Secrets Manager

CAREER OPPORTUNITY 

Title: Secrets Manager 

Work type: Contract - 6 months 

Seniority level: Management 

Work Location: Barbados (Remote work possible)  

Position Description: 

The Secrets Manager is responsible for the end-to-end governance of the organization’s cryptographic identity. The Secrets Manager leads the implementation of modern secrets management practices, with emphasis on Certificate Lifecycle Management (CLM) and Enterprise Key Management (EKM) to protect sensitive credentials across on-premise, cloud, and hybrid environments.

Main responsibilities of the role: 

Secrets Management Cryptographic Strategy and Governance

• Develop and implement secrets management strategy and framework aligned with security objectives and with global security standards (NIST, FIPS).

• Define secrets classification, handling requirements and protection requirements for asymmetric/symmetric keys and digital certificates.

• Assess current practices and establish the roadmap for Public Key Infrastructure (PKI) maturity, moving from manual processes to automated issuance and renewal  

Secrets Vault, KMS & HSM Architecture 

• Lead the selection, configuration, and maintenance of Hardware Security Modules (HSMs) and Cloud KMS (AWS KMS, Azure Key Vault, Google Cloud KMS).
• Manage the integration of Vaulting solutions (HashiCorp, CyberArk) with backend encryption providers.
• Ensure high availability, disaster recovery, and Golden Key protection protocols are strictly enforced. 

Certificate Lifecycle & Automation

• Oversee the full Certificate Lifecycle: from CSR generation and CA orchestration to installation and revocation.
• Implement automated certificate renewal processes (ACME, SCEP) to eliminate outages caused by expired certificates.
• Maintain a centralized inventory of all internal and external-facing SSL/TLS certificates.  

Key Management and Rotation 

• Establish secure procedures for Root Key generation and distribution.
• Manage the rotation of Master Keys and Data Encryption Keys (DEKs) across multi-cloud environments.  

• Manage emergency rotation processes  

Secrets Security Controls and Compliance 

• Enforce Encryption at Rest and in Transit standards across the enterprise.
• Monitor for cryptographic drift and unauthorized key usage; investigate incidents related to credential exposure.
• Audit HSM logs and access patterns to ensure compliance with regulatory frameworks (PCI-DSS, HIPAA, SOC2).  

The ideal candidate will possess the following qualifications & experience: 

• Bachelor’s degree in computer science, Cybersecurity, Information Technology, or related field 

• Minimum 3-5 years' experience in information security with 3+ years of management experience in PKI, certificate management, or encryption key management 

• Technical Mastery: Proven track record implementing Enterprise Key Management Systems (EKMS) and managing Hardware Security Modules (e.g., Thales, Entrust).
• Cloud Proficiency: Deep hands-on experience with Cloud-native KMS and Secrets Managers (AWS, Azure, GCP).
• Infrastructure: Experience managing certificates within Kubernetes/Container environments (e.g., cert-manager, Istio).

Desirable Certifications 

• Certified Encryption Specialist (EC-Council)
• Certified Information Systems Security Professional (CISSP)
• HashiCorp Certified: Vault Associate
• Cloud-specific Security Architectures (AWS Security Specialty, Azure Security Engineer) 

Core Competencies: 

Technical Knowledge and Skills 

Only shortlisted candidates will be contacted