IAM​/PAM Design Expert KSA

Key Responsibilities

• Design the target-state architecture for Identity & Access Management (IAM) and Privileged Access Management (PAM), with particular focus on high-risk privileged access scenarios.
• Define onboarding standards and integration requirements across directory services, MFA, and Single Sign-On (SSO) platforms, including end-to-end access lifecycle processes.
• Establish operational baselines for privileged access governance, covering password and key vaulting, credential rotation, approval workflows, session control and recording, and emergency "break-glass" access procedures.
• Define a secure approach for third-party and OEM privileged access, including vendor remote access controls and governance frameworks.
• Assess current IAM/PAM configurations against industry best practices and NCA ECC (Essential Cybersecurity Controls) requirements.
• Identify gaps and deliver clear, prioritized remediation actions with practical implementation guidance.
• Define monitoring requirements and alert use-cases for integration with SOC/SIEM platforms, including detection of privileged misuse, anomalous access patterns, and high-risk behavior indicators.
• Produce comprehensive configuration guides, Standard Operating Procedures (SOPs), and technical documentation for IT and security teams.
• Deliver structured training and knowledge transfer sessions to ensure operational teams can sustain and manage the implemented controls.

• Proven experience in IAM/PAM design and implementation within enterprise environments.
• Hands-on experience with leading PAM platforms (e.g., Cyber Ark, Beyond Trust, Delinea/Thycotic).
• Strong understanding of directory services (Active Directory, LDAP), MFA solutions, and SSO protocols (SAML, OAuth, OIDC).
• Familiarity with NCA ECC and regional cybersecurity compliance frameworks.
• Experience integrating PAM monitoring with SIEM/SOC environments.
• Ability to produce clear technical documentation and deliver knowledge transfer to diverse audiences.