Manager, Identity Access Management

The Manager of Identity and Access Management (IAM) is responsible for assisting in the design, implementation, and support of various IT security technologies and solutions for OU Health, remote clinics, and office buildings. This position will manage data collection, reporting, and trends for critical systems components and services, and will require collaboration with other technical resources in OU Health to assess and take authorized action on anticipated improvements. This position assists in the diagnosis and resolution of platform and identity processes and procedures that requires research and recommendation of process changes to improve security. This position actively participates in strategic planning and 24x7 on-call support with other members of IT staff.

The Manager of IAM is responsible for the planning, building, delivery and support of the IAM program. This role will provide direction and guidance to the development, specifications and communications of the IAM application and architecture, as well as provide in-depth technical consultation to the business units and IT management and assist in developing plans and direction for the integration of information security requirements. They will also act as a liaison to various business units for the advancement of identity lifecycle management and the processes by which identities are created and managed.

This position is responsible for achieving alignment and continuity between enterprise, business and IT strategies, leveraging existing security investments and providing scalable options as business requirements necessitate a need for change, requiring the Manager of IAM to keep abreast of the latest IAM technologies, services, and methodologies, to actively facilitate communication between the business and IT, and to provide coordination to a team of resources assigned to accomplish specific technical tasks.

Essential Responsibilities:

Responsibilities listed in this section are core to the position. Inability to perform these responsibilities with or without an accommodation may result in disqualification from the position.

• Provide local leadership, subject matter knowledge, coordination, and communication for projects involving cyber security and information risk, including defining scope and ensuring deliverables are met.
• Ensure alignment and continuity between enterprise, business and IT strategies.
• Manages team of engineers and analysts for the IAM function
• Facilitates the use of technology-based tools or methodologies to review, design and/or implement products and services to provide a strong IAM program that balances access with compliance and confidentiality
• Identifies and evaluates complex business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement
• Identifies the broader impact of current decisions related to user access, data access and information security
• Envisions business outcomes and facilitates alignment with them
• Aligns IAM processes across the organization, and develops and documents standards for organizational use
• Co-leads an IAM selection process, evaluates existing and emerging technologies and tools in the selection of an IAM service offering for the business units
• Understands business and information technology management processes and demonstrates advanced understanding of business processes, internal control risk management, IT controls and related standards
• Fosters an understanding of the need for and application of the IAM system, and facilitates decision making with the business users
• Builds and nurtures positive working relationships with business units
• Identifies opportunities to improve engagement with the business units
• Provide 24x7 on-call support based on IT staff rotation and carries a phone as warranted, to assist with the most complex troubleshooting, coordination, escalation, and resolution of risk and security-based incidents, equipment failures, etc...
• Assist in strategic contingency planning from a security and risk perspective.
• Provide vendor management, service level definition and service level management for vendors of IAM technologies and/or services.
• Coordinate and participate in regular business meetings and workshops with technical staff to ensure timely transfer of knowledge, which affects security architecture and security policies.
• Participate in meetings, committees and continuing education to improve individual, departmental and organizational performance.
• Aid and train users on proper use of technology.
• Adhere to and support OU Health IT standards, policies and procedures.
• Maintain and protect confidentiality with regard to all aspects of patient care and employee information.
• Adheres to Code of Conduct and Mission & Value Statement.

General Responsibilities:

• Performs other duties as assigned

Minimum Qualifications:

Education

Bachelor's degree in a computer science or information technology related subject required.

Experience

5 years of IT experience, with three years in an information security role and 3 to 5 years of progressive leadership experience required

License(s)/Certification(s)/Registration(s) Required

CISSP, GSEC, CISM, or similar security certification required or ability to obtain within 6 months from hire date.

Knowledge, Skills and Abilities

Strong technical competencies in the following:

• Familiarity with reporting, ticketing, and workflows
• Familiarity with technologies, software, and vendors such as Sailpoint, Imprivata, Thycotic, CyberArk, AAD Connect, Duo, OAuth, Active Directory, LDAP, federated identity management, SAML
• Identity management familiarity in one or more of the following areas: single sign-on (SSO), multifactor authentication, privileged access management, data management, identity federation, enterprise directory architecture and design, including directory schema, directory services, resource provisioning, ITIL, and process integration. Identity and access governance includes role-based access control, access request and certification, user life cycle management processes, and organizational change management.
• Expert understanding of IAM concepts, including federation, authentication, authorization, access controls, access control attacks, identity and access provisioning life cycle, and zero trust principles.
• Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
• Able to work with program management and procurement to ensure financial and delivery commitments are maintained
• Can manage projects and execute on those objectives under tight deadlines
• Must have some experience in deploying technically complex infrastructure computing solutions across platforms and components.
• Ability to communicate highly technical information in a manner that non-technical people can understand
• Must have security regulation and security framework knowledge. Examples include, HIPAA, HITECH, HITRUST, NIST, ISO, and COBIT.
• Must be able to demonstrate knowledge of the following topics: firewall management, content filtering, IDS/IPS management, DLP, Identity management, and cloud security management, vulnerability management
• Ability to work with IT technical resources and understand their requirements
• Leadership skills to establish and maintain business relations with technical resources, customers, business partners, vendors, and other IT personnel
• Change Management - High tolerance for Change
• Political Judgment - Involves all relevant stakeholders in major decisions; Strong facilitation skills; Utilizes approaches that foster ownership and minimize resistance
• Hands-on Approach - Acts as a role model for other technical resources; maintains subject matter depth and breadth; knowledgeable of current issues
• Makes decisions which are in the best interests of the business without succumbing to pressures
• Is available and accessible; Maintains a positive attitude
• Organization - Proactively prioritizes needs; Effectively manages resources
• Communication - Communicates complicated technical scenarios in common terms; Communicates clearly across a wide audience (oral and written communications)
• Customer Orientation - Establishes and maintains long-term customer relationships, builds trusts and is respected by consistently meeting or exceeding expectations
• Motivate and challenge technical resources