Identity and Access Management Architect

To be part of our organization, every employee should understand and share in the YNHHS Vision, support our Mission, and live our Values. These values - integrity, patient-centered, respect, accountability, and compassion - must guide what we do, as individuals and professionals, every day.

Under the general direction and supervision of the Chief Information Security Officer, the Identity and Access Management Architect (IAM) has responsibility for the lifecycle planning, design, installation and support of the corporate security strategy, architecture, and practices. Lead the definition and execution of the organization?s IAM strategy, aligning with the overall enterprise security and technology roadmap and serve as the top-tier authority on all IAM topics, with an emphasis on integrating cloud and on-premises enterprise architectures. Develops implementation plans, coordinates implementation of security related systems verifying the installation of hardware, software, and security management tools. Works at a technical level and maintains effective communication with management teams and across user departments, and other support organizations. The IAM security architect will be required to effectively translate business objectives and risk management strategies into specific processes enabled by security technologies and services. This position is responsible for and has oversite of the execution of all cybersecurity and compliance requirements associated operational tasks required to implement a highly scalable and secure multi-vendor health-care application landscape. Documents and communicates all security changes that take place across the YNHHS applications, network, and platforms according to the established organizational procedures and standards of Yale New Haven Health System Digital & Technology Solutions (DTS).

EEO/AA/Disability/Veteran

• Responsible for the evaluation, architecture and delivery of advanced technology solutions while demonstrating a high degree financial awareness and consideration of final objectives.
• Determine requirements, develop, and recommend security solutions, capabilities, and controls that are aligned with business objectives, technology, and threat drivers.
• Evaluate, assess, and recommend improvements to statements of work and proposals from vendors to ensure that adequate security protections are in place for security-related deficiencies and required "user controls," and report any findings to the CISO and vendor management teams.
• Develop and maintain security architecture, design, and roadmap documents. Develop and present detailed strategies, designs, and implementation plans to management.
• Deliver complex customized designs and solutions aligned to defense in depth strategies by self and by collaborating with peers, vendors, and stakeholders.
• Test, evaluate, and review security technologies, tools, and services aligned to business goals and make recommendations to the broader security team for their use based on security, financial and operational metrics.
• Track developments and changes in the digital business and threat environments to ensure that the YNHHS healthcare applications' landscape is adequately protected by existing security controls.
• Responsible for setting technical direction, scope, quality metrics, planning, execution and closing of technical projects.
• Determine baseline security configuration standards for operating systems, applications, network segmentation, and identity and access management.
• Provide high level of technical skill to enable resolution of complex security and identity and access related technology problems throughout the project lifecycle.
• Work collaboratively across technical, customer, and management constituencies to ensure a quality and timely service delivery.
• Perform other job duties and responsibilities as assigned.

EDUCATION

Bachelor's degree in Computer Science or related discipline and/or extensive technical training and related experience.

EXPERIENCE

At least ten (10) years of experience in a technical services function in a complex distributed enterprise network and application environment. Hands-on experience in managing and designing IAM technologies and services (e.g. SailPoint IdentityIQ, Active Directory / EntraID IAM solutions in a large environment is required. Ability to automate complex access management and authentication policies for on-prem and cloud hosted applications at an expert level required. Skilled at collaborating with peers and socializing IAM governance and strategy with senior leadership and executives. Working knowledge of Microsoft Purview, Azure IaaS security and data protection controls (e.g. data loss, encryption, conditional access, data classification). Experienced in the following areas: security architecture, design, implementation, and integration management for full stack IT infrastructure (applications, scripting, databases, operating systems, hardware, IP network, and test planning in a dynamic continuous improvement environment.

LICENSURE

Certified Information Systems Security Professional (CISSP) certification or within 12-24 months in role, Microsoft Azure security certifications technologies and Sailpoint Identity management experience required . Sailpoint IdentityIQ certification is desirable.

SPECIAL SKILLS

In depth knowledge delivering IAM and cloud security capabilities in a hybrid hosting model. Optimize RBAC controls and map workflows for individuals / groups and perform certification based on segregation of duties / role. Extensive knowledge of IAM technologies and protocols (SSO, MFA, Federation, PAM, OIDC, OAuth, SAML, and SCIM) and the ability to automate / streamline identity workflow scenarios. Knowledge of NIST CSF, Health Insurance Portability and Accountability Act (HIPAA)/Health Information Technology for Economic and Clinical Health (HITECH) security concepts where capable of reviewing / performing security assessments for project solutions. Ability to work effectively under pressure and function in a fast-paced collaborative team setting. Demonstrated capacity to acquire new skills efficiently and ability to blend technical expertise and business perspective. Able to make logical decisions regarding the best method to accomplish goals or solve a problem and is guided by precedent and general policy in making decisions. Able to coordinate and obtain cooperation of others and to handle controversial issues tactfully.

PHYSICAL DEMAND

Work with hand tools requiring dexterity, skillful eye to hand coordination and repeated motion. Must have average to above average eyesight and be able to easily distinguish colors and shading. Must have average to above average hearing required to easily distinguish between various audible alerts emitted from devices. Frequent walking, standing and travel between all YNHHS locations throughout the State CT and Westchester County NY . On call and off hours support required