Cybersecurity IAM Architect

Cybersecurity IAM Architect at Banner Health

Health care is constantly changing, and at Banner Health, we are at the front of that change. We are leading health care to make the experience the best it can be. We want to change the lives of those in our care – and the people who choose to take on this challenge. If changing health care for the better sounds like something you want to be part of, we want to hear from you.

About the IAM Team

The Identity and Access Management (IAM) team is responsible for Identity Management for the enterprise, to include day to day IAM operations to manage and action user access provisioning requests, privileged access management, single sign-on, vendor remote access, Entra ID and AWS identify security governance, conditional access policies, identity governance, user access reviews, role based access controls, multi-factor authentication, IAM architecture design and implementation, customer satisfaction over the user access experience, collaborating with clinical and business teams and leadership, and making sure all identities are secured and limited to only the access necessary to perform required job functions. The team is critical to reduce excessive access, unauthorized access, and insider threat risk to Banner.

Role Overview

Banner Health is looking for a Cybersecurity IAM Architect to lead the enterprise Cybersecurity IAM strategy, ecosystem, and architecture for Banner Health day to day. The incumbent develops architectural artifacts, models, patterns, in accordance with industry standard architecture frameworks such as SABSA, TOGAF, etc., and leads the standards for identities and access, in compliance with legal, regulatory, and Banner Health requirements. This includes the definition of processes to manage the lifecycle of user’s accounts and identity in the IT landscape. This position has responsibility for IAM product rationalization and design, including cloud identity, non-employee identity, consumer identity, non-human identity, Azure Active Directory, AWS Identity & Access Management, Privileged Access Management, Multi-Factor Authentication, Single Sign-On, Zero Trust, among other Banner IAM capabilities, initiatives, and strategies. Acting as a contributing member of the IAM team and center of excellence in architecture, this role will develop identity focused roadmaps and strategy documentation, coordinate and work with other teams to support the IAM program and strategic vision, coordinate with stakeholders including but not limited to Enterprise Architecture, Solutions Architecture, Cybersecurity Architecture, Infrastructure, Applications, and Business teams. This position designs solutions to resolve complex and highly complex technical and business issues related to Identity Governance and Administration (IGA). This role helps to develop and drive IAM projects, strategic initiatives, budget, and goals; as well as establishing strong cross-functional relationships and partnerships with groups mentioned above. This position is instrumental in leading Banner IAM strategy into the future to stay aligned with emerging trends while effectively serving our user-base and supporting our mission of patient care. This is a remote position on a remote team. In this role you would work Monday through Friday normal business hours 8am - 5pm AZ time zone and can be a remote position if you live in the following states only: AL, AK, AR, AZ, CA, CO, FL, GA, IA, ID, IN, KS, KY, LA, MD, MI, MN, MO, MS, NC, ND, NE, NH, NM, NV, NY, OH, OK, OR, PA, SC, TN, TX, UT, VA, WA, WI, WV & WY.

