- Contract
- Anywhere
Senior IAM / PKI Architect (Freelance/Contract) – Government Organization
Location: Brussels Region, Belgium
Work Model: Hybrid (2–3 days on-site per week)
Contract Duration: Initial 1-year contract with extensions up to 3 years
Start Date: 01/09/2026
Languages: Dutch or French (mandatory) and English
Seniority: Senior / Expert Level
Context
A major governmental organization in the Brussels region is strengthening its cybersecurity posture in response to evolving regulatory and security requirements, including NIS2-related initiatives. We are seeking an experienced Senior IAM / PKI Architect to lead the design, assessment, and implementation of a robust Public Key Infrastructure (PKI) and Identity & Access Management (IAM) architecture.
The successful candidate will operate autonomously, working closely with internal security teams and PKI subject matter experts to define the future-state architecture, identify security gaps, improve processes, and ensure secure certificate lifecycle management across the organization.
Responsibilities
PKI Architecture & Strategy
- Define and maintain the enterprise PKI architecture roadmap and blueprint.
- Design secure PKI environments covering Root CA, Issuing CA, certificate lifecycle management, revocation mechanisms, and trust models.
- Establish governance, standards, and best practices for certificate management.
- Design and implement certificate issuance, renewal, revocation, blacklisting, and recovery processes.
- Ensure PKI solutions comply with governmental and regulatory security requirements.
Assessment & Gap Analysis
- Perform comprehensive assessments of existing PKI and IAM environments.
- Conduct gap analyses against security standards, best practices, and regulatory requirements.
- Identify architectural weaknesses, operational risks, and security vulnerabilities.
- Provide actionable recommendations and implementation roadmaps.
Security & Compliance
- Support NIS2-related compliance and cybersecurity initiatives.
- Develop secure operational processes and controls.
- Define security policies, procedures, and governance frameworks.
- Ensure audit readiness and documentation standards.
Project Delivery
- Lead PKI-related transformation and remediation initiatives.
- Work autonomously to resolve architectural challenges and unblock complex projects.
- Collaborate with security architects, infrastructure teams, and PKI experts.
- Provide technical leadership and knowledge transfer to internal teams.
Required Experience
- Minimum 8–10 years of experience in cybersecurity, IAM, or PKI domains.
- Proven experience designing and implementing enterprise PKI environments.
- Strong knowledge of:
- Public Key Infrastructure (PKI)
- Certificate lifecycle management
- Certificate Authorities (CA)
- Certificate Revocation Lists (CRL)
- OCSP
- Digital signatures
- Encryption and cryptographic standards
- Identity & Access Management (IAM)
- Experience performing security assessments and gap analyses.
- Experience creating security architectures, governance models, and operational processes.
- Ability to work independently and drive initiatives from assessment through implementation.
- Experience within highly regulated environments is a strong asset.
Technical Skills
- Enterprise PKI platforms
- Microsoft AD CS and/or comparable PKI solutions
- HSMs (Hardware Security Modules)
- IAM technologies and integrations
- Security architecture frameworks
- Risk assessment methodologies
- Certificate automation and lifecycle tools
- Regulatory compliance and security governance
Soft Skills
- Excellent stakeholder management skills.
- Strong analytical and problem-solving abilities.
- Comfortable working in complex and politically sensitive environments.
- Autonomous, proactive, and results-oriented.
- Strong communication and documentation skills.
Language Requirements
- Fluent Dutch or French (mandatory).
- Professional English (mandatory).
