CyberArk Technical Analyst
Function: Technology Location:
LDS, GB
Work Arrangement: Hybrid
Position Title: CyberArk Technical Analyst
Location: Remote/Hybrid
Reports to: Head of Identity & Access Management
ABOUT THE WELLA COMPANY
Together, WEenable individuals to look, feel, and be their true selves.
THE ROLE
At Wella IT, we partner with every part of the company, enabling effective and efficient business operations. in an international, multi-divisional environment.
Our main objective is to enable our business value through IT, following key operating principles:
1. Value for money – we strive for solutions and decisions that ensure our IT spend delivers value for money, i.e. we look to re-use, buy then build.
2. Speed and Agility – we embrace change and deliver agile solutions to reduce cost of change and respond quickly to business needs, e.g. maximize use of API without need to redesign.
3. Compliance – Our solutions will ensure ongoing regulatory and legal compliance to minimize business exposure to risk, i.e. security, data access, GDPR.
4. IT Operations – we ensure business operations are within agreed risks and costs parameters, i.e. Platform availability, solutions operation, disaster recovery.
We are currently recruiting an experienced CyberArk Technical Analyst who will provide thought leadership and design assurance for our CyberArk platform and privileged access management (PAM) services. The analyst will ensure a seamless and secure privileged access experience, working closely with application leads, strategic IT vendors, and end user compute teams.
The successful applicant will be experienced in operating within a diverse, global environment, with strong interpersonal skills and confidence engaging both Technical and Business Stakeholders (particularly in managing expectations and communicating clearly), as well as collaborating with globally distributed teams.
The role will drive best practice analysis and architecture/design for project delivery, alongside supporting BAU optimisation, platform hardening, service assurance, and compliance activities. The analyst will contribute to the delivery of CyberArk enhancements, onboarding, and continuous improvement initiatives to meet evolving business and security requirements.
KEY RESPONSIBILITIES
In this role your responsibilities will include:
Requirements and Design Oversight
5. Apply hands-on CyberArk/PAM engineering and operational expertise to support the production of pragmatic, implementable solution designs.
6. Review solution designs and proposed changes to privileged access controls, safes, platforms, policies and integrations to ensure requirements and security standards are met.
7. Engage with Cyber and IT teams to assess impacts/dependencies on CyberArk services.
8. Develop and implement CyberArk standards and usage patterns.
9. Produce key artefacts (functional/non-functional requirements, solution designs, onboarding patterns), or direct vendors on this.
10. Work closely with engineering teams and integration partners to troubleshoot, resolve or escalate issues early, particularly across integrations (e.g. AD, Entra, cloud).
11. Champion least privilege, zero standing access, and vaulting standards across the organisation.
Project Delivery
12. Capture and refine CyberArk-related requirements.
13. Contribute hands-on to project delivery (onboarding, configuration, integration).
14. Communicate effectively with stakeholders, balancing technical depth with business clarity.
15. Ensure solutions remain aligned to requirements through design, build, testing and production rollout.
16. Identify delivery risks and proactively implement mitigations.
Service Assurance & Continuous Improvement
17. Support service communications across Cyber, IT and end-user teams.
18. Build and enhance repeatable onboarding models, automation, and operational tooling for CyberArk adoption at scale.
19. Monitor CyberArk operations against defined controls (e.g. SOX, audit, privileged session management, credential rotation).
20. Ensure effective use, governance and optimisation of CyberArk components (e.g. PVWA, CPM, PSM where applicable).
21. Drive continuous improvement across platform performance, privileged access requirements, and user experience.
Controls & Compliance
22. Operate and enhance PAM policies, standards and control frameworks, acting as an SME for CyberArk-related controls.
23. Work with risk and control owners to identify and manage privileged access risks and toxic combinations.
24. Partner with application and service owners to ensure privileged access is onboarded, governed and compliant.
25. Support access reviews and recertification processes for privileged accounts.
26. Act as a key contact for internal/external audit, driving timely remediation of PAM-related findings.
ESSENTIAL SKILLS, EXPERIENCE & QUALIFICATIONS
27. Strong knowledge of CyberArk architecture, components, and security model (e.g. PVWA, CPM, PSM, Safes, Platforms), with understanding of underlying AD/Entra and infrastructure dependencies.
28. Experience with PAM-focused business analysis, including privileged access use cases, onboarding requirements, and control design.
29. Proven experience integrating CyberArk with enterprise systems (e.g. AD, Entra ID, cloud platforms, servers, databases, DevOps tools) to deliver privileged access management capabilities.
30. Strong business analysis skills, including requirements gathering, process mapping, and translating security needs into practical PAM solutions.
31. Excellent analytical and problem-solving skills, with the ability to diagnose complex privileged access and integration issues.
32. Strong communication skills.
33. Demonstrated ability to build effective relationships across engineering, security, and business teams.
34. Ability to work within structured delivery frameworks (Agile/Waterfall), while maintaining a pragmatic, delivery-focused mindset.
35. Familiarity with quality assurance and secure configuration practices for PAM platforms.
36. Relevant certifications preferred (e.g. CyberArk Defender/Sentry, or equivalent PAM/security certifications).
EDUCATIONAL BACKGROUND
37. Higher education (University degree) with an orientation in business / technology related fields
PROFESSIONAL EXPERIENCE
38. 7+ years professional experience in security and directory-related services.
39. Experience with CyberArk, ideally also AD/Azure and Sailpoint IGA.
40. Appreciation of SAP role design best practice and constraints.
41. Previous exposure to delivery & operations across PAM & IAM.
42. Knowledge of industry best practices and standards.
43. Experience of implementing robust control policies and procedures.
44. Strong understanding of privileged access principles, security frameworks, and compliance regulations.
45. Experience supporting audit activities.
MAJOR SKILLS AND COMPETENCIES
46. Strong team skills and MUST have a proactive / can do attitude.
47. Strong communication and problem-solving skills, ability to get buy in at all levels.
48. Ability to challenge, understand the perspectives of others and demonstrate active listening.
49. Can work independently and as part of a team in a fast-paced, dynamic environment.
50. Track record of driving change whilst ensuring alignment at every stage.
51. Excellent communication, presentation, and interpersonal skills, effectively collaborating with diverse stakeholders.
52. Ability to collect data and report blocking points.
53. Issue resolution and value realisation oriented.
WHAT WE OFFER
54. 25 days holiday + additional day off for your birthday (not including bank holidays)
55. 3 days’ personal leave for your own signification life events
56. 2 paid days off for volunteering/charity work
57. Optional Wella Pension Scheme (8% employer contribution, 3% employee contribution)
58. Optional Family Private Medical Insurance Cover
59. Income Protection
60. Life Insurance (8x base salary up to 2 million payable in the event of your death in service of Wella)
61. Staff Discount (80% of all hair products, 40% OPI, 1 x 50% ghd)
62. EAP (Employee Assistance Program)
63. Enhanced maternity, paternity, and adoption leave
64. Gym Benefits
65. Eye Tests
66. WOW Program (Bonus following exit from KKR, eligible after successful probation. For permanent employees only)
67. Workplace/Nursery Benefits
68. 4 weeks working remotely abroad
69. Early Friday Finish during Summer