IAM Lead: Privileged Access Management; PAM - Director

Role Description

This role will be part of the IAM Architecture and Engineering function within SMBC. The individual will work with the Group Companies to provide elegant solutions that adhere to the core principles of Zero‑Trust, Just‑In‑Time and Just‑Enough‑Access while balancing it with a frictionless experience for end users and applications. The ideal candidate must be a subject‑matter expert in IAM and be aware of modern authentication protocols and industry standards.

The individual will play a key role in securing privileged identities, aligning PAM capabilities with zero‑trust and compliance frameworks, and using capabilities of products like Cyber Ark, Delinea (Thycotic), Microsoft Entra PIM, and other PAM toolsets.

• Design and maintain end‑to‑end PAM architecture including vaulting, session monitoring, just‑in‑time access, and admin workflows
• Lead deployment and configuration of Cyber Ark components (PVWA, CPM, PSM, Conjur, etc.)
• Integrate Cyber Ark or Delinea Secret Server and/or other PAM tools into hybrid/cloud infrastructure
• Implement and manage Microsoft Entra PIM for JIT elevation and role lifecycle controls
• Architect and enforce least privilege models (RBAC, JIT, ABAC) across on‑prem and cloud platforms (Azure, AWS, GCP)
• Partner with IAM, SOC, Security Architecture, Infrastructure and Application teams to enforce privilege identity policies
• Automate PAM provisioning and approval workflows and integrate with Service Now
• Maintain logging and monitoring of privilege activities and integration with SIEM tools like Microsoft Sentinel and Cribl
• Document architecture, SOPs, onboarding processes, and contribute to policy documents
• Research and evaluate PAM platforms, tools, and technologies that meet the organization’s needs
• Provide guidance and mentorship to other team members on PAM best practices and emerging technologies
• Provide guidance and documentation for Infrastructure/Database/Cloud/App teams to embed PAM services in their day‑to‑day operations, ensuring seamless integration, good adoption and optimal performance

• 5+ years of experience in identity and access management, with a focus on PAM
• Strong understanding of identity management protocols (OAuth, OpenID Connect, SAML, etc.) and deep expertise in Cyber Ark and Delinea
• Proficient with Microsoft Entra PIM, Azure RBAC, and Entra
• Experience with implementing JIT, break‑glass, and PAM for human and non‑human identities
• Strong scripting skills
• Strong problem‑solving skills, with the ability to analyze complex technical environments and develop effective solutions
• Excellent communication and interpersonal skills, with the ability to collaborate across teams and influence stakeholders
• High attention to detail and self‑driven

• Bachelor’s degree in Computer Science, Information Technology, or related field
• Certification – CISSP, cloud or other security related
• Cyber Ark experience/training/certification is a plus

EOE, including Disability/veterans