IAM & PKI Tech Specialist

A critical cybersecurity Tech Specialist role responsible for the design, implementation, and operational excellence of enterprise-wide Identity & Access Management (IAM) and Public Key Infrastructure (PKI) systems. This role will ensure secure, compliant, and efficient identity services across global environments, with a focus on Active Directory (AD), Azure AD, CyberArk, SailPoint and PKI.

Key Responsibilities

1. Identity & Access Management Platform
   1. Define authentication and authorization reference architectures for existing and emerging IAM technologies.
   2. Drive global adoption of IAM standards across all IT systems.
   3. Enforce Garrett Cybersecurity Controls including access management, encryption, and logging within IAM reference architectures.
   4. Design and implement IAM solutions for both on-premise and cloud environments, ensuring scalability, reusability, and alignment with strategic business goals.
   5. Align IAM policies and standards with industry best practices and cloud adoption strategies.
   6. Champion identity solutions for digital transformation initiatives such as Data Lakes, eCommerce, and Factory Digitization
2. Privileged Account Management
   1. Design and deploy a Privileged Access Management (PAM) program to secure high-privilege accounts across global infrastructure.
   2. Onboard SOX-critical applications to CyberArk, ensuring ITGC compliance by design.
   3. Implement password vaulting for administrative accounts across all onboarded systems.
   4. Define a roadmap for elevated privilege management using the CIA triad (Confidentiality, Integrity, Availability).
   5. Develop and globally publish standards and controls for privileged access management.
3.  Single Sing-on and Access Governance
   1. Design and implement a unified second-factor authentication platform integrated with Garrett’s diverse technology stack.
   2. Architect secure Single Sign-On (SSO) systems resilient to common cyberattack techniques.
   3. Drive least privilege access control and implement automated access governance across the organization.
   4. Enhance the digital workspace experience with secure, seamless, and password-less authentication using Kerberos, certificates, and Windows Hello.
   5. Promote global collaboration by advancing technical security configuration architecture.
4. PKI
   1. Design, implement, and manage enterprise-wide PKI services to support secure communications, authentication, and data integrity.
   2. Oversee certificate lifecycle management, including issuance, renewal, revocation, and monitoring.
   3. Integrate PKI with device authentication, SSO, VPN, email encryption, and code signing.
   4. Ensure PKI systems meet compliance and audit requirements (e.g., NIST, ISO 27001).
   5. Collaborate with security and infrastructure teams to ensure high availability and scalability of PKI services.
   6. Evaluate and implement hardware security modules (HSMs) and cloud-based PKI solutions as needed.

5. Differentiated technology

   1. Research contemporary identity protection technologies, including Blockchain-based Identity Management.
   2. Define and execute a roadmap for decentralized identity services.
   3. Deploy risk-based dynamic access control using AI/ML-driven risk scoring to mitigate identity threats.
   4. Evaluate and implement device-based authentication to enhance endpoint-aware access validation.

    

 Education / Qualifications 

Bachelor’s degree in Information Technology or related discipline 

 

Experience

• 8-10 years of IT experience and 6 years of Identity Management. 
• Must have delivered 2 years as a senior technical specialist or technical lead supporting IAM/PKI platforms like AD, Azure AD, CyberArk, SailPoint and PKI.

 

Key Skills and Knowledge

1. Proficient in Active Directory, Azure AD, and PKI services.
2. Experience with SSO and MFA tools like Microsoft Hello, MFA, conditional access and identity protection. 
3. Hands-on experience with IAM platforms e.g. CyberArk, SailPoint for PAM, provisioning, and user lifecycle.
4. Familiarity with global security regulations, risk assessments, and compliance.
5. Skilled in service design, problem-solving, and operational execution.
6. Ability to translate business issues/requirements and objectives into action plans.
7. Strong leadership, interpersonal and communication skills (written and oral) with the ability to communicate at all organizational levels.
8. Ability to translate business issues/requirements and objectives into action plans.
9. Ability to promote strong teamwork in a global/regional operational support model.
10. Proficiency in performing risk, business impact, control, and vulnerability assessments using manual or automated tools.
11. Organized, responsive, and highly thorough problem solver.
12. Executing Service Design and implementation.

Garrett is a cutting-edge technology leader delivering differentiated solutions for emission reduction and energy efficiency. We are passionate about innovating for mobility and beyond. With a nearly 70-year legacy, we serve customer worldwide with passenger vehicle, commercial vehicle, aftermarket replacement, and performance enhancement solutions.