The Director of Identity, Access and Risk Management oversees the organization's identity and access management strategy/operations and has overall responsibility for the organization's Information Security Risk Management (ISRM) Program. The Director will be highly collaborative and utilize innovative tools and technologies that leverage Identity and Access Management (IAM) services that include but are not limited to automated user account provisioning/de-provisioning, role-based access control, identity proofing, public key infrastructure, digital certificates, multifactor authentication, end-user self-service, electronic prescriptions for controlled substances (EPCS) and access auditing. Additionally, he/she will work with the Manager, IT Security Risk Management to ensure that the ISRM Program supports the CCHCS mission through effective governance, risk and compliance (GRC) activities that detect, prevent or mitigate threats to confidentiality, integrity and/or availability of information resources. This includes but is not limited to policy development, vulnerability management, risk identification, mitigation and/or monitoring, risk assessments, awareness training, and insider threat/workforce resiliency. He/she will also partner with the organization's Enterprise Risk Management function to utilize a GRC platform to track and manage risks related to information technology.
The Director will have responsibilities that include strategic planning, capital/operating budgets, resource planning, incident response, and change management. He/she is also expected to be an ambassador of the organization through engagement and will work with staff on performance reviews, coaching, mentoring and other professional development. The Director will proactively work with IT leadership, management and customers to plan, develop, implement and support new identity and access management technology solutions that will result improve efficiencies, enhance security and/or be cost effective across the entire organization. The Director and his/her team identifies the standards and/or policies by which application development teams and/or customers shall use identity and access management within technologies and/or applications.
High school diploma or GED required. Bachelor's Degree required.
Minimum of 15 years of experience in information technology.
Minimum of 10 years implementing and/or supporting identity and access management/provisioning systems and solutions.
Minimum of 5 years in healthcare and in a supervisory position.
Minimum of 1 year implementing/supporting electronic prescriptions for controlled substances (EPCS), identity-proofing, digital signatures and public key infrastructure (PKI).
Extensive experience in security access management design and implementation.
Extensive experience in architecting and managing large Microsoft Active Directory environments including policy management.
Experience creating and maintaining detailed security process documentation.
Broad experience in disaster recovery planning and exercises.
Extensive experience in IT change management practices and procedures.
Broad experience in automating workflows that result in efficient and exceptional end-user experiences.
Extensive infrastructure and application support experience using industry standard ticketing and incident management systems.
Extensive knowledge and support experience with common productivity applications.
Knowledge of computer hardware, including PCs, phone and network equipment. Familiarity and practical application of advanced principles of ITIL/ITSM. Demonstrated progressive experience in the management of a technical support team.
Solid relationship management and performance management skills.
Ability to motivate and direct staff members and subordinates.
Team-oriented and skilled in working within a collaborative environment.
Strong customer service orientation.
Proven analytical and problem-solving abilities.
Ability to effectively prioritize and execute tasks in a high-pressure environment.
Good written, oral, and interpersonal communication skills.
Exceptional interpersonal skills, with a focus on listening and questioning skills.
Ability to present ideas in business-friendly and user-friendly language.
Highly self-motivated and directed. Keen attention to detail.
At least 1 year experience with Imprivata products and/or solutions including ConfirmID, OneSign, and/or Identity Governance. None required, although relevant industry certifications given preference.