Evaluates, implements, deploys, maintains, reviews, and administers the Identity and Access Management (IAM) infrastructure hardware and software that are required to effectively manage user identities and access control; performs related work.

FLSA:

EXEMPT

DUTIES AND RESPONSIBILITIES:

The Senior Identity and Access Management (IAM) Engineer contributes to the information security plan for the enterprise and implements it using a risk management framework.

Interfaces with management, customers, system administrators, and network engineers to establish, administer, and secure enterprise data, servers, and the network.

Utilizes a variety of tools to ensure confidentiality, integrity, and availability of data.

Lead the implementation and development process for the IAM program with a security focus.

Work with vendors and business partners to develop and manage the IAM Program.

Lead program design and review working directly with businesses on the integration requirements including provisioning, de-provision, and identity lifecycle into the IAM platform.

Develop strategy roadmaps for the IAM systems and program.

Develops enterprise-wide standards for IAM.

Monitor system logs, SIEM tools, and other security tools for unusual or suspicious user activity.

Monitor internal control systems to ensure appropriate information access levels and security is maintained.

Implement or coordinate remediation required by policies, standards, reviews, and audits, documenting exceptions as necessary.

Define the user access security model for all systems.

Conduct risk analysis, threat, and vulnerability assessments.

Advanced expertise in Information Security and/or IAM.

Lead projects and oversee daily operations.

Technical expert in IAM software and systems, and information security principles.

Fully competent to provide leadership and direction to other staff members and possess in-depth knowledge of legislation and regulation and to ensure compliance.

Demonstrates the ability to deal with pressure to meet deadlines, to be accurate, and to handle constantly changing situations.

Demonstrates the ability to deal with a variety of people, deal with stressful situations, and handle conflict.

Professional Requirements:

Adheres to dress code.

Completes annual educational requirements.

Maintains regulatory requirements.

Wears identification while on duty.

Maintains confidentiality at all times.

Attends department staff meetings as required within the department.

Reports to work on time and as scheduled; completes work in designated time.

Represents the organization in a positive and professional manner.

Actively participates in performance improvement and continuous quality improvement (CQI) activities.

Coordinates efforts in meeting regulatory compliance, federal, state and local regulations and standards

Communicates and complies with the Benefis Health System Mission, Vision and Values as well as the focus statement of the department.

Complies with Benefis Health System Organization Policies and Procedures.

Complies with Health and Safety Standards and Guidelines.

Education/Experience Requirements:

BA/BS degree in a technology field or suitable work experience in a security/IAM role.

At least five years of enterprise information technology experience.

At least three years of information security or IAM experience.

Relevant certification (such as the International Information Systems Security Certification Consortium, which offers the Certified Information Systems Security Professional (CISSP/HCISPP) qualification) preferred or willing to achieve certification within the first year.

Considerable knowledge of computer networking concepts and protocols, and network security methodologies; internal tactics to anticipate and mitigate cyber security threat capabilities and actions; risk management processes (e.g., methods for assessing, documenting, and mitigating risk).

Good knowledge of cyber intelligence/information collection capabilities and conducting cyber incident investigations; assessing cyber security regulatory compliance and policy & procedure writing.