Security Architect (PKI/Key Management)

Security Architect (PKI/Key Management) - Hybrid in Dallas, TX OR Tampa, FL (Direct-hire/FTE) Optomi, in partnership with a client in the financial services space is looking to add a Security Architect to their growing team The Security Architect over PKI & Secrets Security is responsible for comprehensive review of the existing public key infrastructure and secrets management capabilities for on-premises, client, and cloud. The PKI Security Architect will inspire changes in existing control standards, create new IT security standards that are easily consumed by stakeholders, build specific security patterns & diagrams, and own the roadmap. This role is looking for someone who is comfortable working in a hybrid setting with 2-3 days per week in office. Responsibilities: Create and drive the internal and client PKI security and secrets management capability roadmap within IT Inspire change of control policies with IT Risk Management Create IT security standards and drive best-practices Own the enterprise-wide PKI architecture including HSMs - Hardware Security Modules, CAs - Certificate Authorities, CLM - Certificate Lifecycle Management. Proactively identify access management gaps and partner with app dev teams for remediation Design processes and workflows for generation, rotation and revoking certificates. Identify automation opportunities for certificate lifecycle. Act as the domain specialist to help guide and craft how certificate management services are enabled. Design new certificate management services, integrations, and technologies. Mentor junior security architects to improve their security and architecture skills within the team. Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks. Align risk and control processes into day-to-day responsibilities to supervise and mitigate risk; calls out appropriately. Qualifications: MAIN: Experience with KeyVault, IAM, Secrets management, SSL certificate management concepts, processes, and solution management and experience in building Certificate Policy (CP) and Certificate Practice Statements (CPS). Bachelor's degree and/or equivalent experience Minimum of 8 years of related experience Strong Information Security experience, specifically in PKI/Cryptography (on premise and cloud) & Secrets management. In-depth knowledge of Certificate Lifecycle Management including certificate revocation list (CRLs) standard processes. Hands-on experience with 2 vendors such as: Venafi, Hashicorp, Microsoft, Thales, Gemalto (SafeNet HSM), DigiCert, Hitachi (HiPAM). Expertise with Online Certificate Status Protocol (OCSP) infrastructure, Hardware Security Modules (HSM), CMS Enterprise, Venafi Trust Protection Platform, and Venafi TrustNet software suites. Experience with Information Security frameworks (e.g. ISO 27001 and NIST) & security architecture frameworks. Deep technical writing skills to support required documentation. Demonstrated ability to collaborate between product management, engineering, risk, and IT teams. Has good communication skills with the ability to communicate in front of a large audience.