PKI Project Manager - Insurance
We are currently recruiting for a Project Manager with PKI Project experience to join one of our Global Insurance Clients on a 6 month contract.
Please note this role is Inside IR35.
January 2025 start and Hybrid working with 2 days in London.
Responsibilities:
Work with the PKIaaS Vendor professional services and colleagues to: -
- Develop a RACI, detailing the shared responsibility between the SaaS vendor and areas of responsibility.
- Aid in determining the need for an owned Certificate policy (CP) and Certificate Practice Statement (CPS), or whether leveraging the SaaS providers' will suffice. If the former, aid in its development.
- Provide best-practice advice in determining the CA infrastructure hierarchy, taking account of multiple tenants in Azure, as well as multi-cloud services in AWS and OCI.
- Work with colleagues and the PKIaaS vendors', to write the remote Root key generation (RKG) ceremony scripts, using a shared/split key model, and test the RKG at the DR site.
- Develop a set of controls and standard operational procedures for the secure implementation, integration, and management of the PKI certificate authorities and certificate lifecycle management services, to meet Standards and Control Objectives.
- The development of an appropriate RBAC model, ensuring implementation of a least-privilege access model, and the appropriate Separation of Duties and dual control for key CA and CLM operations. Working with IAM teams to define and ensure creation of the appropriate groups and entitlement access packages within Entra ID.
- Documented integration for key infrastructure for certificate issuance/lifecycle management.
- Produce technical design of the PKIaaS, CLM and licensed features such as SSH certificates
- Define and create IaC templates, that can be used by technology teams to facilitate the integration of the PKI and certificate lifecycle management with cloud deployed resources (Azure, AWS, OCI).
- Work with Security Defense team to identify security relevant alerts. Additional infrastructure elements (e.g. discovery scanners, CRL/OCSP) that need to be logged and alerted should be identified, including relevant events, to ensure critical components are monitored.
Skills and Experience Requirements
-
Work with management to agree priorities, detailed deliverables, and ensure successful delivery.
-
Provide a lead architecture/engineer resource, to manage backlog of partner deliverables and deliver to requirements.
-
Provide skilled resourced, as appropriate, to ensure success of deliverables.
-
For the delivery of operating procedures and controls resources will have experience of modern PKI CAs and CLM operating practices, processes and compliance requirements.
-
Alongside the experience/skills listed below, the partners' resources will have experience of working with development teams, IaC, using modern agile ways of working and a wide range of DevOps tooling.
-
At least, but not limited to, the following experience/skills to integrating PKI CA and CLM services and protocols with:
-
Cloud Service Providers resources - Azure (majority of cloud workload), AWS and OCI. This includes integration with cloud native vaults in Azure, AWS, and OCI, as well as HashiCorp Vault.
-
Services and protocols: SCEP, ACME, EST, OCSP and CRL, KMIP, CMPv2,
-
Certificate file formats: PEM, DER, PFX/PKCS#12, PKCS#7, PKCS#10, PKCS#11
If this role is of interest to you or you would like to learn more, please apply now!
Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.