Full Job Description
The Certificate Operations Lead is responsible for overseeing the day-to-day execution of certificate lifecycle activities across Marsh for all certificate types used in the organization. This role partners with Certificate Management Office (CMO) leaders, application, infrastructure, and security teams to ensure certificates are issued, renewed, revoked, and replaced accurately and on time, in line with established processes and governance.
The lead owns certificate inventory and status records, manages upcoming expirations, and proactively drives remediation with the appropriate teams to prevent service disruption. The role also manages and oversees certificate-related incidents (including urgent renewals and revocations), providing clear communication, overseeing actions through to closure, and ensuring timely, auditable completion of all lifecycle tasks.
We will count on you to:
• Manage certificate requests, issuance, renewals, replacements, and revocations across internal and external Certificate Authorities.
• Oversee certificate inventory, lifecycle status, and upcoming expirations to ensure full visibility and prevent service disruption.
• Lead certificate-related incident response, emergency break-fix activities, deployment verification, and post-change validation in partnership with technical teams.
• Produce operational reporting, maintain runbooks and standard request artifacts, and support audit/compliance evidence requirements.
• Partner with automation and platform leaders to identify and support opportunities for process improvement, tooling integration, and reduced manual effort.
• Identify and remediate unknown or unowned certificates to ensure all certificates are properly inventoried and actively managed.
What you need to have:
• 7-10+ years of experience in technology with progressively senior responsibilities.
• Demonstrated experience supporting certificate lifecycle operations in an enterprise environment.
• Working knowledge of PKI and X.509 certificates, including TLS/SSL basics, certificate chains/intermediates, and common keystore formats such as PEM, PFX, and JKS.
• Familiarity with certificate management platforms and workflows such as Venafi, DigiCert/Sectigo, Microsoft AD CS, or ACME-based issuance.
• Strong ITSM experience managing incidents, service requests, and change coordination in ServiceNow or a similar platform.
• Proven coordination, communication, and problem-solving skills with the ability to drive actions to completion across technical teams.
• High attention to detail, strong documentation discipline, and experience maintaining accurate inventories and audit-ready records.
• Experience producing operational reports and keeping runbooks, templates, and SOPs current.
What makes you stand out:
• Basic scripting or automation skills, such as PowerShell or Python.
• Comfort working with APIs to support tooling integration and continuous improvement.
• Experience proactively improving certificate operations through automation, reporting, or process redesign.
• Strong ability to influence stakeholders and manage urgency in high-impact situations.