EY
Cyber SDC - Privileged Access Management - Manager - Location OPEN
EY, Woodbridge, New Jersey, United States
Cyber SDC - Privileged Access Management - Manager
Location: Anywhere in Country
We’re all in to shape your future with confidence. Join EY and help to build a better working world. In an ever‑evolving IT landscape, EY is a beacon of trust for clients across diverse industries seeking reliable solutions to address risks and vulnerabilities. As a vital member of our Identity and Access Management (IAM) team, you will empower clients to comprehend and navigate complex Enterprise Identity environments. Your expertise will evaluate, enhance, and devise innovative solutions, processes, and policies to cater to each client’s unique IAM requirements. This is an opportunity to leverage both technical prowess and business acumen to drive our mission and make a significant impact on global cybersecurity.
Your Key Responsibilities
Develop privilege and secret access management controls for CyberArk, BeyondTrust, HashiCorp, and Delinea solutions.
Oversee the design and implementation of the privileged access and secret management solution.
Assist with the privilege and secret management requirement gathering and define the use cases at the enterprise level.
Configure and optimize discovery tools for privilege accounts, services, SSH keys, and tasks (CyberArk, HashiCorp, Delinea, BeyondTrust), including auto‑detection and auto‑onboarding.
Manage onboarding of target systems such as Windows, Linux, Unix accounts, databases (Oracle, MS SQL, Redis cache) and integration of DevOps solutions such as Ansible, Puppet, Jenkins, Kubernetes, OpenShift, GitHub, GitLab, Docker and Ansible platforms.
Knowledge of modern cloud vaults such as AWS Secrets Manager and Azure Key Vault.
Define and implement vaulting, rotation, and heartbeat policies for human and non‑human identities; enable SSH key and password rotation, check‑out/check‑in, dual control, and break‑glass.
Participate in the self‑service design and implementation of the privilege or secrets life cycle management using enterprise identity governance solutions (creation, management, certification, deletion).
Develop and establish governance processes for non‑human identity management.
Develop policies for end‑point management solutions including Windows workstations, Mac OS, Linux and Unix servers.
Skills And Attributes For Success
Proven experience in integrating, deploying, and configuring PAM and secret management technologies, with a strong focus on CyberArk (vault, privileged cloud, secure, infrastructure, endpoint access management and Conjur) and familiarity with other IAM solutions like Saviynt, SailPoint, Entra.
In‑depth knowledge of privilege access management frameworks and ability to offer guidance on their integration into existing applications.
Practical expertise in developing CyberArk technology tech stack, HashiCorp Vault, BeyondTrust and Delinea experience.
Proficiency in implementing, managing, and maintaining enterprise‑level privileged access management and secret management tools.
Solid understanding of enterprise directory services such as Active Directory, Azure AD, and LDAP, and experience implementing MFA and SSO solutions.
Strong problem‑solving and analytical skills, with the ability to translate business requirements into technical specifications and execute technical deliveries effectively.
A track record of delivering high‑quality client services and work products within expected timeframes.
Excellent documentation skills, including the creation of procedures, process documentation, and user documentation related to IAM applications.
To qualify for the role you must have
A bachelor’s degree in a related field and approximately 8 years of related work experience; or a graduate degree and approximately 3 years of related work experience.
Experience with PAM architecture and development within CyberArk, HashiCorp, or other PAM solutions.
Well‑versed and hands‑on experience with CyberArk Conjur and HashiCorp Vault usage and functionality.
A valid driver’s license in the US and/or a valid passport are required; willingness and ability to travel.
Ideally, you’d also have
Professional certifications in Identity & Access Management, such as CISSP, CISM, or specific vendor certifications like CyberArk CDE, HashiCorp Vault Certified Implementation Engineer.
Familiarity with additional IAM technologies and tools, including SailPoint, ForgeRock, Ping Identity, RSA, etc.
Knowledge of cloud‑based IAM solutions and experience working with cloud platforms like AWS, Azure, or Google Cloud.
Understanding of regulatory compliance frameworks and industry standards related to IAM, such as GDPR, HIPAA, NIST, or ISO 27001.
Prior experience in providing PAM services to clients from various industries, demonstrating versatility and adaptability in addressing diverse IAM challenges.
Strong interpersonal and communication skills, with the ability to collaborate effectively with clients and cross‑functional teams to present solution designs, options, and innovations.
What We Look For We’re interested in intellectually curious people with a genuine passion for cyber security. With your broad exposure across IAM, we’ll turn to you to speak up with innovative new ideas that could make a lasting difference not only to us – but also to the industry at large. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you.
What We Offer You
We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $106,800 to $194,800. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $128,000 to $221,500. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time‑off options.
Join us in our team‑led and leader‑enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40‑60% of the time over the course of an engagement, project or year.
Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well‑being.
