Etonwood logo

PAM Architect/CyberArk Architect - CONTRACT

Etonwood
3 hours ago
Contract
Remote friendly (London)
United Kingdom

PAM Architect/CyberArk Architect - CONTRACT
Initial contract through to 31st December
Predominantly remote with occasional visits to London
£700 - £750 p/d (umbrella/inside IR35)

Global Financial Services institution seeking an experienced PAM Architect to lead the design and delivery of a large-scale Privileged Access Management (PAM) transformation programme. The role will focus on defining target architecture, integration patterns, and operational frameworks for a cloud-first PAM solution (CyberArk SaaS), within a complex enterprise environment.

Key Deliverables:

  • Define end-to-end PAM target architecture (CyberArk SaaS) including JIT access, session management, resilience, and security models

  • Design integration architecture across IAM and enterprise tooling (eg identity platforms, ITSM, logging/monitoring)

  • Produce cloud privileged access models for AWS and Azure environments

  • Develop PAM design patterns to support scalable onboarding and automation

  • Deliver data protection & retention models (recording, encryption, compliance)

  • Validate capacity & licensing models (large-scale user and environment growth)

  • Produce full architecture documentation (HLD, LLD, connectivity, identity models)

  • Define automation & onboarding frameworks (CI/CD, deployment patterns)

  • Support operational design, including break-glass access and secret management

  • Establish testing & validation frameworks and success criteria

  • Drive governance approvals (risk, controls, audit, NIST alignment)

  • Deliver implementation roadmap and phased rollout approach

  • Define coexistence/migration strategy from Legacy PAM solutions

Required Skills & Experience:

  • Proven experience as a PAM Architect/Lead IAM Architect on enterprise programmes

  • Strong expertise in CyberArk (preferably SaaS/Privilege Cloud)

  • Experience designing JIT access models, session management, and privileged access controls

  • Deep understanding of cloud platforms (AWS & Azure) and privileged access patterns

  • Strong integration experience across:

    • Identity platforms (eg Entra ID, SailPoint)

    • ITSM tooling (eg ServiceNow)

    • Monitoring/logging platforms (eg Splunk, Datadog)

  • Experience producing enterprise architecture artefacts (HLD/LLD, design packs)

  • Knowledge of security frameworks & controls (eg NIST, governance, audit)

  • Experience in large-scale environments (10k+ users, multi-cloud, global estates)

  • Strong stakeholder engagement across security, architecture, and operations teams