Jobdescription
Role Overview
We are seeking an experienced Privileged Access Management (PAM) Subject Matter Expert (SME) to lead the design, implementation, and operational maturity of PAM capabilities across a complex enterprise environment.
This role is responsible for establishing and enforcing robust security controls for privileged identities, ensuring compliance with regulatory and security standards, and embedding PAM as a core enterprise security capability.
The PAM Engineer will act as a technical authority, owning PAM architecture, policies, onboarding standards, and operational governance. The role works closely with Cyber Security, Infrastructure, Identity & Access Management (IAM), and Application teams to drive adoption, standardization, and continuous improvement.
Key Responsibilities
Strategy & Architecture
* Define and maintain the PAM architecture aligned with enterprise security strategy and Zero Trust principles.
* Develop and maintain PAM roadmaps, standards, and design patterns.
* Ensure effective integration of PAM solutions with IAM, SIEM, directory services, and cloud platforms.
* Own PAM tiering models and enforce Tier 0 protections.
Engineering & Implementation
* Lead PAM deployments and technical onboarding of:
o Domain and directory accounts
o Service accounts
o Local administrator accounts
o Application and DevOps identities
* Design and configure:
o Credential vaulting and automated rotation
o Session brokering and session recording
o Just-in-Time (JIT) privileged access
o Secrets management
* Provide technical leadership for PAM upgrades, migrations, and platform consolidation initiatives.
Governance, Risk & Compliance
* Define and maintain PAM policies, procedures, and control frameworks.
* Ensure alignment with relevant security and regulatory standards (e.g. ISO 27001, NIST, CIS Controls, GMP / GxP where applicable).
* Support audits, internal control testing, and regulatory inspections.
* Own risk assessments related to privileged access and drive remediation plans.
Operations & Continuous Improvement
* Establish PAM operational models, including runbooks and standard operating procedures (SOPs).
* Define service KPIs and performance metrics.
* Lead incident response activities related to privileged access compromise.
* Drive automation, standardization, and self-service onboarding capabilities.
Stakeholder Engagement
* Act as a trusted technical advisor to IT Security leadership and programme sponsors.
* Collaborate with application owners and infrastructure teams to securely onboard systems.
* Provide training, coaching, and knowledge transfer to operational teams.
* Support vendor management activities and product evaluations.
Essential Skills & Experience
Technical Expertise
* Strong hands-on expertise with at least one enterprise PAM platform, such as:
o CyberArk
o Delinea
o BeyondTrust
o One Identity
o HashiCorp Vault
* Deep understanding of Active Directory / Entra ID integration.
* Experience managing privileged access across Windows, Linux, and Unix environments.
* Solid understanding of networking, certificates, and identity-related security controls.
* Experience integrating PAM with SIEM platforms and implementing alerting.
Professional Experience
* Proven experience as a PAM Engineer, Architect, or SME in a large or complex enterprise environment.
* Experience designing and implementing Tier 0 / Tier 1 identity security controls.
* Experience working in regulated environments (e.g. finance, healthcare, life sciences, manufacturing).
* Demonstrated ability to lead technical designs and influence senior stakeholders.
Soft Skills
* Strong communication and stakeholder management skills.
* Ability to translate technical security controls into business risk language.
* Structured, analytical problem-solving approach.
* Comfortable operating independently and leading workstreams end-to-end.
Desirable Qualifications
* Security certifications such as:
o CISSP, CISM, CCSP
o Vendor-specific certifications (e.g. CyberArk Defender, Delinea Specialist)