We are supporting a major global financial markets infrastructure organisation on a large-scale enterprise security transformation programme, delivering a next-generation Privileged Access Management (PAM) capability.

As part of this initiative, the organisation is implementing CyberArk Privilege Cloud (SaaS) as the strategic PAM platform across a complex hybrid and multi-cloud estate.

We are looking for a high-calibre CyberArk PAM Architect with strong experience across Secure Cloud Access (SCA), Secure Infrastructure Access (SIA) and DevSecOps-driven PAM automation to define and deliver enterprise-scale architecture.

Key Responsibilities

• Define the end-to-end CyberArk Privilege Cloud (SaaS) target architecture
• Design and implement SCA (Secure Cloud Access) models across Azure and AWS (including JIT access)
• Define SIA (Secure Infrastructure Access) models for Servers, applications and traditional infrastructure
• Architect privileged access models including session management, credential vaulting and elevation workflows
• Design integration patterns with enterprise systems:
  • Microsoft Entra ID (Azure AD)
  • SailPoint IdentityNow/IGA platforms
  • ServiceNow (request/approval workflows)
  • SIEM/observability tools (Splunk, DataDog)
• Define DevSecOps-aligned PAM onboarding frameworks, including CI/CD-driven automation and API-based integrations
• Produce architecture artefacts including HLD, LLD, SDD and design patterns
• Define identity federation, MFA and authentication architecture
• Design data protection, encryption and session recording models (including retention policies)
• Support security governance, audit, and regulatory compliance processes
• Contribute to the enterprise PAM transformation roadmap

Required Experience

• Proven experience as a CyberArk PAM Architect in large enterprise environments
• Deep knowledge of CyberArk Privilege Cloud/CyberArk SaaS architecture
• Strong experience designing enterprise PAM solutions at scale
• Hands-on experience with:
  • SCA (Secure Cloud Access) - Azure & AWS privileged access models
  • SIA (Secure Infrastructure Access) - server and application access control
• Experience defining JIT (Just-in-Time) privileged access models
• Strong understanding of IAM/PAM integration (Entra ID, SailPoint, ServiceNow)
• Experience with DevSecOps/automation frameworks for PAM onboarding (CI/CD, APIs)
• Strong knowledge of credential vaulting, session management, and privileged identity life cycle
• Experience working in highly regulated environments (financial services, banking, insurance)

Highly Desirable

• CyberArk Sentry/Guardian level certification
• Experience delivering large-scale PAM transformation programmes
• Experience designing CyberArk Conjur/secrets management solutions
• Exposure to cloud-native security architecture patterns
• Experience with NIST or equivalent security governance frameworks

Additional Information

This is a high-profile programme within a globally recognised organisation operating critical financial infrastructure.

While the role is primarily remote, there may be a requirement for occasional on-site presence in London.

This role is Inside IR35

This role pays up to £950. However, they may be more for anyone exceptional who ticks all the boxes. TBC.