Lead Director, Identity and Access Management

About The Position

Requirements

• 10+ years of IAM experience, including senior leadership ownership of enterprise identity platforms.
• 7+ years of hands on experience in: Active Directory (cloud and on‑prem), including security hardening and forest‑level controls
• Entra ID federation and hybrid identity
• GCP IAM architecture and governance
• Privileged Access Management
• 7+ years of experience in people management including but not limited to hiring, training and mentorship, team building, etc.
• 5+ years of experience in regulated environments, including HIPAA and SOX impact on identity controls.
• Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience).

Nice To Haves

• Demonstrated autonomy, tolerance for ambiguity, and success building identity platforms from zero.
• Demonstrated experience running IAM as a program, with accountability for outcomes.
• Experience with KCC (Config Connector) IAM Policy Member and IAM Service Account resources.
• Familiarity with Wiz IAM analysis and Security Command Center findings.
• Experience with CyberArk, HashiCorp Vault, or similar PAM platforms.
• CISSP, CISM, or GCP Security Engineer certification.
• Healthcare or highly regulated industry experience.

Responsibilities

• Own and execute the enterprise IAM program strategy across the hybrid environment (Active Directory, Entra ID, GCP IAM, PAM).
• Define and enforce identity governance frameworks, including tiering models, access controls, and federation across AD, Entra, and GCP.
• Ensure IAM controls meet HIPAA, SOX, and enterprise security standards, partnering with audit, compliance, and legal teams.
• Serve as the primary IAM authority, guiding cross-functional decisions on identity risk, access governance, and control enforcement.
• Provide leadership oversight of identity platform design and configuration, including AD structure, group policy, and permission models.
• Ensure identity access is structured to prevent privilege creep through effective role design, inheritance control, and policy enforcement.
• Oversee Privileged Access Management (PAM), enforcing least privilege and eliminating persistent administrative access.
• Guide implementation of secure identity patterns (e.g., federation, service accounts, VPC Service Controls, emergency access).
• Own IAM operational performance, including KPIs, reporting, audit readiness, and service reliability.
• Establish and maintain runbooks, SOPs, and access lifecycle processes (joiner/mover/leaver).
• Oversee incident response, access escalations, and high-risk revocations, ensuring timely resolution and SLA adherence.
• Lead access reviews, remediation efforts, and continuous improvement of IAM maturity and control effectiveness.
• Ensure disaster recovery, business continuity, and resilience of identity platforms.
• Build and lead a high-performing IAM organization, including hiring, structure, and capability development across engineering and operations.
• Establish clear operating models, accountability, and governance across first and second lines of defense.
• Provide executive-level reporting and communication on IAM risks, performance, and maturity.
• Drive automation of identity lifecycle management, provisioning, certification, and compliance reporting.
• Own the IAM roadmap, aligning technology investments with business growth and regulatory requirements.
• Evaluate and implement emerging IAM and PAM technologies to enhance scalability, efficiency, and security posture.

Benefits

• medical
• dental
• vision coverage
• paid time off
• retirement savings options
• wellness programs
• CVS Health bonus
• commission
• short-term incentive program
• equity award program