A critical cybersecurity Tech Specialist role responsible for the design, implementation, and operational excellence of enterprise-wide Identity & Access Management (IAM) and Public Key Infrastructure (PKI) systems. This role will ensure secure, compliant, and efficient identity services across global environments, with a focus on Active Directory (AD), Azure AD, CyberArk, SailPoint and PKI.
Key Responsibilities
- Identity & Access Management Platform
- Define authentication and authorization reference architectures for existing and emerging IAM technologies.
- Drive global adoption of IAM standards across all IT systems.
- Enforce Garrett Cybersecurity Controls including access management, encryption, and logging within IAM reference architectures.
- Design and implement IAM solutions for both on-premise and cloud environments, ensuring scalability, reusability, and alignment with strategic business goals.
- Align IAM policies and standards with industry best practices and cloud adoption strategies.
- Champion identity solutions for digital transformation initiatives such as Data Lakes, eCommerce, and Factory Digitization
- Privileged Account Management
- Design and deploy a Privileged Access Management (PAM) program to secure high-privilege accounts across global infrastructure.
- Onboard SOX-critical applications to CyberArk, ensuring ITGC compliance by design.
- Implement password vaulting for administrative accounts across all onboarded systems.
- Define a roadmap for elevated privilege management using the CIA triad (Confidentiality, Integrity, Availability).
- Develop and globally publish standards and controls for privileged access management.
- Single Sing-on and Access Governance
- Design and implement a unified second-factor authentication platform integrated with Garrett s diverse technology stack.
- Architect secure Single Sign-On (SSO) systems resilient to common cyberattack techniques.
- Drive least privilege access control and implement automated access governance across the organization.
- Enhance the digital workspace experience with secure, seamless, and password-less authentication using Kerberos, certificates, and Windows Hello.
- Promote global collaboration by advancing technical security configuration architecture.
- PKI
- Design, implement, and manage enterprise-wide PKI services to support secure communications, authentication, and data integrity.
- Oversee certificate lifecycle management, including issuance, renewal, revocation, and monitoring.
- Integrate PKI with device authentication, SSO, VPN, email encryption, and code signing.
- Ensure PKI systems meet compliance and audit requirements (e.g., NIST, ISO 27001).
- Collaborate with security and infrastructure teams to ensure high availability and scalability of PKI services.
- Evaluate and implement hardware security modules (HSMs) and cloud-based PKI solutions as needed.
-
Differentiated technology
- Research contemporary identity protection technologies, including Blockchain-based Identity Management.
- Define and execute a roadmap for decentralized identity services.
- Deploy risk-based dynamic access control using AI/ML-driven risk scoring to mitigate identity threats.
- Evaluate and implement device-based authentication to enhance endpoint-aware access validation.
Education / Qualifications
Bachelor s degree in Information Technology or related discipline
Experience
- 8-10 years of IT experience and 6 years of Identity Management.
- Must have delivered 2 years as a senior technical specialist or technical lead supporting IAM/PKI platforms like AD, Azure AD, CyberArk, SailPoint and PKI.
Key Skills and Knowledge
- Proficient in Active Directory, Azure AD, and PKI services.
- Experience with SSO and MFA tools like Microsoft Hello, MFA, conditional access and identity protection.
- Hands-on experience with IAM platforms e.g. CyberArk, SailPoint for PAM, provisioning, and user lifecycle.
- Familiarity with global security regulations, risk assessments, and compliance.
- Skilled in service design, problem-solving, and operational execution.
- Ability to translate business issues/requirements and objectives into action plans.
- Strong leadership, interpersonal and communication skills (written and oral) with the ability to communicate at all organizational levels.
- Ability to translate business issues/requirements and objectives into action plans.
- Ability to promote strong teamwork in a global/regional operational support model.
- Proficiency in performing risk, business impact, control, and vulnerability assessments using manual or automated tools.
- Organized, responsive, and highly thorough problem solver.
- Executing Service Design and implementation.
