EY
Cyber SDC - Privileged Access Management - Manager - Location OPEN
EY, Charlotte, North Carolina, United States, 28245
Cyber SDC - Privileged Access Management - Manager
Location: Anywhere in Country
At EY, we’re all in to shape your future with confidence. This role focuses on designing, engineering, maintaining, and troubleshooting privileged access and secret management solutions across the IAM spectrum. You will work with IAM services to align security with business goals, manage access to resources, and enforce security policies. Collaborate with vendors to offer strategy, assessment, testing, and implementation of IAM solutions.
What you’ll do
Develop privilege and secret access management controls (CyberArk, BeyondTrust, HashiCorp, Delinea).
Oversee the design and implementation of the privileged access and secret management solution.
Assist with requirements gathering and define enterprise use cases for PAM/secret management.
Configure and optimize discovery tools for privilege accounts, services, SSH keys, and tasks (CyberArk, HashiCorp, Delinea, BeyondTrust), including auto-detection and auto-onboarding.
Manage onboarding of target systems (Windows, Linux, Unix), databases (Oracle, MS SQL, Redis cache), and integration with DevOps tools (Ansible, Puppet, Jenkins, Kubernetes, OpenShift, GitHub, GitLab, Docker).
Knowledge of cloud vaults such as AWS Secrets Manager and Azure Key Vault.
Define and implement vaulting, rotation, heartbeat policies for human and non-human identities; enable SSH key and password rotation, check-out/check-in, dual control, and break-glass.
Participate in self-service design and implementation of privilege/secret life cycle management (creation, management, certification, deletion).
Develop governance processes for non-human identity management and endpoint management policies (Windows, MacOS, Linux, Unix).
Skills and qualifications
Proven experience in integrating, deploying, and configuring PAM and secret management technologies, with a focus on CyberArk and familiarity with Saviynt, SailPoint, Entra.
Knowledge of PAM frameworks and integration into applications.
Experience with CyberArk, HashiCorp Vault, BeyondTrust, and Delinea.
Proficiency in enterprise PAM and secret management tools; directory services (Active Directory, Azure AD, LDAP); MFA and SSO.
Strong problem-solving and communication skills; ability to translate business requirements into technical specs.
Proven track record delivering high-quality client services on time; excellent documentation skills.
Qualifications
Bachelor’s degree (approx. 8 years related experience) or graduate degree (approx. 3 years related experience).
Experience with PAM architectures in CyberArk, HashiCorp, or other PAM solutions; CyberArk Conjur and HashiCorp Vault usage.
Valid US driver’s license or passport; willingness to travel.
Nice to have
IAM certifications (CISSP, CISM) or vendor certs (CyberArk CDE, HashiCorp Certified Implementation Engineer).
Familiarity with SailPoint, ForgeRock, Ping Identity, RSA; cloud IAM (AWS, Azure, GCP).
Knowledge of regulatory frameworks (GDPR, HIPAA, NIST, ISO 27001).
Experience delivering PAM services to diverse industries; strong client collaboration and presentation skills.
What we offer
Compensation and benefits package with salary ranges; total rewards including health coverage, pension, 401(k), PTO.
Hybrid work model: 40-60% in-person during engagements.
Flexible vacation policy and paid holidays; personal/family care time.
Are you ready to shape your future with confidence? Apply today. EY accepts applications on an ongoing basis. For California residents, click here for additional information. EY is an equal opportunity employer. If you need accommodations during the application process, contact EY Talent Shared Services.
Seniority level: Mid-Senior level
Employment type: Full-time
Job function: Information Technology
Industries: Professional Services
#J-18808-Ljbffr
At EY, we’re all in to shape your future with confidence. This role focuses on designing, engineering, maintaining, and troubleshooting privileged access and secret management solutions across the IAM spectrum. You will work with IAM services to align security with business goals, manage access to resources, and enforce security policies. Collaborate with vendors to offer strategy, assessment, testing, and implementation of IAM solutions.
What you’ll do
Develop privilege and secret access management controls (CyberArk, BeyondTrust, HashiCorp, Delinea).
Oversee the design and implementation of the privileged access and secret management solution.
Assist with requirements gathering and define enterprise use cases for PAM/secret management.
Configure and optimize discovery tools for privilege accounts, services, SSH keys, and tasks (CyberArk, HashiCorp, Delinea, BeyondTrust), including auto-detection and auto-onboarding.
Manage onboarding of target systems (Windows, Linux, Unix), databases (Oracle, MS SQL, Redis cache), and integration with DevOps tools (Ansible, Puppet, Jenkins, Kubernetes, OpenShift, GitHub, GitLab, Docker).
Knowledge of cloud vaults such as AWS Secrets Manager and Azure Key Vault.
Define and implement vaulting, rotation, heartbeat policies for human and non-human identities; enable SSH key and password rotation, check-out/check-in, dual control, and break-glass.
Participate in self-service design and implementation of privilege/secret life cycle management (creation, management, certification, deletion).
Develop governance processes for non-human identity management and endpoint management policies (Windows, MacOS, Linux, Unix).
Skills and qualifications
Proven experience in integrating, deploying, and configuring PAM and secret management technologies, with a focus on CyberArk and familiarity with Saviynt, SailPoint, Entra.
Knowledge of PAM frameworks and integration into applications.
Experience with CyberArk, HashiCorp Vault, BeyondTrust, and Delinea.
Proficiency in enterprise PAM and secret management tools; directory services (Active Directory, Azure AD, LDAP); MFA and SSO.
Strong problem-solving and communication skills; ability to translate business requirements into technical specs.
Proven track record delivering high-quality client services on time; excellent documentation skills.
Qualifications
Bachelor’s degree (approx. 8 years related experience) or graduate degree (approx. 3 years related experience).
Experience with PAM architectures in CyberArk, HashiCorp, or other PAM solutions; CyberArk Conjur and HashiCorp Vault usage.
Valid US driver’s license or passport; willingness to travel.
Nice to have
IAM certifications (CISSP, CISM) or vendor certs (CyberArk CDE, HashiCorp Certified Implementation Engineer).
Familiarity with SailPoint, ForgeRock, Ping Identity, RSA; cloud IAM (AWS, Azure, GCP).
Knowledge of regulatory frameworks (GDPR, HIPAA, NIST, ISO 27001).
Experience delivering PAM services to diverse industries; strong client collaboration and presentation skills.
What we offer
Compensation and benefits package with salary ranges; total rewards including health coverage, pension, 401(k), PTO.
Hybrid work model: 40-60% in-person during engagements.
Flexible vacation policy and paid holidays; personal/family care time.
Are you ready to shape your future with confidence? Apply today. EY accepts applications on an ongoing basis. For California residents, click here for additional information. EY is an equal opportunity employer. If you need accommodations during the application process, contact EY Talent Shared Services.
Seniority level: Mid-Senior level
Employment type: Full-time
Job function: Information Technology
Industries: Professional Services
#J-18808-Ljbffr