The IAM/PAM Consultant is responsible for designing, assessing, and improving identity and access control frameworks, with a focused emphasis on privileged access management. This role defines the target-state architecture for both IAM and PAM environments and drives the implementation of secure, compliant, and operationally sound access practices across the organization.
Key Responsibilities
-
Architecture & Design
-
Design the target-state architecture for Identity & Access Management (IAM) and Privileged Access Management (PAM), with particular focus on high-risk privileged access scenarios.
-
Define onboarding standards and integration requirements across directory services, MFA, and Single Sign-On (SSO) platforms, including end-to-end access lifecycle processes.
-
Privileged Access Operations
-
Establish operational baselines for privileged access governance, covering password and key vaulting, credential rotation, approval workflows, session control and recording, and emergency "break-glass" access procedures.
-
Define a secure approach for third-party and OEM privileged access, including vendor remote access controls and governance frameworks.
-
Assessment & Compliance
-
Assess current IAM/PAM configurations against industry best practices and NCA ECC (Essential Cybersecurity Controls) requirements.
-
Identify gaps and deliver clear, prioritized remediation actions with practical implementation guidance.
-
Monitoring & SOC Integration
-
Define monitoring requirements and alert use-cases for integration with SOC/SIEM platforms, including detection of privileged misuse, anomalous access patterns, and high-risk behavior indicators.
-
Documentation & Knowledge Transfer
-
Produce comprehensive configuration guides, Standard Operating Procedures (SOPs), and technical documentation for IT and security teams.
-
Deliver structured training and knowledge transfer sessions to ensure operational teams can sustain and manage the implemented controls.
Requirements-
Proven experience in IAM/PAM design and implementation within enterprise environments.
-
Hands-on experience with leading PAM platforms (e.g., CyberArk, BeyondTrust, Delinea/Thycotic).
-
Strong understanding of directory services (Active Directory, LDAP), MFA solutions, and SSO protocols (SAML, OAuth, OIDC).
-
Familiarity with NCA ECC and regional cybersecurity compliance frameworks.
-
Experience integrating PAM monitoring with SIEM/SOC environments.
-
Ability to produce clear technical documentation and deliver knowledge transfer to diverse audiences.