- Location: Switzerland - Basel – Remote
- Duration: 6 months
- Pay Rate: 500CHF – 550CHF per day
Overview
The role is responsible for establishing robust security controls for privileged identities, ensuring compliance with regulatory requirements, and embedding PAM as a core enterprise security capability.
The PAM SME will act as a technical authority, owning PAM architecture, policy definition, onboarding standards, and operational governance, and will work closely with Cyber Security, Infrastructure, IAM, and Application teams to drive adoption and continuous improvement.
Key Responsibilities
Strategy & Architecture
- Define and maintain the PAM architecture aligned with enterprise security strategy and Zero Trust principles.
- Develop and maintain PAM roadmaps, standards, and design patterns.
- Ensure PAM solutions integrate effectively with IAM, SIEM, directory services, and cloud platforms.
- Own PAM Tiering models and enforce Tier 0 protections.
Engineering & Implementation
- Lead PAM deployments and technical onboarding of:
o Service accounts
o Local administrator accounts
o Application and DevOps identities
- Design and configure:
o Session brokering and recording
o Just-in-Time access
o Secrets management
- Provide technical leadership for PAM upgrades, migrations, and platform consolidation.
Governance, Risk & Compliance
- Develop PAM policies, procedures, and control frameworks.
- Ensure alignment with security standards (e.g. ISO 27001, NIST, CIS Controls, GMP / GxP where applicable).
- Support audits, internal controls testing, and regulatory inspections.
- Own risk assessments related to privileged access and remediation planning.
Operations & Continuous Improvement
- Establish PAM operational models and procedures (runbooks and SOPs).
- Define service KPIs and performance metrics.
- Manage incident response activities involving privileged access compromise.
- Drive onboarding automation and self-service capabilities.
- Act as technical advisor to IT Security leadership and programme sponsors.
- Collaborate with application owners and infrastructure teams to onboard systems securely.
- Provide training, coaching, and knowledge transfer to operational teams.
- Support vendor management and product evaluations.
Essential Skills & Experience
Technical Expertise
- Deep expertise with at least one enterprise PAM platform (e.g. Delinea, CyberArk, BeyondTrust, One Identity, HashiCorp Vault).
- Strong Active Directory / Entra ID integration knowledge.
- Experience with Windows, Linux, Unix privileged account management.
- Understanding of networking, certificates, and identity security controls.
- SIEM integration and PAM alerting experience.
Professional Experience
- Proven experience as a PAM engineer, architect, or SME in a large enterprise environment.
- Experience designing Tier 0 / Tier 1 controls and identity security frameworks.
- Experience working with regulated environments (e.g. finance, healthcare, life sciences, manufacturing).
- Demonstrated ability to lead technical designs and influence stakeholders.
Soft Skills
- Strong communication and stakeholder management skills.
- Ability to translate technical controls into business risk language.
- Structured problem-solving approach.
- Capable of operating independently and leading workstreams.
Desirable Qualifications
- Certifications such as:
o Vendor certifications (CyberArk Defender, Delinea Specialist, etc.)
