Department: Cybersecurity / Information Security
Employment Type: Full-Time
Location: On-site
Role Summary
The PKI Architect is responsible for the strategic design, implementation, and governance of the enterprise Public Key Infrastructure (PKI). This role ensures the confidentiality, integrity, and availability of cryptographic services, certificate life cycle management, and trust frameworks across the organisation. The architect collaborates with cross-functional teams to maintain compliance, operational resilience, and alignment with industry standards.
Primary Responsibilities
•
Enterprise PKI Architecture - Define and maintain PKI architecture, including CA hierarchy, trust models, certificate policies, and security controls.
•
CA/RA Governance - Oversee Certificate Authority and Registration Authority operations, ensuring secure issuance, renewal, and revocation processes.
•
Cryptographic Standards Management - Establish and enforce cryptographic policies, key management procedures, algorithm standards, and HSM governance.
•
Infrastructure Security - Ensure secure deployment of PKI components, including OCSP, CRL distribution, offline root CA protection, and high-availability configurations.
•
Integration & Enablement - Integrate PKI with enterprise systems such as IAM, TLS/SSL, MDM, IoT, cloud platforms, and internal applications.
•
Risk, Audit & Compliance - Conduct PKI risk assessments, support internal/external audits, and ensure compliance with NIST, ISO 27001, and regulatory requirements.
•
Documentation & Policy Development - Develop and maintain CP/CPS documents, architecture diagrams, operational procedures, and governance frameworks.
•
Incident Response Support - Provide expertise during cryptographic incidents, certificate failures, or trust-related security events.
Required Qualifications
•
Cryptography Expertise - Deep understanding of X.509, PKCS standards, OCSP, CRL, key algorithms, and secure key life cycle management.
•
PKI Platform Experience - Hands-on experience with enterprise PKI systems, HSMs, CLM tools, and CA/RA operations.
•
Security Framework Knowledge - Familiarity with NIST 800-53, ISO 27001/2, and cryptographic compliance requirements.
•
Automation & Scripting - Proficiency in PowerShell, Python, or Shell scripting for PKI automation and operational efficiency.
•
Bachelor's or Master's degree in Computer Science, Information Security, or a related discipline.
Preferred Certifications
•
CISSP
•
CISM
•
CCSP
•
GIAC Security Certifications
•
Vendor-specific PKI or HSM certifications
Core Competencies
•
PKI Architecture
•
Cryptographic Systems
•
TLS/SSL Protocols
•
Automation & Scripting
•
Risk Assessment
•
Cross-functional Collaboration
#3005833
About us
At Hays, we invest in lifelong partnerships that empower people and businesses to succeed. You are at the heart of everything we do. With over 50 years’ experience and a workforce of more than 10,000 people across 32 countries, we collectively put our customers, at the heart of everything we do.
Drawing on knowledge that’s unique to our scale, our commitment to understanding your needs and our ability to meaningfully innovate we are more than just a specialist recruitment business. By providing advice, insights and expertise on issues you face in today’s fast paced world of work, we’ll help you make the right decisions for tomorrow.
Looking for the right role for you?
At Hays we know that finding the right role at the right time takes careful consideration. As your lifelong career partners, we’re by your side, every step of the way.
Whether you’re seeking a new opportunity or support in navigating a career change, we bring the expertise and the connections to partner with you to help you realise your ambition.
Providing an unmatched breadth of jobs across industries and professions whilst leveraging our knowledge, employer relationships, learning opportunities and support, we can offer you roles that challenge and excite you.
Take the next step at hays.com.au