The Role
As an Access Management Delivery Lead. You will be responsible for the day‑to‑day delivery and
stability of IAM and PKI services across the enterprise. This includes overseeing user lifecycle
management, access provisioning and de‑provisioning, privileged access operations, authentication services and digital certificate lifecycle in line with defined SLAs and security standards. You will work closely with service desks, different application owners, infrastructure teams, security stakeholders and customer Access Management team to ensure timely access delivery, issue resolution, and minimal service disruption.
Key responsibilities:
* Act as a key operational contact within the Access Management Delivery, owning IAM and PKI service delivery for customer delivery tower
* Lead and assure operational adoption of cloud‑first and Zero Trust principles, including certificate‑based identity and trust models
* Oversee and support delivery of core IAM capabilities, including:
o Conditional Access policies
o Authentication services (MFA, SSO, application onboarding)
o Joiner, Mover, Leaver (JML) lifecycle processes
o User and entitlement provisioning and de‑provisioning
o Access request and approval workflows
o Privileged Access Management (PAM)
o Access governance, certifications, and periodic access reviews
o Role‑Based Access Control (RBAC)
o Management of internal, external, B2B, and B2C identities
* Own and manage PKI and certificate services operations, including:
o Certificate issuance, renewal, rotation, and revocation
o Management of internal and external Certificate Authorities (CAs)
o TLS/SSL certificates for applications, infrastructure, APIs, and services
o Integration of certificates with authentication, device trust, and application security
o Certificate lifecycle monitoring and proactive expiry management
o Compliance with cryptographic standards, policies, and audit requirements
* Collaborate with SOC, Cloud, Application, Network, and Platform teams to resolve IAM and PKI‑related incidents and service issues
* Lead and manage IAM and PKI service requests, incidents, and changes in line with ITIL processes and SLAs
* Track and assure delivery of IAM and PKI initiatives from an operational readiness and stability perspective
* Create and maintain IAM and PKI operational documentation, including SOPs, runbooks, lifecycle processes, and support models
* Develop and maintain IAM and PKI policies, standards, and control procedures aligned with organizational governance.
* Guide and manage the IAM & PKI BAU team working on Entra ID, SailPoint and Digital Certificate Lifecycle Management tools stack (onsite/offshore)
Your Profile
Essential skills/knowledge/experience:
* Strong experience providing IAM and PKI operational guidance, assurance, and hands‑on delivery across enterprise and cloud environments
* Proven customer‑centric mindset, ensuring identity, access, and certificate services are secure, reliable, and compliant with business and regulatory needs
* Acts as an operational SME and escalation point for IAM and PKI services within the security function
* Solid technical expertise across Microsoft identity platforms and certificate technologies (Azure AD / Entra ID, Active Directory Certificate Services, GlobalSign, Azure Key Vault, SailPoint)
* Practical experience implementing cloud‑first and Zero Trust principles, including certificate‑based authentication and device trust models
* Strong capability in identifying IAM and PKI risks, control gaps, certificate lifecycle issues, and non‑compliances, with implementation of mitigating controls
* Hands‑on experience with authentication services including SSO, MFA, certificate‑based authentication, and enterprise / bespoke application integrations
* High attention to detail, particularly across access provisioning, certificate issuance, renewals, rotations, and revocations
* Clear communicator, able to translate IAM and PKI concepts into business‑appropriate language
* Good working knowledge of ITIL service management (Incident, Change, Request, Problem)
* Awareness of governance frameworks and standards such as ISO/IEC 27001, NIST, COBIT, and ITIL
* Understanding of regulatory and compliance requirements impacting IAM and PKI (e.g. GDPR, PCI‑DSS, PII)
Desirable Certification:
* AZ‑900 – Microsoft Azure Fundamentals
* SC‑300 – Microsoft Identity and Access Administrator
* SailPoint Identity Security Leader
* SC‑100 – Cybersecurity Architect
* AZ‑500 – Azure Security Engineer
* CISSP