Jobs · Information Technology · New York

Senior Director IT- IAM & Provisioning Operations

Montefiore Health System · Bronx, NY · 1 mo ago
Information Technology$160k–$200k/yrFull-time

About the role

The Senior Director of IAM & Provisioning Operations is responsible for leading and evolving the enterprise identity, access management, and provisioning strategy across a large and complex IT organization.

Responsibilities

  • Lead the IAM & Provisioning Operations organization, overseeing teams responsible for identity governance, access provisioning, privileged access management, certificate lifecycle management, and access operations.
  • Own and evolve the enterprise IAM strategy, roadmap, operating model, and governance framework in partnership with Cybersecurity, Enterprise Architecture, Infrastructure, Applications, HR, Cloud teams, Compliance, Internal Audit, and business leadership.
  • Oversee SailPoint or equivalent Identity Governance and Administration platforms, including identity aggregation, access request workflows, Automations, code changes, role management, access certifications, policy enforcement, segregation of duties, and lifecycle event processing.
  • Direct enterprise provisioning and deprovisioning operations for employees, contractors, vendors, partners, and other workforce populations across on-premises, cloud, SaaS, and legacy application environments.
  • Govern joiner, mover, leaver, transfer, rehire, and termination processes to ensure timely, accurate, auditable, and automated access changes aligned to HR source-of-truth data.
  • Own the enterprise Multi-Factor Authentication program, including platform governance, registration and adoption monitoring, end-user experience, exception and exclusion management, and phishing-resistant authentication initiatives such as FIDO2 and certificate-based authentication.
  • Lead MFA migration and modernization programs across workforce populations, and ensure MFA controls are aligned with conditional access policy, regulatory requirements, and risk-based authentication standards.
  • Lead the Privileged Access Management (PAM) program, including vaulting, credential rotation, privileged session management, just-in-time access, break-glass procedures, service account governance, and privileged access reviews.
  • Oversee certificate management and PKI-related operations, including certificate inventory, discovery, issuance, renewal, expiration monitoring, key management, automation, standards, and operational controls to prevent outages.
  • Establish standards for role-based access control, attribute-based access control, least privilege, access recertification, privileged access, service accounts, shared accounts, application onboarding, and access exception handling.
  • Partner with application, infrastructure, cloud, and security teams to onboard critical applications and platforms into IAM, SailPoint, PAM, SSO, MFA, and access review processes.
  • Manage identity integrations with directories and authentication services such as Active Directory, Microsoft Entra ID, LDAP, SSO, MFA, federation, and cloud identity platforms as applicable.
  • Ensure IAM operations support regulatory, audit, and compliance requirements, including evidence production, control testing, remediation tracking, policy alignment, and risk reporting.
  • Develop and monitor service levels, key risk indicators, key performance indicators, operational dashboards, queue health, provisioning timeliness, access removal timeliness, certification completion, and incident trends.
  • Lead major incident response, root cause analysis, problem management, and continuous improvement for IAM, PAM, provisioning, certificate, and access-related service disruptions.
  • Drive automation and process improvement to reduce manual provisioning, improve fulfillment accuracy, accelerate onboarding, reduce orphaned access, and improve the overall user experience.
  • Own vendor relationships, platform support models, contract input, licensing optimization, and roadmap alignment for IAM, IGA, PAM, certificate management, and related identity technologies.

Qualifications

  • A minimum of 10 years of experience in Identity and Access Management, cybersecurity, infrastructure, application access operations, or IT operations, with at least 5 years in a senior leadership or director-level role.
  • Deep experience leading IAM operations in a large, complex, highly regulated, or distributed enterprise environment.
  • Strong experience with SailPoint IdentityIQ, SailPoint IdentityNow, or equivalent Identity Governance and Administration platforms.
  • Strong experience with Privileged Access Management platforms and operating models, including CyberArk, BeyondTrust, Delinea, or equivalent technologies.
  • Experience managing certificate lifecycle operations, PKI processes, certificate discovery, renewal automation, expiration prevention, and operational controls.
  • Demonstrated success improving provisioning, deprovisioning, access request, access review, and lifecycle management processes at enterprise scale.
  • Strong understanding of directory services, identity sources, HR-driven identity lifecycle, SSO, MFA, federation, conditional access, service accounts, non-human identities, and cloud identity patterns.
  • Experience supporting audit, risk, compliance, regulatory reviews, and control remediation activities related to access management and privileged access.
  • Ability to lead large, cross-functional teams and influence application owners, infrastructure teams, security teams, business leaders, and executive stakeholders.
  • Experience managing vendors, budgets, staffing models, managed service partners, roadmaps, and enterprise technology lifecycle decisions.

Similar jobs