PAM Specialist

Role purpose
Reporting into the AVP - IT Security, this role will encompass defending Travelex against Cyber threats. This has a dependency on optimising our technology to be based on sound Cyber security principles for us to accurately manage and defend any such attack placed upon the organisation.

Cyber Security is seen as a key strategic pillar within the organization as the methods attackers use evolve Travelex recognises the requirement to remain dynamic in its defence against such threats. The purpose of this role is to lead all Information Security matters relating to Privileged Access management. The candidate will be required to provide technical expertise, guidance and support in the area of Privileged Access including the delivery of PAM services. The successful candidate will have a broad Infosec & governance knowledge, security monitoring, up to date know of threat landscape, ISO, GDPR, Cyber Essentials, Risk, Compliance and Governance.

At This Level, You Will

• be responsible for the overall strategy, planning, development & support of PAM solution and its associated processes.
• Work with the broader IT security, Cyber risk and compliance organization to interpret policies and standards, ensuring policies and standards are properly followed by new PAM solutions
• will provide overall implementation and direction into the Privileged Access Management (PAM) functions across the organization, including privileged access management, authentication & authorization, security and provisioning identity data.
• will work closely with Cyber Security, service desk, systems engineering, network security, audit, application developers and other administrators in creating functional, scalable and secure PAM operations.
• will also be responsible for identifying, evaluating and participating in decision making around new and emerging PAM technologies and will support other areas of Information Security as needed.
• have a deep and evolving level of technical expertise, so you can act as an exemplar.
• research, identify, validate, and adopt new technologies and methodologies.
• be a recognised expert and demonstrate this expertise by solving unprecedented issues and problems.
• further the profession, demonstrating and sharing best practice within and outside the organisation.

Key Accountabilities
Relationship management

• Develops and maintains robust relationships with key business stakeholders.
• Ensures the smooth integration of PAM solutions with various technologies.
• Raise awareness and profile of Cyber across the business at all levels.

Experience And Personal Qualities
Management information

• Writes and speaks fluently on all aspects of work and communicates effectively with all levels of management.
• Produces accurate, timely and relevant MI for the Head of Security Operations, CISO and the team as required.

Communication

• Writes and speaks fluently on all aspects of work and communicates effectively with all levels of management.
• Responsible for pro-active and regular communication with other areas of IT and the business
• Actively communicate and seek feedback from colleagues and customers.
• Play a participative part in Team Briefs.
• Be proactive in the provision of feedback and the delivery of ideas to develop and improve the PAM service.
• Ensure feedback to line manager outlining general activities of role and 'how we are doing'.

General

• Undertakes any necessary training associated with the duties of the post and participates in training and development procedures.
• Complies with all Company Health and Safety policies and legislation in the performance of their duties and responsibilities.
• Maintains confidentiality and observes data protection guidelines.
• Carries out any other reasonable duties commensurate with their capability.

Essential

• 8+ years Information Security experience with at least 6 of those years focused on Privileged Access Management.
• Strong understanding on Identity and privileged concepts within Infrastructure technologies including cloud.
• Experience in designing and implementing PAM solutions for enterprise organizations.
• Design, configure, and maintain PAM solutions for Linux and Windows tools.
• Experience with databases, LDAP and directory services, application servers, operating systems and network infrastructure.
• Strong understanding of Identity Lifecycle in regard to privileged accounts and how people use accounts.
• Demonstrate an advanced understanding of troubleshooting and configuring Privileged applications, Privileged ID Management, and API integrations.
• Establish PAM Security Strategy including provisioning, password management and access policies, SSH key management, API key management and reporting.
• Integrate PAM solution with various technologies.
• You will join the PAM project and be working with the IT Security, Cyber & IT to on-board systems and applications to the target state solutions (both process and technology).
• Experience in delivering PAM frameworks in large complex organisations, supporting senior members of the team in developing PAM operational changes, technology changes, and delivery plans.
• Experience in assessing, optimising, and implementing PAM related processes and technology, and reporting to various stakeholders bearing in mind both their technical and business requirements.
• Act as focal point for Privileged Access Management (PAM)
• Maintain and develop security standards and operational processes in relation to PAM

Desirable

• Strong verbal and written English communication. Ability to communicate effectively at all levels and to influence key stakeholders.
• Professional approach with a confident assertive style and sstrong interpersonal and presentation skills
• Ability to build & maintain strong relationships with peers and colleagues.
• High level of quality focus.
• A "Can Do" attitude
• Financial Services industry experience.
• Familiarity with ITIL concepts as incident, problem and change management
• Certification such as CISSP, CISM, CISMP, GCIH, CEH, CCNA Security, Security+, CHFI, etc.
• Working Knowledge of IT Security Compliance (PCI DSS, Data Protection Act, Sarbanes Oxley, ISO17799, etc)
• Bachelor's in computer science/IT/Electronics Engineering, M.C.A. or equivalent University degree
• Minimum of 4-6 years of experience in the IT security industry.