Qualifications Required: + Bachelor's degree in Cybersecurity, Information Security, Engineering, Computer Science, Information Technology or related field + 7+ years of professional experience within data protection and information security, which may include Data Discovery, Data Classification and Rights Management, Data Access Governance, Data Loss Prevention, Cloud Access Security Broker, Encryption, Certificate Lifecycle Management, Cloud Security, SaaS Security + 7+ years with PKI concepts: Deep expertise in PKI architecture and enterprise trust models + 5+ years leading CLM strategy, design, and implementation using platforms such as AppViewX, Venafi, Keyfactor, DigiCert, or similar + Advanced knowledge of cryptography, certificate lifecycle processes, key management, HSM integration, and crypto policy enforcement + Ability to define target-state architecture, integration patterns, and operating models for large-scale environments + Hands-on understanding of certificate automation across load balancers, WAFs, API gateways, Kubernetes, cloud, web/app servers, and network/security infrastructure + Experience leading discovery, inventory rationalization, remediation, renewal automation, and compliance monitoring programs + Strong client leadership skills, including executive stakeholder management, workshop facilitation, roadmap alignment, and decision-making support + Ability to lead technical workstreams, architects, engineers, and offshore/onshore teams + Experience translating business, operational, and security requirements into architecture blueprints and implementation plans + Strong understanding of delivery governance, risk management, dependencies, and quality assurance for enterprise security transformations + Ability to travel 25-50%, on average, based on the work you do and the clients and industries/sectors you serve. + Limited sponsorship may be available Preferred: + Familiarity with crypto-agility strategies and post-quantum cryptography readiness + Knowledge of adjacent domains such as IAM, PAM, secrets management, zero trust, and machine identity management + Experience with DevSecOps integration, CI/CD pipeline enablement, and API-driven automation + Working knowledge of Python, PowerShell, Bash, REST APIs, or infrastructure automation patterns + Understanding of cloud-native certificate and key services in AWS, Azure, and GCP + Awareness of regulatory, audit, and policy requirements impacting cryptographic controls + Experience with operating model design, service transition, and support model definition + Ability to support business development, solutioning, estimation, staffing, and proposal writing + Strong mentoring capability for junior practitioners and emerging technical leads + Comfort with executive-level reporting, issue escalation, and steering committee discussions The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.