Senior Lead IAM Keychain Operations

Job Description (JD): Senior Lead IAM Keychain Operations

Role Summary

The Senior Lead IAM Keychain Operations will own and lead day-to-day operations for enterprise key and certificate lifecycle management, ensuring secure, reliable, and compliant handling of cryptographic keys, certificates, secrets, and related IAM integrations. This role will drive operational excellence, incident/problem management, automation, and continuous improvement across keychain services supporting critical business applications.

______________

Key Responsibilities

Leadership & Operations Management

Lead the IAM Keychain Operations team, providing direction, coaching, performance management, and workload prioritization.

Own operational KPIs/SLAs/SLOs for key and certificate services (availability, turnaround time, renewal success rate, incident reduction).

Establish and maintain runbooks, SOPs, on-call rotations, and escalation paths.

Key/Certificate Lifecycle & Cryptographic Services

Oversee end-to-end lifecycle management for:

TLS/SSL certificates (issuance, renewal, revocation, rotation)

Encryption/signing keys (generation, storage, rotation, decommissioning)

Secrets management (application secrets, API keys, tokens where applicable)

Ensure secure key handling practices aligned with enterprise standards (HSM-backed keys where required).

Manage integrations with PKI, internal/external CAs, HSMs, KMS platforms, and secret vault technologies.

Security, Risk, and Compliance

Ensure adherence to security policies and regulatory requirements (e.g., PCI-DSS, SOX, ISO 27001, SOC2-based on company context).

Drive periodic access reviews, audit evidence collection, and remediation of findings.

Partner with Security Architecture/GRC teams to implement controls and reduce cryptographic and identity-related risk.

Incident, Problem, and Change Management

Act as escalation lead for major incidents related to certificates, keys, HSM/KMS, or secret vault outages.

Lead root cause analysis (RCA) and implement preventive actions to reduce recurrence.

Govern changes through CAB/Change Management processes, ensuring minimal disruption and strong rollback planning.

Automation & Continuous Improvement

Identify opportunities to automate certificate renewals, key rotations, provisioning workflows, and reporting.

Drive infrastructure-as-code and CI/CD enablement for keychain services.

Improve observability: monitoring, alerting, dashboards, and proactive expiry/rotation notifications.

Stakeholder & Vendor Management

Partner with application teams, platform engineering, cloud teams, and security teams to onboard services and ensure best practices.

Manage vendor relationships (CA providers, HSM vendors, KMS providers) including support escalations and roadmap alignment.

Communicate operational status, risks, and roadmap progress to leadership.

______________

Required Qualifications

8 12+ years in IAM/security operations, platform operations, or security engineering with strong focus on cryptographic services.

Hands-on experience managing certificate lifecycle at scale and preventing certificate expiry incidents.

Strong knowledge of:

PKI concepts (CAs, CRLs/OCSP, certificate chains, mTLS)

Key management practices (rotation, escrow policies, separation of duties)

HSM/KMS/Secrets platforms (enterprise or cloud-based)

Experience leading teams (people management and/or technical leadership).

Strong incident management and RCA experience in production environments.

Experience in Change management(Incident/Problem/Change).

______________

Preferred Qualifications

Experience with cloud KMS services (AWS KMS, Azure Key Vault, Google Cloud Platform KMS) and hybrid enterprise PKI.

Experience with secret management tools (HashiCorp Vault, CyberArk, Azure Key Vault Secrets, etc.).

Scripting/automation skills (Python, PowerShell, Bash) and API-based integrations.

Experience implementing monitoring/alerting for certificate expiry and key rotation compliance.

Security certifications (nice to have): CISSP, CISM, Security+, CCSP, vendor-specific certs.

______________

Key Skills & Competencies

Operational leadership and stakeholder management

Strong risk-based decision making

Ability to translate security requirements into scalable operations

Documentation discipline (runbooks, SOPs, audit evidence)

Automation mindset and continuous improvement orientation