Vice President Privileged Access Management

Job Description:

Position Summary: The Head of Privileged Access Management (PAM) is a senior leadership role responsible for developing, implementing, and overseeing the organization's PAM strategies and solutions. This position requires deep expertise in workload access controls, secrets management, and a solid understanding of frameworks such as SPIFFE and SPIRE. The ideal candidate will have extensive experience with PAM tools, including CyberArk, Delinea, HashiCorp Vault, and Microsoft Entra ID, to ensure the security and compliance of the organization's IT infrastructure. Strong people leadership and influencing skills are essential to drive initiatives and collaborate effectively across the organization.

• Develop and implement a comprehensive PAM strategy that aligns with organizational objectives and regulatory requirements.
• Lead the design, development, and deployment of PAM solutions, focusing on workload access controls and secrets management.

• Oversee the implementation and management of secrets management solutions, ensuring the secure storage, access, and rotation of privileged credentials.
• Apply frameworks like SPIFFE (Secure Production Identity Framework For Everyone) and SPIRE (SPIFFE Runtime Environment) to establish secure, scalable, and standardized workload identities.
• Manage privileged access on endpoints, ensuring that privileged accounts are properly controlled, monitored, and audited.
• Leverage PAM tools such as CyberArk, Delinea Secret Server, HashiCorp Vault, and Microsoft Entra ID to enhance security measures and streamline access management processes.

• Establish and enforce PAM policies, standards, and procedures to ensure consistent and secure management of privileged accounts.
• Monitor and assess the effectiveness of PAM controls, making data-driven decisions to enhance security posture.

• Ensure PAM practices comply with organizational policies and regulatory requirements.
• Conduct regular audits and assessments of privileged accounts and access controls to identify and mitigate risks.

• Collaborate with IT, cybersecurity, compliance, and other stakeholders to define and implement access policies, user roles, and control procedures.
• Utilize strong influencing skills to drive the adoption of PAM best practices and ensure alignment with organizational goals.
• Communicate and present strategic PAM initiatives to executive leadership, translating complex technical concepts into actionable business terms.

• Lead and mentor a diverse team of PAM professionals, fostering a culture of continuous improvement and professional development.
• Build a high-performance environment and implement strategies to attract, retain, and develop top talent.
• Demonstrate effective people leadership skills to successfully deploy PAM solutions and meet overall Information Security and Risk Management (ISRM) objectives.

• Bachelor's degree in Information Security, Computer Science, or a related field; a Master's degree is preferred.
• Minimum of 10 years of experience in identity and access management, with at least 5 years in a leadership role focused on PAM.
• Proven experience in implementing and managing workload access controls and secrets management solutions.
• Demonstrated experience with frameworks such as SPIFFE and SPIRE for workload identity management.
• Extensive experience with PAM tools, including CyberArk, Delinea Secret Server, HashiCorp Vault, and Microsoft Entra ID.
• Strong people leadership and influencing skills, with a track record of successfully leading teams and driving organizational change.

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are highly desirable.

• Deep understanding of PAM fundamentals, including role-based access control, least privilege principles, and session monitoring.
• Strong analytical and problem-solving abilities.
• Excellent project management skills with the ability to manage multiple initiatives simultaneously.
• Exceptional communication and interpersonal skills, with the ability to effectively communicate complex technical concepts to non-technical stakeholders.

• Experience in the financial services industry or other highly regulated sectors.
• Familiarity with regulatory requirements related to PAM, such as PCI DSS, HIPAA, or GDPR.
• Experience with cloud-based PAM solutions and services.