Financial Modeling Advisor

About Riverflex

Riverflex, founded in Amsterdam and London, is a global team of consultants dedicated to helping courageous leaders drive transformative change. We operate across three service pillars: Strategy and Transformation Consulting ('Creates Change'), Talent Services ('Builds Teams'), and Business-Accelerating Products ('Augments Intelligence'). Our mission is to empower organizations to achieve their most ambitious goals.

Job Description: CyberArk Engineer

This is an interim/contract position for a CyberArk Engineer, part of a significant program to modernize and secure Identity and Access Management (IAM) for a major European grocery retail group. The core focus is onboarding business-critical and cyber-critical assets onto a centralized Privileged Access Management (PAM) solution, primarily CyberArk, complemented by Azure Entra PIM for cloud workloads, all aligned with Zero Trust principles. You will join an established team, report to the Regional IAM Team Leader, and own privileged-access use cases end-to-end.

Responsibilities

• Application & Infrastructure Onboarding (Core Focus):
• Own end-to-end privileged access onboarding for network devices, infrastructure, databases, cloud workloads, and business applications.
• Conduct application owner discovery, including intake meetings and detailed information capture.
• Onboard accounts into CyberArk: platform configuration, Safe creation, account assignment, and managing CPM password rotation and PSM session management.
• Coordinate User Acceptance Testing (UAT) with application owners through to sign-off and operational handover.
• Maintain onboarding tracker and Jira boards for scope traceability.
• Account & Credential Management:
• Onboard and manage both personal privileged accounts and non-personal/service accounts.
• Configure credential vaulting and automated rotation.
• Manage resource and group mappings.
• Support scalable self-service and API-driven onboarding.
• Connectors, Integration & Troubleshooting:
• Configure and support core CyberArk components (Digital Vault, PVWA, CPM, PSM, PSM for SSH, AAM/CCP).
• Diagnose and resolve onboarding blockers (e.g., CPM rotation failures, certificate issues, LDAP integration, network connectivity).
• Support platform activities like Vault upgrades and site switches.
• Stakeholder Engagement & Delivery Coordination:
• Serve as the primary point of contact for application teams, vendors, and platform teams.
• Drive engagement with application owners to secure commitment.
• Contribute to PAM strategy and architectural decisions.
• Documentation & Compliance:
• Maintain documentation for configurations, onboarding processes, Safe repositories, and audit controls.
• Support compliance-related tasks such as break-glass procedures and audit controls.

Job Requirements

• Experience: 3+ years of hands-on experience in CyberArk engineering and administration (on-premises; SaaS experience is a plus).
• CyberArk Components: Strong knowledge of Digital Vault, PVWA, CPM, PSM, PSM for SSH (PSMP), and AAM/Credential Provider (CCP).
• Onboarding Expertise: Proven end-to-end application and infrastructure onboarding experience (discovery, configuration, rotation, session management, UAT, sign-off).
• Troubleshooting Skills: Strong experience resolving issues related to CPM rotation, PKI/certificates, LDAP integration, and network connectivity.
• Communication: Confident, customer-facing engagement skills, with the ability to influence stakeholders.
• Process Management: Familiarity with Jira for delivery tracking and disciplined intake/documentation.
• Language: Fluent in English.

Plus Skills

• Experience configuring web and SSH connectors, and developing custom CyberArk plugins/connectors.
• Proficiency in PowerShell and the CyberArk REST API for automation.
• Working knowledge of Azure Entra ID / Entra PIM.

Why This Role

• Impactful Program: Be part of a business-critical, multi-year security program securing privileged access across four countries.
• Ownership: Own privileged-access use cases end-to-end.
• Team & Structure: Work within an established team and global function.
• Engagement Length: 6-month rolling engagement with strong potential for multi-year extension.

Equal Opportunity Employer

We are an Equal Opportunity Employer committed to diversity and inclusion. We do not discriminate based on race, color, religion, gender, sexual orientation, national origin, age, marital status, medical condition, or disability. We encourage all qualified candidates to apply, even if they don't meet every single requirement.