Job Specifications
PAM (CyberArk) Architect - 2 days London/Hybrid - urgent!
Required Experience
IAM/PAM roles with 3+ years as a CyberArk Architect.
Hands-on experience designing and implementing: CyberArk Vault, PSM/PSMP, CPM and PVWA
Strong understanding of privileged account classification, credential rotation, session monitoring, and JIT models.
Experience onboarding:
Windows/Linux Servers
Databases
Network devices
Cloud services (AWS/Azure)
Experience integrating CyberArk with ServiceNow, SIEM, SSO, and enterprise directories.
Working on an Identity & Access Management (IAM) as part of an IT Controls Remediation programme delivering Privileged Access Management (PAM) with CyberArk and Identity Governance & Administration (IGA) with Saviynt. Further Integration with Workday (HR) as the authoritative source of identity and ServiceNow for access request workflows and operational processes.
You will define and deliver the end-to-end architecture for a major Privileged Access Management implementation. This includes design of the CyberArk CorePAS platform, onboarding strategy for privileged accounts, vaulting, session control, credential rotation, JIT access, and integration with enterprise systems including AD, Entra ID, ServiceNow, and infrastructure/security tooling.
The role will be responsible for ensuring strong security foundations, scalable platform design, privileged account discovery, and embedding operational processes aligned to enterprise security controls.
Architectural Design
Own the overall CyberArk architectural blueprint, covering:
Vault environment
PSM (Privileged Session Manager)
CPM (Credential Provider Manager)
Conjur or Alero (if applicable)
EPM (Endpoint Privilege Management)
JIT access and least privilege models
Produce architectural artefacts: HLD, LLD, data flow diagrams, platform topology.
Privileged Access Strategy
Define privileged account onboarding strategy and classification model.
Develop vaulting and credential rotation standards.
Create session monitoring and audit strategies.
Architect PAM operational model (day-to-day vault admin, break-glass, emergency access).
Integration Architecture
Integrate CyberArk with:
AD/Entra ID for authentication and group-based access
Windows/Linux/UNIX Servers
Databases, network devices, cloud platforms
ServiceNow for privileged access request workflows
SIEM/SOAR for alerting and monitoring
Define API integrations for application credential management.
Security & Governance
Ensure PAM design aligns to:
Zero Trust
NIST 800-53/800-63
CIS Controls
Internal SOX/ISO27001 requirements
Implement controls for least privilege, JIT elevation, and removal of standing privileges.
Technical Leadership
Act as the technical authority for PAM engineering teams.
Validate configurations, policies, platform hardening, and onboarding plans.
Define reusable design patterns for application onboarding.
Preferred Experience
CyberArk CDE/CPE/CIM certifications (highly desirable).
Experience in highly regulated environments (Banking/Insurance/Energy).
Knowledge of DevOps secrets management and modern cloud PAM patterns.
About the Company
Initialize is an innovative and specialist technology recruitment consultancy delivering exceptional levels of service to both clients and candidates alike.
Established with over four decades of combined experience in the marketplace, we are experts in sourcing high-quality IT and Digital candidates across multiple industry sectors UK-wide.
We pride ourselves in our ability to build long-term and highly successful relationships, always putting our clients and candidates first to deliver outstanding and reliable recruitment...
Know more