|
Strategic Activities
- PAM Architecture & Implementation: Lead the end-to-end design, deployment, and configuration of CyberArk components including EPV (Enterprise Password Vault), CPM (Central Policy Manager), PVWA (Password Vault Web Access), PSM (Privileged Session Manager), PSMP, AIM/AAM, and PTA (Privileged Threat Analytics).
- Onboarding & Safe Management: Manage the onboarding of privileged accounts (Windows, Unix/Linux, databases, network devices, cloud platforms) into CyberArk vaults, configure Safes, platforms, and Master Policy in alignment with organizational security standards.
- Session Management & Monitoring: Configure and manage Privileged Session Manager (PSM) for session recording, monitoring, and auditing of privileged user activity to support forensic investigations and compliance requirements.
- Credential & Secret Management: Implement and maintain CyberArk Application Identity Manager (AIM/AAM) and Secrets Manager for secure application-to-application credential management, eliminating hard-coded credentials.
- Security Policy Enforcement: Define and enforce least-privilege access controls, implement dual-control workflows, enforce password rotation policies, and ensure continuous alignment with CyberArk best practices and vendor recommendations.
- Incident Response & Threat Analytics: Utilize CyberArk PTA to detect, investigate, and respond to anomalous privileged access behaviour; collaborate with the SOC team on PAM-related security incidents.
- Integrations: Integrate CyberArk with enterprise SIEM, ITSM (ServiceNow), Active Directory/LDAP, MFA solutions, and ticketing systems to enable automated workflows and centralized visibility.
- Upgrades & Patching: Plan and execute CyberArk component upgrades, patching, and hotfix deployments with minimal operational disruption, following change management processes.
- Compliance & Audit Support: Produce evidence, reports, and documentation to satisfy internal and external audits (ISO 27001, SOC 2, PCI-DSS, NIST, etc.) related to privileged access management.
- Documentation & Knowledge Sharing: Maintain comprehensive technical documentation including runbooks, SOP guides, architecture diagrams, and training materials; mentor junior team members on PAM concepts and CyberArk tooling.
Any other additional responsibility could be assigned to the role holder from time to time as a standalone project or regular work. The same would be suitably represented in the Primary responsibilities and agreed between the incumbent, reporting officer and HR.
|
