IAM & PAM Lead Analyst at Apex Group

The Role:

• The IAM & PAM Lead Analyst is a key position within the Information Security function, responsible for leading the strategy, implementation, and ongoing management of Apex’s Identity & Privileged Access Management (IAM & PAM) frameworks.
• This role covers both user identity lifecycle and privileged access governance across the organization.
• It will report directly to the Identity & Privileged Access Manager and work closely with global stakeholders in IT, Security, Risk, and Compliance.

Key duties and responsibilities:

Identity & Access Management (IAM)

• Lead operational IAM activities, including joiner-mover-leaver processes, access provisioning, role-based access control (RBAC), and periodic access reviews.
• Collaborate with IT and HR systems to ensure alignment and automation of identity lifecycle workflows.
• Participate in IAM governance efforts and help design access policies and controls for both enterprise and cloud applications.
• Support continuous improvement and maturity of IAM processes and tools.

Privileged Access Management (PAM)

• Oversee the privileged access lifecycle for critical systems, including administration of Apex’s enterprise PAM solution (CyberArk).
• Drive the global implementation and optimisation of PAM tools, controls, and automation.
• Maintain the integrity of privileged access processes including provisioning, session monitoring, credential management, and access certifications.
• Identify, assess, and remediate risks associated with privileged access.
• Lead audits and compliance reviews related to privileged and elevated access.
• Create and maintain PAM policies, standards, and operational documentation.
• Provide guidance and mentorship to regional teams and end-users on PAM best practices.

Experience and Knowledge:

• 5–8 years of experience in Identity and Access Management, with a strong focus on Privileged Access Management.
• Deep understanding of IAM/PAM principles, role-based access control, authentication methods, and zero-trust architecture.
• Demonstrated expertise with CyberArk.
• Experience leading PAM deployments in large, complex environments.
• Strong familiarity with Active Directory, Azure AD, LDAP, SAML, OAuth, and cloud access management.
• Experience in the financial services or highly regulated industry is a strong advantage.
• Strong stakeholder engagement skills, including experience working across IT, InfoSec, and business teams.
• High attention to detail, well-organised, and effective at managing competing priorities.
• Excellent verbal and written communication skills in English.
• CyberArk Defender, CyberArk Sentry or relevant certifications such as CISSP, CISM and CIAM will be encouraged.