Overview As a PAM Analyst, within IAM team, the person will be responsible for support and maintenance of PepsiCo Privileged Access solution by keeping upgrades and patches current, troubleshooting and resolving issues with the associated tools & support functions. This role will be an individual contributor role. Responsibilities Provide Ops Support and contribute in the management of PAM Solution as detailed below: Maintain DEV, ITE, and PROD environments Ensure all environments are on the latest stable patches for all layers (application, OS, and Security) Ensure all environments are healthy, accessible, and functional Support hardware and software refreshes/upgrades coordinating with appropriate teams Partner with vendors as appropriate on issues Drive participation in the myPAM onboarding process to ensure privileged accounts are managed appropriately, and password change requests are completed on time Implement/deliver AOP and Function funded initiatives for myPAM areas Identify automation opportunities and gain efficiencies in the myPAM services Account Management Enhance myPAM onboarding and maintenance processes as appropriate Develop/Manage processes to keep myPAM onboarding process/lists evergreen for all sensitive and privileged access for platforms/applications in scope Drive participation in the myPAM onboarding process to ensure privileged accounts are managed appropriately, and password change requests are completed on time Create, manage, maintain quarterly control processes for myPAM area Work with application owners, Controls team, as needed, and ensure myPAM processes are kept up to date Provide account management and remediation services for methodologies such as but not limited to the following: Superuser Account Password Management (SAPM) Application Access Management (AAM) DAP (Dynamic Application Provider – formerly Conjur) Endpoint Protection Manager (EPM) SSH Key Management Privileged Threat Analytics (PTA) Qualifications 8-12 Years of industry experience 5 + years in Privileged Access Management using CyberArk as a Senior Engineer. 8 + years in Identity & Access Management Bachelors in Engineering, Computer Science, Information Security or significant equivalent experience with excellent communication skills and stakeholder management. Experience with developing, planning, and implementing a large scale enterprise-level CyberArk infrastructure, including but not limited to the following components: o Enterprise Password Vault (EPV) o Privileged Session Manager (PSM) o Password Vault Web Access (PVWA) o Central Password Manager (CPM) o Application Access Management (AAM – CP, CCP, and ASCP) o Dynamic Application Provider (DAP) o SSH Key Management o Endpoint Protection Manager (EPM) o Privileged Threat Analytics (PTA) Also, should have good experience in managing the privileged accounts in the cloud. Should have knowledge of CIEM. Knowledge of the following core concepts: o Principle of least privileged access o Principle of revocation of rights o Principle of Just In Time access Experience with PIM governance and compliance, including the following: o Performing Privileged Access Reviews o Compliance Reporting o Access Control Processes