PKI ArchitectPKI Architect - Job DescriptionPosition Title: PKI Architect Department: Cybersecurity / Information Security Employment Type: Full-Time Location: On-site Role Summary The PKI Architect is responsible for the strategic design, implementation, and governance of the enterprise Public Key Infrastructure (PKI). This role ensures the confidentiality, integrity, and availability of cryptographic services, certificate life cycle management, and trust frameworks across the organisation. The architect collaborates with cross-functional teams to maintain compliance, operational resilience, and alignment with industry standards. Primary Responsibilities • Enterprise PKI Architecture - Define and maintain PKI architecture, including CA hierarchy, trust models, certificate policies, and security controls. • CA/RA Governance - Oversee Certificate Authority and Registration Authority operations, ensuring secure issuance, renewal, and revocation processes. • Cryptographic Standards Management - Establish and enforce cryptographic policies, key management procedures, algorithm standards, and HSM governance. • Infrastructure Security - Ensure secure deployment of PKI components, including OCSP, CRL distribution, offline root CA protection, and high-availability configurations. • Integration & Enablement - Integrate PKI with enterprise systems such as IAM, TLS/SSL, MDM, IoT, cloud platforms, and internal applications. • Risk, Audit & Compliance - Conduct PKI risk assessments, support internal/external audits, and ensure compliance with NIST, ISO 27001, and regulatory requirements. • Documentation & Policy Development - Develop and maintain CP/CPS documents, architecture diagrams, operational procedures, and governance frameworks. • Incident Response Support - Provide expertise during cryptographic incidents, certificate failures, or trust-related security events. Required Qualifications • Cryptography Expertise - Deep understanding of X.509, PKCS standards, OCSP, CRL, key algorithms, and secure key life cycle management. • PKI Platform Experience - Hands-on experience with enterprise PKI systems, HSMs, CLM tools, and CA/RA operations. • Security Framework Knowledge - Familiarity with NIST 800-53, ISO 27001/2, and cryptographic compliance requirements. • Automation & Scripting - Proficiency in PowerShell, Python, or Shell scripting for PKI automation and operational efficiency. • Bachelor's or Master's degree in Computer Science, Information Security, or a related discipline. Preferred Certifications • CISSP • CISM • CCSP • GIAC Security Certifications • Vendor-specific PKI or HSM certifications Core Competencies • PKI Architecture • Cryptographic Systems • TLS/SSL Protocols • Automation & Scripting • Risk Assessment • Cross-functional Collaboration 3005833