CyberArk PAM Architect (SCA/SIA/DevOps) - Privilege Cloud/Financial Services

Posted 3 hours 11 minutes ago by WNTD

£950 Annual
Contract
Not Specified
Other
London, United Kingdom
Job Description

We are supporting a major global financial markets infrastructure organisation on a large-scale enterprise security transformation programme, delivering a next-generation Privileged Access Management (PAM) capability.

As part of this initiative, the organisation is implementing CyberArk Privilege Cloud (SaaS) as the strategic PAM platform across a complex hybrid and multi-cloud estate.

We are looking for a high-calibre CyberArk PAM Architect with strong experience across Secure Cloud Access (SCA), Secure Infrastructure Access (SIA) and DevSecOps-driven PAM automation to define and deliver enterprise-scale architecture.

Key Responsibilities

  • Define the end-to-end CyberArk Privilege Cloud (SaaS) target architecture
  • Design and implement SCA (Secure Cloud Access) models across Azure and AWS (including JIT access)
  • Define SIA (Secure Infrastructure Access) models for Servers, applications and traditional infrastructure
  • Architect privileged access models including session management, credential vaulting and elevation workflows
  • Design integration patterns with enterprise systems:
    • Microsoft Entra ID (Azure AD)
    • SailPoint IdentityNow/IGA platforms
    • ServiceNow (request/approval workflows)
    • SIEM/observability tools (Splunk, DataDog)
  • Define DevSecOps-aligned PAM onboarding frameworks, including CI/CD-driven automation and API-based integrations
  • Produce architecture artefacts including HLD, LLD, SDD and design patterns
  • Define identity federation, MFA and authentication architecture
  • Design data protection, encryption and session recording models (including retention policies)
  • Support security governance, audit, and regulatory compliance processes
  • Contribute to the enterprise PAM transformation roadmap

Required Experience

  • Proven experience as a CyberArk PAM Architect in large enterprise environments
  • Deep knowledge of CyberArk Privilege Cloud/CyberArk SaaS architecture
  • Strong experience designing enterprise PAM solutions at scale
  • Hands-on experience with:
    • SCA (Secure Cloud Access) - Azure & AWS privileged access models
    • SIA (Secure Infrastructure Access) - server and application access control
  • Experience defining JIT (Just-in-Time) privileged access models
  • Strong understanding of IAM/PAM integration (Entra ID, SailPoint, ServiceNow)
  • Experience with DevSecOps/automation frameworks for PAM onboarding (CI/CD, APIs)
  • Strong knowledge of credential vaulting, session management, and privileged identity life cycle
  • Experience working in highly regulated environments (financial services, banking, insurance)

Highly Desirable

  • CyberArk Sentry/Guardian level certification
  • Experience delivering large-scale PAM transformation programmes
  • Experience designing CyberArk Conjur/secrets management solutions
  • Exposure to cloud-native security architecture patterns
  • Experience with NIST or equivalent security governance frameworks

Additional Information

This is a high-profile programme within a globally recognised organisation operating critical financial infrastructure.

While the role is primarily remote, there may be a requirement for occasional on-site presence in London.

This role is Inside IR35

This role pays up to £950. However, they may be more for anyone exceptional who ticks all the boxes. TBC.