Equal Employment Opportunity EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1‑800‑EY‑HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at ssc.customersupport@ey.com.
#J-18808-Ljbffr
We’re all in to shape your future with confidence. Join EY and help to build a better working world. In an ever‑evolving IT landscape, EY is a beacon of trust for clients across diverse industries seeking reliable solutions to address risks and vulnerabilities. As a vital member of our Identity and Access Management (IAM) team, you will empower clients to comprehend and navigate complex Enterprise Identity environments. Your expertise will evaluate, enhance, and devise innovative solutions, processes, and policies to cater to each client’s unique IAM requirements. This is an opportunity to leverage both technical prowess and business acumen to drive our mission and make a significant impact on global cybersecurity.
Your Key Responsibilities
Develop privilege and secret access management controls for CyberArk, BeyondTrust, HashiCorp, and Delinea solutions.
Oversee the design and implementation of the privileged access and secret management solution.
Assist with the privilege and secret management requirement gathering and define the use cases at the enterprise level.
Configure and optimize discovery tools for privilege accounts, services, SSH keys, and tasks (CyberArk, HashiCorp, Delinea, BeyondTrust), including auto‑detection and auto‑onboarding.
Manage onboarding of target systems such as Windows, Linux, Unix accounts, databases (Oracle, MS SQL, Redis cache) and integration of DevOps solutions such as Ansible, Puppet, Jenkins, Kubernetes, OpenShift, GitHub, GitLab, Docker and Ansible platforms.
Knowledge of modern cloud vaults such as AWS Secrets Manager and Azure Key Vault.
Define and implement vaulting, rotation, and heartbeat policies for human and non‑human identities; enable SSH key and password rotation, check‑out/check‑in, dual control, and break‑glass.
Participate in the self‑service design and implementation of the privilege or secrets life cycle management using enterprise identity governance solutions (creation, management, certification, deletion).
Develop and establish governance processes for non‑human identity management.
Develop policies for end‑point management solutions including Windows workstations, Mac OS, Linux and Unix servers.
Skills And Attributes For Success
Proven experience in integrating, deploying, and configuring PAM and secret management technologies, with a strong focus on CyberArk (vault, privileged cloud, secure, infrastructure, endpoint access management and Conjur) and familiarity with other IAM solutions like Saviynt, SailPoint, Entra.
In‑depth knowledge of privilege access management frameworks and ability to offer guidance on their integration into existing applications.
Practical expertise in developing CyberArk technology tech stack, HashiCorp Vault, BeyondTrust and Delinea experience.
Proficiency in implementing, managing, and maintaining enterprise‑level privileged access management and secret management tools.
Solid understanding of enterprise directory services such as Active Directory, Azure AD, and LDAP, and experience implementing MFA and SSO solutions.
Strong problem‑solving and analytical skills, with the ability to translate business requirements into technical specifications and execute technical deliveries effectively.
A track record of delivering high‑quality client services and work products within expected timeframes.
Excellent documentation skills, including the creation of procedures, process documentation, and user documentation related to IAM applications.
To qualify for the role you must have
A bachelor’s degree in a related field and approximately 8 years of related work experience; or a graduate degree and approximately 3 years of related work experience.
Experience with PAM architecture and development within CyberArk, HashiCorp, or other PAM solutions.
Well‑versed and hands‑on experience with CyberArk Conjur and HashiCorp Vault usage and functionality.
A valid driver’s license in the US and/or a valid passport are required; willingness and ability to travel.
Ideally, you’d also have
Professional certifications in Identity & Access Management, such as CISSP, CISM, or specific vendor certifications like CyberArk CDE, HashiCorp Vault Certified Implementation Engineer.
Familiarity with additional IAM technologies and tools, including SailPoint, ForgeRock, Ping Identity, RSA, etc.
Knowledge of cloud‑based IAM solutions and experience working with cloud platforms like AWS, Azure, or Google Cloud.
Understanding of regulatory compliance frameworks and industry standards related to IAM, such as GDPR, HIPAA, NIST, or ISO 27001.
Prior experience in providing PAM services to clients from various industries, demonstrating versatility and adaptability in addressing diverse IAM challenges.
Strong interpersonal and communication skills, with the ability to collaborate effectively with clients and cross‑functional teams to present solution designs, options, and innovations.
What We Look For We’re interested in intellectually curious people with a genuine passion for cyber security. With your broad exposure across IAM, we’ll turn to you to speak up with innovative new ideas that could make a lasting difference not only to us – but also to the industry at large. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you.
What We Offer You
We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $106,800 to $194,800. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $128,000 to $221,500. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time‑off options.
Join us in our team‑led and leader‑enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40‑60% of the time over the course of an engagement, project or year.
Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well‑being.
Equal Employment Opportunity EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1‑800‑EY‑HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at ssc.customersupport@ey.com.
#J-18808-Ljbffr