Principal Privileged Access Management (PAM) Lead - CyberArk

About The Position

Requirements

• 10+ years of experience in Information Security or Identity, including 5+ years leading enterprise PAM initiatives
• Proven, hands-on experience designing, deploying, and operating CyberArk (Privilege Cloud or PAS on-prem), including Vault/EPV, PVWA, CPM, PSM, session recording, and platform/safe configuration
• Deep expertise in Active Directory/Azure AD, Windows and Linux systems, AWS and Azure environments, and SIEM integrations
• Strong understanding of least privilege, privileged elevation and delegation (PEDM), just-in-time (JIT) access, secrets management, and privileged session isolation
• Demonstrated ability to build and scale security programs, policies, governance models, and KPIs in complex, cross-functional environments
• Excellent communication, leadership, and change-management skills

Nice To Haves

• CyberArk certifications (Defender, Sentry, Guardian, CDE) or equivalent credentials
• Experience transitioning PAM programs from large-scale rollout to steady-state operations
• Familiarity with regulated environments and audit evidence generation (e.g., HIPAA, SOC 2, NIST)
• Automation or scripting experience (PowerShell, Python) to support onboarding and integrations

Responsibilities

• Define and lead Gainwell’s enterprise Privileged Access Management (PAM) vision, roadmap, and operating model, including policies, standards, processes, and measurable KPIs.
• Establish strong PAM governance through steering committees, risk reviews, and exception handling, and communicate outcomes and risk reduction to executive stakeholders.
• Architect, deploy, and evolve CyberArk across on-prem, cloud (AWS/Azure), and hybrid environments, including Vault/EPV, PVWA, CPM, and PSM.
• Drive phased onboarding of privileged identities, starting with Tier 0 and high-risk accounts and expanding to server, endpoint, and cloud workloads, ensuring stable transition to steady-state operations.
• Implement least-privilege and just-in-time (JIT) access models, privileged elevation and delegation (PEDM), session isolation and auditing, and enterprise secrets management aligned to industry best practices.
• Define and enforce privileged access standards, including safe structures, credential rotation, break-glass procedures, and emergency access controls.
• Build and operate scalable PAM processes for onboarding/offboarding, approvals, periodic access reviews, credential lifecycle management, and incident response for privileged misuse.
• Strengthen regulatory readiness by ensuring auditability and evidence generation aligned to frameworks such as HIPAA, SOC 2, and NIST.
• Partner with Identity, Infrastructure, Cloud, and DevOps teams to integrate PAM into CIEM, ITSM, and automation workflows, reducing standing privileges and hard-coded secrets.
• Enable adoption and long-term success through training programs, stakeholder engagement, and hands-on leadership as the enterprise PAM subject matter expert.
• Manage strategic relationships with CyberArk and delivery partners, ensuring platform alignment, continuous improvement, and measurable value realization.

Benefits

• generous, flexible vacation policy
• educational assistance
• leadership and technical development academies