IT Compliance and Certificate Administrator

Key Responsibilities

Certificate Lifecycle Management

Oversee the full lifecycle of digital certificates : request, issuance, renewal, revocation, and expiration.

Maintain and update the central certificate inventory.

Ensure timely renewals and mitigate risks of certificate expiration or failure.

PKI Infrastructure Oversight

Manage internal and third-party Certificate Authorities (CAs).

Administer OCSP responders and CRL distribution points.

Ensure availability, scalability, and security of all PKI components.

Security & Compliance

Enforce certificate usage policies (e.g., key size, validity period).

Maintain compliance with standards such as PCI-DSS, HIPAA, and ISO 27001.

Monitor for misuse, compromise, or improper configurations of digital certificates.

Incident Management

Act swiftly on certificate-related incidents (expired, revoked, compromised).

Coordinate certificate replacement and environment recovery.

Cross-Functional Collaboration

Provide guidance to DevOps, Infrastructure, Security, and Application teams on certificate integration and management.

Promote awareness and adherence to best practices in encryption and digital identity.

Documentation & Reporting

Maintain up-to-date documentation on certificate policies and procedures.

Produce reports on certificate inventory, expiration, compliance, and risk metrics.

Tooling & Automation (Nice to Have)

Deploy and manage certificate automation tools (e.g., Venafi, DigiCert, Sectigo).

Automate certificate discovery, issuance, and renewal using scripting and APIs.

Qualifications

Technical Experience

3–5 years of hands-on experience managing enterprise-level certificates.

2+ years of working knowledge of Certificate Authorities (DigiCert preferred; Gandi or GlobalSign also relevant).

Experience managing 1,000+ certificates across diverse systems, preferably in multinational environments.

PKI & Security Knowledge

Deep understanding of PKI principles, digital signatures, and X.509 certificates.

Proficient in SSL / TLS, HTTPS, IPsec, S / MIME protocols.

Familiarity with certificate-related protocols : OCSP, CRL, LDAP, DNS.

Tools & Platforms

Expertise in tools like DigiCert, GlobalSign, OpenSSL, HashiCorp Vault, Sectigo, Keyfactor.

Familiarity with SIEM and vulnerability scanning tools (e.g., Splunk, QRadar, Nessus, Qualys).

OS & Scripting

Admin-level experience with Windows Server (Active Directory Certificate Services) and Linux / Unix.

Scripting proficiency in PowerShell, Bash, and Python for automation and integration tasks.

Cloud & DevOps Integration

Experience managing certificates on Azure, AWS, or Google Cloud platforms.

Knowledge of CI / CD integration and containerized environments (Kubernetes, Docker).

Behavioral & Soft Skills

Excellent English communication skills (verbal and written).

Strong problem-solving, analytical thinking, and initiative.

Collaborative team player with project ownership mindset.

Able to communicate technical concepts to varied audiences.