1. As the technical owner, engineer, implement, and maintain enterprise PKI and PAM capabilities that are pragmatic, user friendly, and meet the IMF’s security and privacy policies, standards, and architectural principles. This includes PKI and PAM infrastructure, including certificate authorities (CAs), hardware security modules (HSMs), code signing services, and certificate management systems.

2. Working with the information Security Group, develop and maintain policies and procedures for certificate issuance, renewal, revocation, and recovery.

3. Working closely with the IAM Governance Lead, translate PKI and PAM business requirements to functional and technical requirements and technical roadmaps.

4. Support the Section Chief in developing and implementing effective PKI and PAM processes and an operating model. Manage the PKI and PAM operations teams comprising contractors and MSP personnel ensuring timely delivery of key services.

5. Provide consulting and guidance to application teams around privileged access management, and cryptographic technologies.

6. Facilitate periodic access reviews, certifications, and audits to ensure compliance with IMF’s security policies and standards.

7. Manage the security, availability (HA and DR), and performance of the IMF’s PKI and PAM applications implementing rigorous resiliency measures to safeguard critical assets.

8. Identify opportunities and implement automation for operational tasks to improve performance and reduce operator errors utilizing scripting.

9. Lead the integration of PKI and PAM systems with internal and external systems and applications, ensuring seamless and secure access management across the technology ecosystem.

10. Understand all aspects of dependencies for business processes on PKI and PAM systems, and manage resolution of root causes for performance, reliability, or availability issues and deliver innovative solutions.

11. Implement JIT and Zero Trust standards and processes for privilege identity management to ensure strong lifecycle management and governance for the identities that have access to IMF’s crown jewels.

12. Stay at the forefront of emerging encryption technologies, PKI and PAM standards, and security trends, technologies, and best practices, and apply this knowledge to enhance IMF’s identity and encryption management strategies.

13. Working with the IMF’s security operations center, implement effective monitoring and audit access controls and permissions to identify potential security breaches or policy violations.

14. Collect, track and report on various PKI and PAM service SLAs/metrics/KPIs/KRIs

15. Develop and maintain standard operating procedures and playbooks related to PKI and PAM design and operations. Create end user training materials and conduct user training.

Requirements:

Minimum Qualifications

Advanced degree in information security, computer science, engineering, mathematics or related field of study or equivalent, plus a minimum of 4 years of relevant professional experience; or a bachelor’s degree in computer science or a related field of study plus a minimum of 10 years of relevant professional experience, is required.

• Candidates should possess one or more of the following certifications: CISSP, CISM, SABSA, GCSA, ITIL.
• Must have a minimum of 3 years of experience managing enterprise-wide PAM and PKI services.

Knowledge and/or experience in:

• Engineering, implementing and operations of Privileged Access Management with CyberArk (preferred).
• Implementing and managing PKI and Key Management service on-prem and in the cloud including Certificate Authority Administration, PKI machine identity technologies such as SSH, SSL/TLS and vaulting solutions.
• Design, installation, and configuration of Certificate Lifecycle Management solutions.
• Managing identity management, access provisioning, workflows, ABAC/RBAC, IAM lifecycle management, analytics, role and entitlement engineering.
• IAM systems such as Microsoft Active Directory, Azure AD, Okta, F5, Saviynt (preferred), SailPoint, or similar platforms.
• Strong knowledge of MS Cloud PKI and Azure PIM.
• MS cloud security portals and admin centers (Defender, Intune, MS Entra ID, Azure AD B2B/B2C, etc.).
• Modern approaches to IAM with Microsoft Azure/AD/SSO, OAuth, OpenID, and SAML.
• Scripting languages (e.g., PowerShell, Python) for automation of IAM tasks.
• Enterprise level IT service management, including continuous service improvement.
• Engineering and operating highly resilient PKI and Key Management services.

Work management skills

• Familiarity with a broad range of technologies supplemented by in-depth knowledge in specific areas of relevance. Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.
• Excellent insight of business and technology trends and their impact (risks and opportunities) to business enablement.
• Analytical skills that enable synthesis and correlation of inputs from many sources and allow for strategic thinking and tactical implementation.
• Ability to establish and maintain effective partnerships and working relations in a multi-cultural, multi-ethnic environment with sensibility and respect for diversity.
• Excellent management, organizational and interpersonal skills to influence others towards a shared vision and positive results with or without the line of command.
• Excellent written and verbal communication skills that are compelling, convincing and reassuring, with the ability to articulate complex technical ideas to non-technical stakeholders.
• Personal drive, ownership and accountability to meet deadlines and achieve agreed-upon results.
• Proven ability to collaborate with IT colleagues to prioritize work, develop roadmaps, enhance services, and contribute meaningfully to the department’s service delivery.