shortens rotation timelines without disrupting the business.You'll partner with security architects, infrastructure teams, and platform owners to strengthen our PKI footprint across data centers and cloud environments. This role needs someone who can translate technical requirements into clear standards, improve inventory coverage, and push execution across teams with confidence.
Why this role mattersPKI is a core security control in our environment. Certificates enable trusted authentication between users, workloads, and systems, and they're central to protecting financial infrastructure, regulatory compliance, and Zero Trust initiatives. This team ensures our cryptographic identity layer is reliable, compliant, and automated at scale.
What you will ownStrategy, advisory, and standardsShape and execute the enterprise PKI strategy with a strong operational lensDefine and document certificate and signing key standards for internal systems and cloud platformsSet requirements for certificate rotation, revocation, and incident response pathsEvaluate and onboard automation and discovery tools that expand certificate inventory coverageInfluence and align engineering, platform, and security teams on practical PKI prioritiesOperations and engineering executionRun internal CA platforms and integrations with external CAsManage HSM-backed private keys and secure signing workflowsBuild and scale certificate automation for issuance, renewal, rotation, and revocationIntegrate PKI into CI/CD pipelines, cloud workloads, and service identitiesPartner with infrastructure teams to remove self-signed certificates and reduce certificate sprawlDesign workflows for compromised, expired, or non-compliant certificatesTrack metrics for inventory completeness, revocation SLAs, rotation success, and automation coverageProduce executive-level updates that clearly show progress, risk, and operational health
Skills that matter mostExperience running enterprise PKI platforms (internal + external CAs)Certificate lifecycle automation and inventory expansion at scaleCryptographic key management using HSMs and vault platformsWindows and Linux system administrationComfort operating in regulated financial environmentsClear communicator who can drive change across teamsSelf-starter who takes ownership of outcomes and improves what they touch
Education and qualificationsBachelor's degree in a technical field or equivalent experience3–5 years working with certificate management, KMS, or CA platforms3–5 years administering Windows and Linux/Unix systemsExperience with:Internal and external CAsCertificate lifecycle automationHSM-backed key storage and signingSecrets or certificate discovery platformsIncident paths for compromised and expired certificatesPKI integrations in cloud and CI/CD pipelinesNice to have: IAM experience, MFA, privileged access controls, DR resiliency planningAbout State StreetAcross the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you'll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.Discover more information on jobs at Read our CEO Statement