Global PKI and Secrets Management

Job Description Summary

The Global PKI and Secrets Management Lead is responsible for designing, implementing, and maintaining the organization’s Public Key Infrastructure (PKI) and secrets management systems. This role ensures the secure storage, access, and management of sensitive credentials and cryptographic keys across all environments.

 

Job Description

Major Accountabilities (Describe the main results of the job to be achieved)

• Lead and deliver the design, engineering, and implementation of PKI and Secrets management including but not limited to:
  • Establish and enforce policies for managing secrets, such as passwords, API keys, and encryption keys, to ensure they are stored, accessed, and rotated securely.
  • Implement and maintain a centralized secrets management system to consolidate and secure all secrets across various environments and platforms.
  • Automate the rotation and management of secrets to minimize human error and ensure seamless integration with development pipelines and cloud services1.
  • Enforce the principle of least privilege by ensuring that only authorized users and systems have access to secrets, reducing the risk of unauthorized access.
  • Continuously monitor the use of secrets and conduct regular audits to detect and respond to any unauthorized access or anomalies.
  • Work closely with various teams, including DevOps, security operations, and application development, to ensure best practices are followed and provide training on secure secrets management.
  • Ensure that secrets management practices comply with relevant regulations and standards, and manage risks associated with the exposure of sensitive information1.
  • Make strategic design decisions related to solution design
  • Maintain PKI infrastructure and functionalities by considering latest security trends into the key design and storage strategy, ensuring a future-proof setup
  • Ensure High availability and scalability of solutions
  • Define and Implement Break glass and disaster recovery processes
  • Integrate PAM and PKI solutions with broader IAM and IT interfaces such as
• Conduct internal assessments and analyse the results at least once each year about the 'health check' of the Secrets and PKI solutions
• Participate in vendor selection, Contract negotiation with technology vendors and service providers
• Responsible to maintain and transition the design and configuration changes to operations team
• Act as escalation point for major incidents and guide operations team in resolving active incidents
• Clearly and confidently communicate technical concepts and risks to senior decision-makers across the organization

Ideal Background (State the minimum and desirable education and experience level)

Education:

• University degree or equivalent experience in computer science, engineering or information technology or another relevant field

• Certification or accreditation in Information Security (CISM, CISA, CISSP, MS Azure, ITIL, etc.)

Languages:            

• Fluent in written and spoken English

Experience and Skills:                              

• Minimum of 8+ years in IT security roles, with a significant portion dedicated to PKI and secrets management1.
• Experience in roles such as PKI Engineer, Security Engineer, or Systems Administrator with a focus on cryptography and key management.
• In-depth knowledge of PKI concepts, digital certificates, encryption algorithms, and key management practices.
• Strong understanding of cryptographic principles and practices, including the use of hardware security modules (HSMs) and secure programming.
• Experience with automation tools and scripting languages (e.g., PowerShell, Python) to streamline PKI and secrets management processes.
• Excellent verbal and written communication skills to effectively collaborate with technical and non-technical stakeholders.
• Strong analytical and problem-solving skills to address complex security challenges.
• Ability to lead and mentor junior team members, manage projects, and drive security initiatives.

 

Skills Desired