Qureos

Find The RightJob.

IAM / PAM Design Expert - Riyadh, KSA

The IAM/PAM Consultant is responsible for designing, assessing, and improving identity and access control frameworks, with a focused emphasis on privileged access management. This role defines the target-state architecture for both IAM and PAM environments and drives the implementation of secure, compliant, and operationally sound access practices across the organization.

Key Responsibilities

  • Architecture & Design
    • Design the target-state architecture for Identity & Access Management (IAM) and Privileged Access Management (PAM), with particular focus on high-risk privileged access scenarios.
    • Define onboarding standards and integration requirements across directory services, MFA, and Single Sign-On (SSO) platforms, including end-to-end access lifecycle processes.
  • Privileged Access Operations
    • Establish operational baselines for privileged access governance, covering password and key vaulting, credential rotation, approval workflows, session control and recording, and emergency "break-glass" access procedures.
    • Define a secure approach for third-party and OEM privileged access, including vendor remote access controls and governance frameworks.
  • Assessment & Compliance
    • Assess current IAM/PAM configurations against industry best practices and NCA ECC (Essential Cybersecurity Controls) requirements.
    • Identify gaps and deliver clear, prioritized remediation actions with practical implementation guidance.
  • Monitoring & SOC Integration
    • Define monitoring requirements and alert use-cases for integration with SOC/SIEM platforms, including detection of privileged misuse, anomalous access patterns, and high-risk behavior indicators.
  • Documentation & Knowledge Transfer
    • Produce comprehensive configuration guides, Standard Operating Procedures (SOPs), and technical documentation for IT and security teams.
    • Deliver structured training and knowledge transfer sessions to ensure operational teams can sustain and manage the implemented controls.

Requirements
  • Proven experience in IAM/PAM design and implementation within enterprise environments.
  • Hands-on experience with leading PAM platforms (e.g., CyberArk, BeyondTrust, Delinea/Thycotic).
  • Strong understanding of directory services (Active Directory, LDAP), MFA solutions, and SSO protocols (SAML, OAuth, OIDC).
  • Familiarity with NCA ECC and regional cybersecurity compliance frameworks.
  • Experience integrating PAM monitoring with SIEM/SOC environments.
  • Ability to produce clear technical documentation and deliver knowledge transfer to diverse audiences.

© 2026 Qureos. All rights reserved.