Director Information Security Identity Access Management and Engineering

The Director, Identity Access Management and Engineering provides strategic and operational leadership for enterprise-wide Identity and Access Management (IAM), with a strong focus on Identity Access, Engineering, Administration and Privileged Access Management. This role leads the IAM function to protect Ardent Health Services by mitigating identity-related risks, ensuring regulatory and contractual compliance, and aligning identity strategies with current and future business objectives, including acquisitions. Through collaboration with IT and business stakeholders, the Director oversees the design, implementation, governance, and reporting of identity and access controls, ensuring a proactive, risk-based posture across the organization.

• →Provide strategic IAM leadership, presenting architecture, plans, and designs to IT and business leaders
• →Drive continuous improvement of IAM, Engineering, and PAM capabilities aligned to business growth and evolving threats
• →Lead integration of IAM solutions into enterprise directory services and multi‑platform environments
• →Serve as an internal information security leader, balancing risk management with operational needs
• →Ensure identity data integrity, authoritative source alignment, and automated Joiner/Mover/Leaver lifecycle management
• →Contribute to strengthening identity Access and Engineering through access reviews, certifications, policy enforcement, and minimum access standards
• →Expand and oversee Privileged Access Management capabilities, including vaulting, session monitoring, and just‑in‑time access
• →Define, measure, and report IAM KPIs, risk metrics, and operational effectiveness
• →Evaluate, select, and implement security technologies and controls that meet standards without hindering business continuity
• →Develop and maintain IAM security architecture, integration schemas, testing scenarios, policies, procedures, and auditability standards
• →Manage IAM budgets, vendors, resources, disaster recovery planning, and build, mentor, and scale IAM teams across engineering, operations, and governance

Job Requirements:

• Bachelor’s degree
• 6+ years of progressive Information Security experience.
• 3+ years of management experience leading information security.
• Identity Access Management and Governance experience
• Security certification (CISSP, CISSP w/specialization HCISPP, GIAC, CISA, etc.)
• Working knowledge of Industry security standards (e.g., NIST), with healthcare industry standards such as CMS, JCAHO, etc.
• Ability and willingness to travel on an as‑needed basis
• Availability to participate in a 24x7 on‑call or escalation rotation to address identity, access, and governance‑related security incidents

Preferred Job Requirements:

• Experience designing and implementing security and IAM architectures in complex enterprise environments
• Working knowledge of healthcare and enterprise platforms such as Epic EHR, Workday ERP, Lawson ERP, and Microsoft Active Directory
• Hands‑on experience with IAM technologies and tools (e.g., Imprivata, SailPoint, Microsoft Identity Manager or similar)
• Strong understanding of information security regulations, frameworks, and assurance programs (e.g., HIPAA, SOX, PCI DSS, GLBA, HITRUST, NIST)
• Familiarity with federal and state security and privacy laws, particularly within the healthcare industry
• Knowledge of IT service management practices (ITIL), including incident, request, and change management
• Experience with risk assessment, compliance programs, and enterprise security policies, standards, and awareness initiatives
• Exposure to securing large, multi‑platform, distributed environments, including WAN and e‑business/e‑commerce system

#LI-BB1