Director of Identity & Access Management (IAM)-11071

NOR Healthcare Systems

Culver City, CA

JOB DETAILS
JOB TYPE
Full-time
SKILLS
Access Control, Alliance/Partner Marketing, Automation, Business Solutions, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cerner, Clinical Information Systems, Computer Science, Computer Security, Cross-Functional, Detail Oriented, Electronic Medical Records, HIPAA (Health Insurance Portability and Accountability Act), Health Informatics, Health Information Technology, Healthcare, Hospital, IAM - Information Assurance Management, Identity Data Management, Information Technology & Information Systems, Internal Audit, Internet Security, Leadership, Legal, MEDITECH, Maintain Compliance, Medical Record System, Mentoring, Microsoft Active Directory, Microsoft Windows Azure, Organizational Skills, Performance Analysis, Performance Metrics, Regulatory Compliance, Regulatory Requirements, Risk, Risk Analysis, Risk Management, Root Cause Analysis, Sarbanes-Oxley Act (SOX), Service Level Agreement (SLA), Single Sign-On (SSO), Standard Operating Procedures (SOP), Time Management, Vendor/Supplier Management
LOCATION
Culver City, CA
POSTED
26 days ago

Position Summary

The Director of Identity & Access Management (IAM) is responsible for the strategic leadership, governance, and operational oversight of identity and access services across NOR and its supported entities, including hospitals, business units, and affiliated organizations.

This role ensures appropriate, secure, and timely access to systems and data for workforce members, clinicians, contractors, vendors, and partners while maintaining compliance with healthcare regulations, internal policies, and audit requirements. The Director serves as the primary authority for identity lifecycle management, access governance, and privileged access controls across the enterprise.

Key Responsibilities

Strategy & Leadership

  • Define and maintain NOR's enterprise IAM strategy, roadmap, and long-term vision aligned with business and security objectives
  • Lead and mentor IAM managers, engineers, analysts, and offshore/onshore support teams
  • Serve as the escalation point for identity-related risks, incidents, and access failures
  • Partner closely with IT Security, Compliance, HR, Clinical Informatics, and Legal teams

Governance & Compliance

  • Establish and enforce IAM governance frameworks, policies, and standard operating procedures (SOPs)
  • Create, maintain, and regularly review IAM SOPs to ensure consistent, compliant access management practices
  • Ensure compliance with HIPAA, HITECH, SOX, and other regulatory requirements
  • Lead access reviews, user attestations, and audit responses
  • Maintain segregation of duties (SoD) and privileged access governance controls

Identity Lifecycle Management

  • Oversee end-to-end identity lifecycle processes:
    • Joiner / Mover / Leaver (JML)
    • Employee, contractor, vendor, and third-party access
  • Ensure timely provisioning and deprovisioning across clinical and business systems
  • Reduce access risk through automation and standardized workflows

Access & Privileged Identity Management

  • Lead implementation and optimization of:
    • Role-based access control (RBAC)
    • Attribute-based access control (ABAC) where applicable
    • Privileged Access Management (PAM)
  • Ensure secure access to high-risk systems such as EHR/EMR, financial, and infrastructure platforms

Technology & Architecture

  • Own IAM platforms and integrations (examples):
    • Active Directory / Azure AD / Entra ID
    • SSO, MFA, Federation (SAML, OAuth, OpenID)
    • IGA tools (e.g., SailPoint, Saviynt, etc.)
  • Monitor service performance, SLAs, and key risk indicators
  • Evaluate and implement IAM solutions aligned with NOR standards
  • Ensure IAM processes and workflows are documented through clear, audit-ready SOPs

Incident & Risk Management

  • Participate in identity-related incident root cause analysis
  • Remediate identified access risks per Security team's direction
  • Monitor IAM KPIs and risk indicators

Vendor & Stakeholder Management

  • Manage IAM vendors, contracts, and SLAs
  • Coordinate with third-party partners and affiliates on secure access
  • Communicate IAM initiatives and risks clearly to executive leadership

Required Qualifications

Education

  • Bachelor's degree in information technology, Computer Science, Cybersecurity, or related field
  • Master's degree preferred but not required

Experience

  • 8–12+ years of progressive IT experience
  • 5+ years in IAM leadership or senior IAM architecture roles
  • Strong experience in healthcare, regulated industries, or large enterprises
  • Proven experience supporting audits and regulatory compliance

Technical Skills

  • Deep knowledge of IAM concepts and frameworks
  • Hands-on understanding of:
    • Active Directory / Azure AD
    • SSO, MFA, Federation
    • Role and entitlement management
    • Privileged access controls
  • Familiarity with EHR/EMR access models (Allscripts, Cerner, Meditech, etc. a plus)

Preferred Qualifications

  • Healthcare IT experience in hospital or multi-entity environments
  • Familiarity with EHR/EMR access models
  • Security or IAM certifications (CISSP, CISM, IAM-related)

Soft Skills & Competencies

  • Strong leadership and cross-functional collaboration
  • Ability to translate access risk into operational and compliance impact
  • Process-driven, detail-oriented, and highly organized
  • Calm, decisive decision-making during audits and incidents

 

About the Company

N

NOR Healthcare Systems