Identity and Access Management Architect
Yale New Haven Health · New Haven County, CT · 1 mo ago
On-siteInformation TechnologyFull-time
About the role
To be part of our organization, every employee should understand and share in the YNHHS Vision, support our Mission, and live our Values. These values - integrity, patient-centered, respect, accountability, and compassion - must guide what we do, as individuals and professionals, every day.
Responsibilities
- Lead the definition and execution of the organization's IAM strategy, aligning with the overall enterprise security and technology roadmap and serve as the top-tier authority on all IAM topics, with an emphasis on integrating cloud and on-premises enterprise architectures.
- Develops implementation plans, coordinates implementation of security related systems verifying the installation of hardware, software, and security management tools.
- Works at a technical level and maintains effective communication with management teams and across user departments, and other support organizations.
- Evaluate, assess, and recommend improvements to statements of work and proposals from vendors to ensure that adequate security protections are in place for security-related deficiencies and required "user controls," and report any findings to the CISO and vendor management teams.
- Develop and maintain security architecture, design, and roadmap documents. Develop and present detailed strategies, designs, and implementation plans to management.
- Deliver complex customized designs and solutions aligned to defense in depth strategies by self and by collaborating with peers, vendors, and stakeholders.
- Test, evaluate, and review security technologies, tools, and services aligned to business goals and make recommendations to the broader security team for their use based on security, financial and operational metrics.
- Track developments and changes in the digital business and threat environments to ensure that the YNHHS healthcare applications' landscape is adequately protected by existing security controls.
- Responsible for setting technical direction, scope, quality metrics, planning, execution and closing of technical projects.
- Determine baseline security configuration standards for operating systems, applications, network segmentation, and identity and access management.
- Provide high level of technical skill to enable resolution of complex security and identity and access related technology problems throughout the project lifecycle.
- Work collaboratively across technical, customer, and management constituencies to ensure a quality and timely service delivery.
- Perform other job duties and responsibilities as assigned.
Qualifications
- Bachelor's degree in Computer Science or related discipline and/or extensive technical training and related experience.
- At least ten (10) years of experience in a technical services function in a complex distributed enterprise network and application environment.
- Hands-on experience in managing and designing IAM technologies and services (e.g. SailPoint IdentityIQ, Active Directory / EntraID IAM solutions in a large environment is required. Ability to automate complex access management and authentication policies for on-prem and cloud hosted applications at an expert level required.
- Skilled at collaborating with peers and socializing IAM governance and strategy with senior leadership and executives.
- Working knowledge of Microsoft Purview, Azure IaaS security and data protection controls (e.g. data loss, encryption, conditional access, data classification).
- Experienced in the following areas: security architecture, design, implementation, and integration management for full stack IT infrastructure (applications, scripting, databases, operating systems, hardware, IP network, and test planning in a dynamic continuous improvement environment).
- Licensure: Certified Information Systems Security Professional (CISSP) certification or within 12-24 months in role, Microsoft Azure security certifications technologies and SailPoint Identity management experience required. Sailpoint IdentityIQ certification is desirable.