Principal Privileged Access Management (PAM) Lead - CyberArk

Be part of a team that unleashes the power of leading-edge technologies to help improve the health and well-being of those most vulnerable in our country and communities. Working at Gainwell carries its rewards. You'll have an incredible opportunity to grow your career in a company that values work flexibility, learning, and career development. You'll add to your technical credentials and certifications while enjoying a generous, flexible vacation policy and educational assistance. We also have comprehensive leadership and technical development academies to help build your skills and capabilities.

Summary

We're looking for a hands-on PAM leader to own Gainwell's enterprise Privileged Access Management strategy and execution. This role will lead the end-to-end implementation and ongoing evolution of CyberArk across on?prem, cloud (AWS/Azure), and hybrid environments, establish PAM governance and controls, and partner across Infrastructure, Cloud, Identity, and Compliance teams to measurably reduce privileged risk while enabling the business.

Your role in our mission

• Define and lead Gainwell's enterprise Privileged Access Management (PAM) vision, roadmap, and operating model, including policies, standards, processes, and measurable KPIs.
• Establish strong PAM governance through steering committees, risk reviews, and exception handling, and communicate outcomes and risk reduction to executive stakeholders.
• Architect, deploy, and evolve CyberArk across on-prem, cloud (AWS/Azure), and hybrid environments, including Vault/EPV, PVWA, CPM, and PSM.
• Drive phased onboarding of privileged identities, starting with Tier 0 and high-risk accounts and expanding to server, endpoint, and cloud workloads, ensuring stable transition to steady-state operations.
• Implement least-privilege and just-in-time (JIT) access models, privileged elevation and delegation (PEDM), session isolation and auditing, and enterprise secrets management aligned to industry best practices.
• Define and enforce privileged access standards, including safe structures, credential rotation, break-glass procedures, and emergency access controls.
• Build and operate scalable PAM processes for onboarding/offboarding, approvals, periodic access reviews, credential lifecycle management, and incident response for privileged misuse.
• Strengthen regulatory readiness by ensuring auditability and evidence generation aligned to frameworks such as HIPAA, SOC 2, and NIST.
• Partner with Identity, Infrastructure, Cloud, and DevOps teams to integrate PAM into CIEM, ITSM, and automation workflows, reducing standing privileges and hard-coded secrets.
• Enable adoption and long-term success through training programs, stakeholder engagement, and hands-on leadership as the enterprise PAM subject matter expert.
• Manage strategic relationships with CyberArk and delivery partners, ensuring platform alignment, continuous improvement, and measurable value realization.

What we're looking for

• 10+ years of experience in Information Security or Identity, including 5+ years leading enterprise PAM initiatives
• Proven, hands-on experience designing, deploying, and operating CyberArk (Privilege Cloud or PAS on-prem), including Vault/EPV, PVWA, CPM, PSM, session recording, and platform/safe configuration
• Deep expertise in Active Directory/Azure AD, Windows and Linux systems, AWS and Azure environments, and SIEM integrations
• Strong understanding of least privilege, privileged elevation and delegation (PEDM), just-in-time (JIT) access, secrets management, and privileged session isolation
• Demonstrated ability to build and scale security programs, policies, governance models, and KPIs in complex, cross-functional environments
• Excellent communication, leadership, and change-management skills

Preferred qualifications include:

• CyberArk certifications (Defender, Sentry, Guardian, CDE) or equivalent credentials
• Experience transitioning PAM programs from large-scale rollout to steady-state operations
• Familiarity with regulated environments and audit evidence generation (e.g., HIPAA, SOC 2, NIST)
• Automation or scripting experience (PowerShell, Python) to support onboarding and integrations

What you should expect in this role

• Remote work environment
• Opportunities to travel through your work.

The deadline to submit applications for this posting is January 16, 2025.

The pay range for this position is $118,800.00 - $169,700.00 per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors. Put your passion to work at Gainwell. You'll have the opportunity to grow your career in a company that values work flexibility, learning, and career development. All salaried, full-time candidates are eligible for our generous, flexible vacation policy, a 401(k) employer match, comprehensive health benefits , and educational assistance. We also have a variety of leadership and technical development academies to help build your skills and capabilities.

We believe nothing is impossible when you bring together people who care deeply about making healthcare work better for everyone. Build your career with Gainwell, an industry leader. You'll be joining a company where collaboration, innovation, and inclusion fuel our growth. Learn more about Gainwell at our company website and visit our Careers site for all available job role openings.

Gainwell Technologies is an Equal Opportunity Employer, where all qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), age, sexual orientation, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.