IAM Specialist-PKI and Key Management Operations

At EY, we’re all in to shape your future with confidence. 

We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. 

Join EY and help to build a better working world. 

IAM Specialist-PKI & Key Management Operations

Today’s world is fueled by vast amounts of information, which means that data is even more valuable than ever before. Protecting data and information systems is central to doing business, and therefore everyone in EY Information Security has an important role to play. Join a global team of almost 900 people who collaborate to support the business of EY by protecting EY and client information assets! Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond when things go wrong. Together, the efforts of our dedicated team help protect the EY brand and build client trust.

Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology service solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through secure solutions and information systems.

The opportunity

Identity and Access Management (IAM) organization, a part of Information Security which, enables over 330,000 individuals across 140+ countries to access systems and information securely. As a member of the Identity and Access Management (IAM) team this position will contribute towards execution of an IAM roadmap that meets security requirements, including but not limited to security for, a complex Active Directory (AD) environment, hybrid cloud deployment, mobile computing, policy driven security, SSO, identity lifecycle management, and federation focusing on multiple protocols.

We offer opportunities to develop new skills and progress your career receiving support, coaching and feedback from colleagues around the world. This role will give you an opportunity to work with some of the best talent in the industry!

Your key responsibilities

• Manage L3 Incidents, Service Requests and problems related to affected services
• Manage and maintain Public Key Infrastructure Document PKI and certificate management guidance for the company
• Responsible for infrastructure design and the planning and implementation of changes within the environment
• Sponsor changes to the infrastructure needed to support new and evolving services, technologies, and applications
• KPI analysis to identify patterns and trends and drive performance improvement
• Benchmarking, productivity, and quality control
• Ownership of process engineering and operational improvement initiatives including automation tooling
• Provide first line support to internal clients and member organization on EKMS.
• Support EKMS onboarding and offboarding processes for both cloud and on-premises applications
• Provide operational support and triage on HSM and EKMS during incident response.
• Support Azure Managed HSM (MHSM) onboarding operations as it relates to applications requiring TLS offloading.
• Under the supervision of EKMS Engineering, support the Firm’s day-to-day operations as it relates to on-premises applications requiring TLS offloading.
• Implement operational improvements as it relates to enterprise key management and HSM support.
• Maintain and update the enterprise key management documentation to support new business requirements.
• Support HSMs operations as it relates to Nginx and Windows Internet Information Services.
• Provide Level 1 and 2 support to end user related on key management which has a direct impact of the Recovery Time Objective (RTO).
• Escalate advance key management issues which has a direct impact on service delivery to EKMS Engineers or Vendors where necessary
• Maintain the operations runbook for HSM and EKMS deployments.
• Root cause analysis and service improvement solutions
• Provide cost-efficient, stable operations for the platforms and services in scope
• Align risk and control processes into day to day responsibilities to monitor and mitigate risk; escalates appropriately
• Produce accurate, brief and clearly written documents tailored to audience needs and expectations
• Flexibility to work in a 24*7 support structure.

Skills and attributes for success

• Excellent problem-solving skills
• Strong verbal and written skills to interact with global teams and customers
• Keep up on current technologies and maintain awareness of industry trends and threats, focusing on PKI technologies.
• Tangible, relevant, and demonstrable experience with PKI and specifically Microsoft PKI technology, integration with platforms and applications, and working with clients.
• Perform analysis of metrics for the purpose of making decisions around staffing, capacity, and processes.
• Experience in Key Management Operations related to Key Generation, Storage, Distribution, Rotation, Revocation and Destruction.
• Experience with at least one enterprise key management systems as well as cloud-based key management services.
• Operational experience working with two or more of the following protocols: TLS, PKI, HSMs, KMIP, Digital Certificate Management, Azure Key Vault, or transparent database encryption.
• Basic experience with FIPS 140-2 Level 3 compliance requirements and implementation.

To qualify for the role, you must have

• Degree in Computer Science or related field or equivalent work experience
• Fluent in English language – written and verbal
• Minimum of 5 years of experience with Public Key Infrastructure (PKI)
• Experience with key PKI technologies such as Microsoft Active Directory Certificate Services including Certificate Authority, NDES, and OCSP and HSMs
• 2 years’ experience in enterprise key management, HSM configuration, application layer encryption, and transparent data encryption.
• Understanding of digital certificate lifecycle management functions
• Broad understanding of the available PKI vendors and technologies offering technical solutions in the market
• Experience with case management tool, ideally ServiceNow

Ideally, you’ll also have

• Ability to plan, estimate, and deliver work independently.
• Solid understanding of change management processes and software suites
• Knowledge of enterprise authentication and web security

What we look for

We’re looking for a teammate who can collaborate globally with different regions and cultures with an open mind and a creative approach. Critical thinking and a problem-solving approach are vital traits to be successful in the role. An individual with strong customer service and communication skills.

What we offer

As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer:

• Continuous learning: You will develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way.
• Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs.

EY | Building a better working world

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.