Privileged Access Management Manager

Privileged Access Management Manager

What this role is about?

This role drives the implementation and continuous improvement of identity governance across the enterprise, with a focus on AD/Azure Entra ID and Privileged Access Management (CyberArk). It extends Global Identity Governance and Administration processes into BAU, administers and enhances PAM, aligns configurations with core systems (SAP HR, ServiceNow, Linux), and deploys RBAC/ABAC with automation. The role documents and enforces security controls, promotes a risk-aware security culture, delivers stakeholder training, and provides detailed project plans and status updates to ensure secure, compliant, and efficient access management.

What will you do?

• Lead end‑to‑end security design from project inception to go‑live: capture requirements, design and test application security for Development/Quality/Production, and plan risk‑aligned controls
• Define and maintain baseline security recommendations aligned with best practices, corporate policies, and expert input; support testing and cutover activities
• Ensure high‑quality documentation that bridges business and technical language for application roles and PAM authorizations; curate knowledge base articles and develop/deliver training to drive GIGA principles adoption
• Administer and support AD/Azure Entra ID and PAM (CyberArk); design IGA/PAM role architecture and synchronize with the enterprise landscape; support IAG AD operations
• Build strong business partnerships to promote a risk‑driven security culture; engage stakeholders (e.g., service desk, SAP security, financial controls, IT, markets), resolve design issues, and drive process/role simplification
• Manage project execution within scope: communicate progress, escalate risks/delays, run request–spec–build–test–document cycles, and coordinate on‑site/off‑site/global IT teams
• Establish and operate controls and monitoring: implement PAM rulesets, optimize risk analysis and automated provisioning, keep roles aligned to business processes, and ensure audit readiness

What are we looking for:

• University degree or equivalent
• 3+ years’ experience with standard infrastructure components: AD, Azure EntraID, Windows/Linux/Unix servers, databases and server administration; PAM/IAM/SAP design/architecture experience is a plus; cyber security experience preferred
• Strong IT infrastructure administration understanding; working knowledge of AD/EntraID preferred; PowerShell scripting is a plus
• Working knowledge of PAM (CyberArk) interfaces and ServiceNow preferred; configuration experience in SAP security modules is a plus
• Proven experience planning and executing security/authorization cutover activities for project go‑lives; risk‑oriented mindset
• Detailed knowledge of application/role testing, test procedures, and test scenarios; ITIL working knowledge
• Operational, detail‑oriented, with good interpersonal skills; able to listen and understand end‑user issues
• Effective cross‑functional collaboration with Global Service Desk, Business Technology Support, Development, SAP Basis, Data Center teams; resilient under pressure and in diverse teams
• Preferred certifications/training: IAM, PAM, AD/Azure AD/EntraID administration, Linux, Security certifications (CISM, CISA, CISSP), TOGAF, or other relevant information security certifications
• Good written and spoken English

What are the next steps – Recruitment Process:

Thank you very much for your interest in the role. We will make sure every candidate will receive a reply within 2 weeks after the application deadline.