IAM - PKI Cybersecurity Tech Specialist

A critical cybersecurity Tech Specialist role responsible for the design, implementation, and

operational excellence of enterprise-wide Identity & Access Management (IAM) and Public

Key Infrastructure (PKI) systems. This role will ensure secure, compliant, and efficient

identity services across global environments, with a focus on Active Directory (AD), Azure

AD, CyberArk, SailPoint and PKI.

Key Responsibilities

1. Identity & Access Management Platform

1. Define authentication and authorization reference architectures for existing

and emerging IAM technologies.

2. Drive global adoption of IAM standards across all IT systems.

3. Enforce Cybersecurity Controls including access management,

encryption, and logging within IAM reference architectures.

4. Design and implement IAM solutions for both on-premise and cloud

environments, ensuring scalability, reusability, and alignment with strategic

business goals.

5. Align IAM policies and standards with industry best practices and cloud

adoption strategies.

6. Champion identity solutions for digital transformation initiatives such as Data

Lakes, eCommerce, and Factory Digitization

2. Privileged Account Management

1. Design and deploy a Privileged Access Management (PAM) program to

secure high-privilege accounts across global infrastructure.

2. Onboard SOX-critical applications to CyberArk, ensuring ITGC compliance by

design.

3. Implement password vaulting for administrative accounts across all

onboarded systems.

4. Define a roadmap for elevated privilege management using the CIA triad

(Confidentiality, Integrity, Availability).

5. Develop and globally publish standards and controls for privileged access

management.

3. Single Sing-on and Access Governance

1. Design and implement a unified second-factor authentication platform

integrated with company's diverse technology stack.

2. Architect secure Single Sign-On (SSO) systems resilient to common

cyberattack techniques.

3. Drive least privilege access control and implement automated access

governance across the organization.

4. Enhance the digital workspace experience with secure, seamless, and

password-less authentication using Kerberos, certificates, and Windows

Hello.

5. Promote global collaboration by advancing technical security configuration

architecture.

4. PKI

1. Design, implement, and manage enterprise-wide PKI services to support

secure communications, authentication, and data integrity.

2. Oversee certificate lifecycle management, including issuance, renewal,

revocation, and monitoring.

3. Integrate PKI with device authentication, SSO, VPN, email encryption, and

code signing.

4. Ensure PKI systems meet compliance and audit requirements (e.g., NIST,

ISO 27001).

5. Collaborate with security and infrastructure teams to ensure high availability

and scalability of PKI services.

6. Evaluate and implement hardware security modules (HSMs) and cloud-based

PKI solutions as needed.

5. Differentiated technology

1. Research contemporary identity protection technologies, including

Blockchain-based Identity Management.

2. Define and execute a roadmap for decentralized identity services.

3. Deploy risk-based dynamic access control using AI/ML-driven risk scoring to

mitigate identity threats.

4. Evaluate and implement device-based authentication to enhance endpoint-

aware access validation.

Education / Qualifications

Bachelors degree in Information Technology or related discipline

Experience

• 8-10 years of IT experience and 6 years of Identity Management.

• Must have delivered 2 years as a senior technical specialist or technical lead

supporting IAM/PKI platforms like AD, Azure AD, CyberArk, SailPoint and PKI.