Engineer III, Identity and Access Management

About The Position

Requirements

• Bachelor’s Degree in Arts/Sciences (BA/BS) from an accredited college in IT/Information Security, Computer Science, IT, Engineering or related field.
• In lieu of degree, 5+ years of experience is required or the equivalent combination of education and experience.
• 6+ years of direct experience in Identity & Access Management, with at least 2 years focused specifically on hands-on experience administering an enterprise IGA platform (e.g., Okta Lifecycle Management, Microsoft Entra Identity Governance, Sa).
• 2+ years including ownership of IGA programs, platform administration, and lifecycle automation at enterprise scale. Must include a proven track record of driving IGA maturity, executing governance roadmaps, and taking on increasing responsibility within complex, multi-application environments.
• 2+ years of experience designing and enforcing SoD policies, including conflict detection, remediation workflows, and entitlement reviews across enterprise and clinical applications.
• 2+ years of experience building and troubleshooting IGA integrations using REST APIs, SCIM, and SAML — with proficiency using tools such as Postman for testing and validation.
• 2+ years of experience with scripting and automation (PowerShell, Python, or equivalent) applied specifically to identity lifecycle events, provisioning routines, and access governance workflows.
• Strong grasp of identity lifecycle management, RBAC, and access governance in complex, multi-application environments.
• Strong working knowledge of identity provisioning standards and protocols including SCIM, SAML, OAuth/OIDC, and LDAP as applied to IGA platform integrations.
• Direct experience across the full IGA project lifecycle — including requirements gathering, governance design, platform configuration, integration, testing, and change management.
• Proven ability to communicate access governance risks and IGA program status to non-technical stakeholders and leadership, translating compliance requirements into business-aligned solutions.
• Expert-level understanding of identity governance principles and regulatory frameworks — including NIST 800-63, ISO 27001, HIPAA, and HITRUST — with a demonstrated ability to operationalize these standards through IGA controls and processes.

Nice To Haves

• Master’s degree in Arts/Sciences (MA/MS) Master's degree in Cybersecurity, Information Assurance, or a related technical field.
• One or more industry-recognized certifications such as CISSP, CISM, or CISA.
• Specialized IGA or vendor certifications — such as Okta Lifecycle Management, Microsoft Entra Identity Governance, or SailPoint IdentityNow — are considered a significant advantage.
• Okta Certified Professional/Administrator/Developer or Microsoft Entra SC-300 / SC-5008.
• Experience governing non-human identities, including service accounts, workload identities, and application credentials, within an IGA framework.
• Prior experience supporting ISO 27001 certification audits, specifically developing evidence packages for Access Control (Annex A.9) and contributing to audit-readiness activities tied to identity governance.
• Experience with Grip Security or similar SSPM/SaaS discovery platforms.
• Familiarity with Valence Security or equivalent SaaS security posture tooling.
• Familiarity with PAM tools (CyberArk).
• Healthcare or life sciences background with EHR/EMR exposure (Epic, Cerner), or experience in a healthcare (medical or dental), or other large, regulated enterprise environment with complex identity governance requirements.

Responsibilities

• Own and maintain the IGA technical roadmap, governance frameworks, and entitlement catalog, ensuring identity capabilities are consistently implemented and aligned to organizational policy.
• Manage the full identity lifecycle for all human and non-human entities — including automated joiner, mover, and leaver (JML) workflows — ensuring secure and auditable provisioning and deprovisioning across enterprise and clinical systems.
• Design, build, and continuously optimize role-based access control (RBAC) frameworks, including role mining, role design, and access request workflows, to enforce least-privilege principles across all environments.
• Define, implement, and maintain Segregation of Duties (SoD) policies; perform conflict detection and lead remediation workflows in partnership with Compliance and application owners.
• Lead and execute periodic access certification and recertification campaigns, ensuring timely completion, appropriate reviewer engagement, and documented outcomes for audit purposes.
• Manage SaaS application access governance, including shadow IT discovery, OAuth grant reviews, and SaaS-to-SaaS integration risk remediation, using the organization's IGA and SaaS security posture toolset.
• Architect and maintain integrations between IGA platforms and authoritative sources (HR systems, directories) and downstream applications, including EHR/EMR platforms, using SCIM, REST APIs, SAML, and other standards-based protocols.
• Author and maintain comprehensive technical documentation including architectural diagrams, workflow mappings, and SOPs for all IGA systems and processes to ensure operational consistency and audit readiness.
• Proactively identify, measure, and remediate access-related risks; perform compliance reporting and regular access control audits to protect critical assets, including PHI and PII.
• Lead organizational efforts to ensure IGA controls and processes align with HIPAA Security and Privacy Rule, HITRUST, PCI DSS, ISO 27001:2022, and other applicable regulatory frameworks.
• Ensure the confidentiality, integrity, and availability (CIA) of identity services in accordance with defined SLA metrics, maintaining high levels of data security and patient satisfaction.
• Serve as a technical liaison between Information Technology and business units, proactively identifying access governance gaps and architecting solutions that balance security with operational efficiency.
• Collaborate with leaders, architects, and stakeholders to translate business and compliance requirements into IGA controls, building trust-based relationships that position security as an enabler.
• Research emerging IGA technologies and trends, proposing scalable solutions that create business value and support organizational growth.
• Provide subject matter expertise and technical mentorship to junior engineers, driving team proficiency in IGA platforms, access governance practices, and regulatory frameworks.
• Strictly utilize only PDS Health-authorized, secured AI environments for ticket summarization and drafting internal notes to ensure no data leakage of company PII or patient data.
• Ensure all actions and workflows strictly adhere to PDS Health Information Security Policies and all applicable state, federal, and regulatory requirements.
• Ensures compliance with all policies and standards, as well as state, federal and other regulatory bodies.

Benefits

• Medical, dental, and vision insurance
• Paid time off
• Tuition Reimbursement
• 401K
• Paid time to volunteer in your local community