Principal Privileged Access Management (PAM) Lead - CyberArk

Summary

We’re looking for a hands-on PAM leader to own Gainwell’s enterprise Privileged Access Management strategy and execution. This role will lead the end-to-end implementation and ongoing evolution of CyberArk across on‑prem, cloud (AWS/Azure), and hybrid environments, establish PAM governance and controls, and partner across Infrastructure, Cloud, Identity, and Compliance teams to measurably reduce privileged risk while enabling the business.

Your role in our mission

• Define and lead Gainwell’s enterprise Privileged Access Management (PAM) vision, roadmap, and operating model, including policies, standards, processes, and measurable KPIs.

• Establish strong PAM governance through steering committees, risk reviews, and exception handling, and communicate outcomes and risk reduction to executive stakeholders.

• Architect, deploy, and evolve CyberArk across on-prem, cloud (AWS/Azure), and hybrid environments, including Vault/EPV, PVWA, CPM, and PSM.

• Drive phased onboarding of privileged identities, starting with Tier 0 and high-risk accounts and expanding to server, endpoint, and cloud workloads, ensuring stable transition to steady-state operations.

• Implement least-privilege and just-in-time (JIT) access models, privileged elevation and delegation (PEDM), session isolation and auditing, and enterprise secrets management aligned to industry best practices.

• Define and enforce privileged access standards, including safe structures, credential rotation, break-glass procedures, and emergency access controls.

• Build and operate scalable PAM processes for onboarding/offboarding, approvals, periodic access reviews, credential lifecycle management, and incident response for privileged misuse.

• Strengthen regulatory readiness by ensuring auditability and evidence generation aligned to frameworks such as HIPAA, SOC 2, and NIST.

• Partner with Identity, Infrastructure, Cloud, and DevOps teams to integrate PAM into CIEM, ITSM, and automation workflows, reducing standing privileges and hard-coded secrets.

• Enable adoption and long-term success through training programs, stakeholder engagement, and hands-on leadership as the enterprise PAM subject matter expert.

• Manage strategic relationships with CyberArk and delivery partners, ensuring platform alignment, continuous improvement, and measurable value realization.

What we're looking for

• 10+ years of experience in Information Security or Identity, including 5+ years leading enterprise PAM initiatives

• Proven, hands-on experience designing, deploying, and operating CyberArk (Privilege Cloud or PAS on-prem), including Vault/EPV, PVWA, CPM, PSM, session recording, and platform/safe configuration

• Deep expertise in Active Directory/Azure AD, Windows and Linux systems, AWS and Azure environments, and SIEM integrations

• Strong understanding of least privilege, privileged elevation and delegation (PEDM), just-in-time (JIT) access, secrets management, and privileged session isolation

• Demonstrated ability to build and scale security programs, policies, governance models, and KPIs in complex, cross-functional environments

• Excellent communication, leadership, and change-management skills

Preferred qualifications include:

• CyberArk certifications (Defender, Sentry, Guardian, CDE) or equivalent credentials

• Experience transitioning PAM programs from large-scale rollout to steady-state operations

• Familiarity with regulated environments and audit evidence generation (e.g., HIPAA, SOC 2, NIST)

• Automation or scripting experience (PowerShell, Python) to support onboarding and integrations

What you should expect in this role

• Remote work environment
• Opportunities to travel through your work.

The deadline to submit applications for this posting is January 16, 2025.