CAREER OPPORTUNITY
Title: Secrets Manager
Work type: Contract – 6 months
Seniority level: Management
Work Location: Barbados (Remote work possible)
Position Description:
The Secrets Manager is responsible for the end-to-end governance of the organisation’s cryptographic identity. The Secrets Manager leads the implementation of modern secrets management practices, with emphasis on Certificate Lifecycle Management (CLM) and Enterprise Key Management (EKM) to protect sensitive credentials across on-premise, cloud, and hybrid environments.
Main responsibilities of the role:
Secrets Management Cryptographic Strategy and Governance
- Develop and implement secrets management strategy and framework aligned with security objectives and with global security standards (NIST, FIPS).
- Define secrets classification, handling requirements and protection requirements for asymmetric/symmetric keys and digital certificates.
- Assess current practices and establish the roadmap for Public Key Infrastructure (PKI) maturity, moving from manual processes to automated issuance and renewal
Secrets Vault, KMS & HSM Architecture
- Lead the selection, configuration, and maintenance of Hardware Security Modules (HSMs) and Cloud KMS (AWS KMS, Azure Key Vault, Google Cloud KMS).
- Manage the integration of Vaulting solutions (HashiCorp, CyberArk) with backend encryption providers.
- Ensure high availability, disaster recovery, and Golden Key protection protocols are strictly enforced.
Certificate Lifecycle & Automation
- Oversee the full Certificate Lifecycle: from CSR generation and CA orchestration to installation and revocation.
- Implement automated certificate renewal processes (ACME, SCEP) to eliminate outages caused by expired certificates.
- Maintain a centralised inventory of all internal and external-facing SSL/TLS certificates.
Key Management and Rotation
- Establish secure procedures for Root Key generation and distribution.
- Manage the rotation of Master Keys and Data Encryption Keys (DEKs) across multi-cloud environments.
- Manage emergency rotation processes
Secrets Security Controls and Compliance
- Enforce Encryption at Rest and in Transit standards across the enterprise.
- Monitor for cryptographic drift and unauthorised key usage; investigate incidents related to credential exposure.
- Audit HSM logs and access patterns to ensure compliance with regulatory frameworks (PCI-DSS, HIPAA, SOC2).
The ideal candidate will possess the following qualifications & experience:
- Bachelor’s degree in computer science, Cybersecurity, Information Technology, or related field
- Minimum 3-5 years’ experience in information security with 3+ years of management experience in PKI, certificate management, or encryption key management
- Technical Mastery: Proven track record implementing Enterprise Key Management Systems (EKMS) and managing Hardware Security Modules (e.g., Thales, Entrust).
- Cloud Proficiency: Deep hands-on experience with Cloud-native KMS and Secrets Managers (AWS, Azure, GCP).
- Infrastructure: Experience managing certificates within Kubernetes/Container environments (e.g., cert-manager, Istio).
Desirable Certifications
- Certified Encryption Specialist (EC-Council)
- Certified Information Systems Security Professional (CISSP)
- HashiCorp Certified: Vault Associate
- Cloud-specific Security Architectures (AWS Security Specialty, Azure Security Engineer)
Core Competencies:
Technical Knowledge and Skills
- A good understanding of cryptographic principles and key management
- Expertise with secrets management platforms
- Knowledge of HSMs and hardware-based key protection
- Understanding of PKI and certificate management
- Knowledge of cloud security and secrets management
- Understanding of DevSecOps practices
- Familiarity with regulatory compliance (encryption, key management)
- Container security (Docker, Kubernetes)
- API integration and development
Only shortlisted candidates will be contacted