Director Identity Governance and Administration

POSITION SUMMARY:

Under the direction of the VP of Information Security, the Director of Identity Governance and Administration will provide strategic leadership for BMCHS's Identity and Access Management (IAM) program. This role is responsible for designing, implementing, and optimizing secure, scalable IAM solutions that align with organizational objectives, regulatory requirements, and industry best practices. The Director will partner closely with cybersecurity, infrastructure, operations, and clinical leadership teams to ensure identity governance processes are efficient, compliant, and user-friendly across the enterprise. This is a high-impact leadership position that shapes BMCHS's IAM roadmap, strengthens the organization's cybersecurity capabilities, and drives operational efficiency.

Position: Director Identity Governance and Administration

Department: Information Security

Schedule: Full Time

ESSENTIAL RESPONSIBILITIES / DUTIES:

Program Leadership and Strategy

• Develop and execute a comprehensive Identity Governance and Administration (IGA) strategy and roadmap aligned with organizational goals, security requirements, and regulatory standards.

• Establish IAM architecture standards, policies, and procedures to ensure consistency and compliance across BMCHS.

• Oversee the full identity lifecycle, including onboarding, offboarding, access provisioning, certification campaigns, and role/entitlement management.

Technology and Operations

• Lead the implementation, integration, and optimization of IGA platforms.

• Collaborate with HR, IT, and business leaders to ensure timely and accurate identity provisioning and deprovisioning.

• Drive initiatives for role-based access control (RBAC), separation of duties (SoD), privileged account management, and least-privilege enforcement.

• Conduct risk assessments and security audits related to account administration, recommending and implementing mitigation strategies.

Governance, Compliance, and Risk Management

• Ensure IAM processes meet HIPAA, NIST, and other applicable regulatory and industry frameworks.

• Lead enterprise access review programs, track compliance metrics, and address identified gaps.

• Maintain awareness of emerging IAM technologies, threat landscapes, and regulatory changes.

Team Leadership and Collaboration

• Lead a team of IAM team leads and analysts, providing mentorship, coaching, and performance management.

• Build cross-functional relationships to integrate IAM best practices into enterprise applications, infrastructure, and workflows.

• Partner with leadership across the organization to promote a security-first culture in identity management.

(The above statements in this job description are intended to depict the general nature and level of work assigned to the employee(s) in this job. The above is not intended to represent an exhaustive list of accountable duties and responsibilities required).

JOB REQUIREMENTS

REQUIRED EDUCATION AND EXPERIENCE:

• Bachelor's degree in Computer Science, Cybersecurity, or related field and eight+ years of experience in cybersecurity, information security, designing and implementing enterprise identity solutions; or equivalent combination of education and experience.

• Experience with auditing, and risk management, as well as contract and vendor negotiation.

• Experience with automation in IAM processes.

• Hands-on experience with federation protocols (SAML, OAuth, OpenID Connect).

PREFERRED EDUCATION AND EXPERIENCE:

• Master's degree

CERTIFICATES, LICENSES, REGISTRATIONS PREFERRED:

• Certified Security Systems Professional (CISSP)

KNOWLEDGE, SKILLS & ABILITIES (KSAs):

• Ability to manage complexity and dynamic environments

• Must be able to keep abreast of industry trends

• Must have a solid understanding of information technology and cybersecurity.

• Ability to articulate technical information into real world business impact at a management level and, conversely, ability to translate management business initiatives into actionable technical designs.

• Familiarity with current Cybersecurity management frameworks

• Familiarity with Identity Governance and Administration technologies and products

• Knowledge of regulatory compliance requirements (e.g., HIPAA).

Boston Medical Center Health System (BMCHS) is a ~$6 billion integrated academic health care system whose purpose is to transform the outcomes of low(er) income and vulnerable populations in Massachusetts, New Hampshire and beyond. Anchored by Boston Medical Center, BMCHS has evolved to encompass six major entities: Boston Medical Center, WellSense Health Plan, Boston University Medical Group, Boston HealthNet (a network of community health centers), Boston Accountable Care Organization, and Clearway Health (a specialty pharmacy services provider).

BMC Health System occupies a unique position in the MA and US healthcare landscape. Over 60% of clinical care is in (near) full risk arrangements, and there is a strong commitment to value based care, and to addressing the core health drivers (social determinants of health) in the communities that BMCHS serves. BMCHS's patients disproportionately come from communities of color, so BMCHS is deeply invested in addressing health inequities both within the organization, and in partnership with community organizations. Through WellSense Health Plan, BMCHS covers over 40% of all Massachusetts' Medicaid members in exclusive payer-provider partnerships with eight accountable care organizations. Lastly, BMCHS's academic enterprise provides a strong foundation of talent to study and disseminate its experience and to shape the health system more broadly.

Equal Opportunity Employer/Disabled/Veterans

According to the FTC, there has been a rise in employment offer scams. Our current job openings are listed on our website and applications are received only through our website. We do not ask or require downloads of any applications, or "apps" job offers are not extended over text messages or social media platforms. We do not ask individuals to purchase equipment for or prior to employment.