Senior IAM Architect - PAM to support the modernization of their Privileged Access Management ([...]

Our valued crown corporation client is seeking a Senior IAM Architect - PAM to support the modernization of their Privileged Access Management (PAM) platforms, with a focus on CyberArk!

Initial 1-year, full-time contract with strong possibility of extension. % Remote, 37.5 hours per week (daytime hours required).

As the successful candidate, you will assist in the design, implementation, and migration of PAM capabilities, supporting internal applications and infrastructure teams. You will play a key role in enhancing CyberArk deployments and contributing to the broader Zero Trust security objectives.

• Support the design and implementation of PAM architecture for internal, containerized applications
• Collaborate with application and infrastructure teams to deliver credential retrieval services using CyberArk CCP and / or Azure Key Vault
• Define and document Role-Based Access Control (RBAC) frameworks and integration patterns for internally developed applications
• Assist in the modernization and migration of CyberArk platforms (on-premises and Privilege Cloud)
• Analyze existing CyberArk implementations to identify gaps, simplify architecture, and align with Zero Trust principles
• Assist in the deployment of CyberArk components including PSM, PVWA, PTA, CPM, Vault, and web sessions
• Support secure authentication integration with Microsoft MFA, FIDO2, and certificate-based methods
• Provide expertise in session recording, monitoring, and auditing privileged access
• Develop and document reusable integration patterns and architectural reference models
• Troubleshoot and resolve complex PAM and IAM issues in cross-functional environments
• Provide best practices, knowledge transfer, and recommendations to improve PAM governance

• 10+ years of experience in Identity and Access Management (IAM), with a strong focus on Privileged Access Management
• 5+ years of hands‑on experience with CyberArk solutions (on‑premises and / or Privilege Cloud)
• Demonstrated expertise with CyberArk components including Vault, PVWA, CPM, PSM, PTA, CCP, and web sessions
• Proven experience with CyberArk migrations (e.g., from on‑prem to Privilege Cloud)
• Strong understanding of secure authentication methods including SAML, OIDC, FIDO2 / WebAuthn, and PKI
• Demonstrated knowledge of RBAC frameworks for internally developed applications
• Solid technical experience with Docker / Kubernetes, REST / SOAP APIs, and data formats such as JSON / XML
• Strong documentation and communication skills for both technical and business audiences

• Experience working in Agile or DevOps environments
• Cyber Security certifications such as CISSP, GIAC
• Experience in the banking sector and / or government organizations
• Experience integrating IAM with SailPoint or Microsoft Entra ID