Role Description:
The Senior Director – Identity & Access Management will be the senior leader and architect of a unified identity ecosystem for Sentara Health. You will lead a "Total Identity" strategy that bridges clinical, corporate, and consumer realms. Own the "Digital Front Door," ensuring patients have a single secure login that traverses across the Sentara ecosystem.
Unique to this role is the ownership of the Epic Security Team and the governance of Non-Human Identities (NHI). You will optimize a multi-million-dollar identity stack including Entra, Ping, ForgeRock, Saviynt, and CyberArk/Beyond Trust, etc. to deliver secure, frictionless care.
Key Responsibilities:
Strategic Leadership & Vision
· Unified Strategy: Define and execute a multi-year roadmap for “Total Identity” across Enterprise and Consumer identity, aligning with broader cyber security and digital transformation goals.
· Executive Alignment: Serve as the primary advocate for identity at the executive level, managing budgets, vendor relationships, and large-scale change management initiatives.
· Product Ownership: Treat identity as a product, ensuring high availability, scalability, and superior user experience for “Total Identity”.
Enterprise IAM (Workforce & Partners)
· Lead the lifecycle management (Joiner/Mover/Leaver) for employees, vendors, and partners.
· Oversee SSO, MFA, and Privileged Access Management (PAM) to enforce Zero Trust and Least Privilege principles.
· Ensure seamless integration of identity services across the internal application landscape.
Consumer IAM (CIAM)
· Own the customer journey for registration, login, and profile management, prioritizing a low-friction "security-first" user experience.
· Drive the implementation of social logins, self-service recovery, and personalization features.
· Collaborate with Marketing and Product teams to ensure identity data enhances customer insights while maintaining trust.
Identity Platform & Engineering
· Direct the development of the core tech stack, including APIs, microservices, and identity data lakes.
· Ensure the reliability and performance of identity products (e.g., Saviynt, Ping ForgeRock, CyberArk/Beyond Trust, etc.).
· Standardize identity patterns across the organization to enable developer self-service.
Epic Security Development/Administration
· Lead the Epic Security Development/Administration team, overseeing the design of security records (EMP), provider records (SER), and sub-templates.
· Clinical Alignment: Partner with CMIO, Clinical Operations, and IT to ensure Epic security profiles (Hyperdrive/Canto/Haiku) enable "tap-and-go" provider workflows without compromising HIPAA standards.
· Security Matrix Governance: Maintain the enterprise Epic Security Matrix, ensuring clinical role-based access (RBAC) is synchronized with enterprise governance (IGA) systems.
Governance & Compliance
· IGA: Establish robust Identity Governance and Administration (IGA) for automated access reviews and role-based access control (RBAC).
· Privacy: Ensure strict adherence to global regulations, including specifically regarding consent management and data residency.
· SecOps Integration: Partner with the Cyber Threat Operations Center (CTOC) to monitor identity-based threats, credential stuffing, and account takeovers.
Non-Human Identity (NHI) & Machine Governance
· Machine Inventory: Establish a comprehensive inventory and ownership model for all non-human identities, including service accounts, API keys, RPA bots, and secrets.
· Secrets Management: Direct the lifecycle—discovery, vaulting, and automated rotation—of credentials used by applications and automated workflows to prevent static "shadow credentials".
· IoMT Security: Extend IAM principles to the Internet of Medical Things (IoMT). Ensure medical devices (infusion pumps, monitors) are authenticated via unique machine identities before accessing clinical networks.
· Workload Identities: Oversee Entra Workload ID or similar tools to secure machine-to-machine (M2M) communications across cloud-native and legacy hospital systems.
Qualifications:
· Bachelor’s or master’s degree in computer science, Information Security, or a related field.
· Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent certifications preferred.
· Extensive experience (15+ years) in technology and cyber security, with 5+ years in a senior leadership role at a Healthcare IDN or Health Plan preferred.
· Proven leadership experience managing teams and driving cross-functional collaboration.
· Strong understanding of regulatory requirements, industry standards, and best practices related to cyber security.
· Deep understanding of identity protocols (SAML, OIDC, OAuth 2.0, FIDO2) and experience managing both cloud-native and hybrid identity environments.
· Excellent communication skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
· Strategic thinker with the ability to translate business needs into effective security solutions.
· Demonstrated ability to thrive in a fast-paced, dynamic environment and adapt to evolving threats and challenges.
· Strong leadership and management skills, with the ability to build and lead high-performing security teams.
· Excellent communication and interpersonal skills, with the ability to effectively interact with stakeholders at all levels of the organization.
· Proven track record of driving security initiatives and achieving measurable results.
· Ability to work effectively in a fast-paced and dynamic environment, with a strong sense of urgency and attention to detail.
· Agile, LEAN or Six Sigma experience.