Core Functions

• Analyzes the business and IT environment, including Azure, Google Cloud platforms and on-premises, to detect critical deficiencies from a IAM risk perspective, recommend solutions for improvement, and implement solutions accordingly.
• Perform IAM architecture validation against IT and Cybersecurity Policies and Standards, applicable regulations (HIPAA, PCI, GDPR, etc.).
• Participates in threat modelling exercises and architecture design assessments for identity-related systems.
• Creates and enforce IT Technical standards, and IAM policies, standards, guidelines, best practices, and requirements.
• Develop, maintain, improve, and enforce architectural templates, processes, and documentation.
• In collaboration with stakeholders, develops and maintains IGA current and future states, technical requirements, aligning them with business objectives.
• Design IAM solutions implementations in a rationalized, requirements aligned and systematic manner. Solution designs support Banner’s Zero Trust strategy and architecture.
• Incorporates IAM governance concepts in all architectural designs to include consideration of segregation of duties, provisioning and de-provisioning consistency and governance, user lifecycle workflows, authentication and authorization, master data authorities, federation, security controls, logging and monitoring, privileged access management, automation for better consistency and security governance, zero-trust concepts, and other considerations to keep IAM functions and solutions accounted for and secured.
• Be trusted advisor by creating solution building blocks and reference architectures and providing guidance and useful designs to cybersecurity engineers.
• Acts as advisor and mentor to others and maintains in-depth knowledge of business strategies, initiatives, and goals as well as industry trends, regulatory requirements, and cybersecurity threats.
• Advises managers and engineering teams making investments in technologies, or processes as a result of solution design, architecture development cybersecurity risk assessments, identity architectural designs, and IGA risks.
• Be a thought leader and evaluate emerging/innovative IAM technologies for potential risks and opportunity for Banner and validate architectures for technical soundness in lab environment.
• Develops and fosters relationships with business stakeholders and information technology management. Excellent communicator.

Minimum Qualifications

• Bachelor's degree in business, information security and/or computer science.
• Ten plus years’ experience in a healthcare environment or equivalent combination of relevant education, technical, business and healthcare experience.
• At least one year experience in cybersecurity architecture at the enterprise-scale, preferably in healthcare.
• Expertise in IAM concepts including identification, authentication, authorization, access control, identity federation, and digital identity lifecycle management.
• Deep knowledge of information technology and Cybersecurity principles and practices.
• Experience with the acquisition process, including vendor selection, defining requirements, and contractual documentation development.
• Requires independent judgment, critical decision making, excellent analytical, verbal, and written communication skills.
• Ability to think quickly under difficult or complex conditions and clearly communicate to appropriate staff.
• Ability to balance project workloads with customer support.
• Exceptional communication and presentation skills, with ability to build relationships and influence others.
• Ability to communicate and interact across facilities and at various levels.
• Skills to mentor less experienced team members.
• Availability for variable shifts and hours, and responding to after-hours notifications as required.

Preferred Qualifications

• Bachelor’s Degree in Computer Science, Information Security, Information Systems, Engineering, or a related field; or commensurate, proven experience.
• Ten (10) or more years of experience in IT and Cybersecurity focused on IAM architecture.
• Experience in architecture principles and design, systems thinking, business requirements engineering, enterprise architecture, solutions architecture, cybersecurity architecture, IT operations, automation of security processes, coding and scripting languages.
• Ability to document security processes as well as use case development.
• Experience with assessing IAM products, defining requirements, designing, mapping architecture diagrams, and setting the roadmap for IAM solutions.
• Experienced in planning, designing, and implementing cybersecurity solutions, operating, maintaining, and managing the lifecycle of consumer identity solutions in a regulated environment (e.g., HIPAA).
• Experience with Azure Active Directory, Azure AD B2C, Okta, SailPoint, CyberArk, and/or other similar significant IAM tool experience required.
• Experience with IAM related protocols such as SAML, SCIM, SPML, XACML, Blockchain, TACACS, OpenID, OAuth, LDAP, etc.

Preferred Certifications

• Certified Identity and Access Manager (CIAM)
• Microsoft Certified Azure Security Engineer Associate
• Certified Cloud Security Professional (CCSP)
• Google - Professional Cloud Architect (GPCA)
• SABSA Chartered Security Architect – Foundation (SCF), Professional or Master
• Certified Information Systems Security Professional (CISSP)
• Information Systems Security Architecture Professional (ISSAP)
• HealthCare Information Security & Privacy Practitioner (HCISPP)

Key skills/competency

• IAM Architecture
• Cybersecurity Strategy
• Identity Governance
• Azure Active Directory
• AWS IAM
• Privileged Access Management (PAM)
• Multi-Factor Authentication (MFA)
• Single Sign-On (SSO)
• Zero Trust Principles
• SABSA/TOGAF Frameworks