PAM Security Architect

The Privileged Access Management (PAM) Security Architect is responsible for designing and implementing PAM architecture strategies for Client's Enterprise Cybersecurity organization.

This role requires deep expertise in workload access controls, secrets management, and familiarity with frameworks such as SPIFFE and SPIRE.

The ideal candidate will have extensive experience with PAM tools like Cyber Ark, Delinea, Hashi Corp Vault, and Microsoft Entra  ensure security and compliance across the organization.

While this is an individual contributor role, strong leadership and influencing skills are essential for driving initiatives and collaborating effectively.

• Develop a comprehensive PAM architecture strategy aligned with organizational objectives and regulatory requirements.
• Design and contribute to the development and deployment of PAM solutions, focusing on workload access controls and secrets management.
• Implement and manage secrets management solutions to ensure secure storage, access, and rotation of privileged credentials.
• Apply frameworks such as SPIFFE and SPIRE to establish secure, scalable, and standardized workload identities.
• Utilize PAM tools (Cyber Ark, Delinea Secret Server, Hashi Corp Vault, Microsoft Entra ) to enhance security measures and streamline access management processes.
• Define PAM policies, standards, and procedures for consistent and secure management of privileged accounts.
• Assess PAM controls and make data-driven decisions to reduce risk and strengthen security posture.
• Collaborate with technology and business partners to identify and mitigate privileged access risks.
• Stay updated on emerging trends and technologies in PAM and cybersecurity to drive continuous improvements.

• 10+ years of experience in cybersecurity architecture, strategies, and solutions within financial services or other highly regulated sectors.
• Bachelor’s degree in Information Security, Computer Science, or related field (Master’s preferred).
• Proven experience in architecting and deploying PAM solutions at an enterprise scale.
• Deep technical understanding of PAM capabilities, controls, and identity and access management technologies.
• Familiarity with regulatory requirements such as PCI DSS, HIPAA, or GDPR.
• Expertise in evaluating build vs. buy solution options.
• Working knowledge of cloud architectures and security considerations, including IAM, SSDLC, data protection, cryptography, and key management.
• Strong leadership and consensus-building skills to influence decisions across the organization.
• Excellent communication and interpersonal skills for conveying complex technical concepts to non-technical stakeholders.

• Experience with secrets management deployment using Hashi Corp Vault.
• Ability to drive adoption of modern secrets management capabilities (ephemeral secrets, machine identity, secret rotation).
• Understanding of PAM use cases involving non-interactive credentials.

• CISSP, CISM, or CRISC certifications are highly desirable.