Main Responsibilities :
- Define, own, and maintain the PAM architecture aligned with enterprise security strategy and Zero Trust principles
- Design and drive PAM roadmaps, standards, and onboarding models
Lead PAM deployments and onboarding of : Privileged domain and directory accounts
Service and application accounts
Local administrator and infrastructure accounts
DevOps and automation identities
Design and configure PAM capabilities, including : Credential vaulting and automatic password rotation
Privileged session brokering and recording
Just-in-Time (JIT) privileged access
Secrets management
Ensure effective integration with IAM platforms, SIEM solutions, directory services, and cloud environmentsOwn PAM tiering models , including Tier 0 protectionsDefine and enforce PAM policies, procedures, and control frameworksSupport audits, regulatory inspections, and internal controls testingLead risk assessments related to privileged access and remediation activitiesEstablish operational models , runbooks, SOPs, and service KPIsSupport incident response related to privileged access compromiseAct as a technical advisor to security leadership and key stakeholdersProvide training, guidance, and knowledge transfer to internal teamsSupport vendor selection, evaluation, and platform optimisationQualifications and Experience :
Proven experience as a PAM Engineer, Architect, or Subject Matter Expert in large or complex environmentsStrong hands-on expertise with at least one enterprise PAM solution , such as : CyberArk, Delinea, BeyondTrust, One Identity, or HashiCorp VaultSolid experience integrating PAM with : Active Directory / Entra ID
Windows, Linux, and Unix environments
Good understanding of : Identity and access security controls
Networking, certificates, and authentication mechanisms
SIEM integration and security alerting
Experience designing and enforcing Tier 0 / Tier 1 identity security controlsBackground working in regulated industries (e.g. finance, healthcare, life sciences, manufacturing)Strong communication skills with the ability to translate technical security concepts into business riskStructured, autonomous, and delivery-focused mindsetRelevant security certifications (CISSP, CISM, CCSP, or vendor-specific certifications) are a plus