IAM Engineer

Title - IAM Engineer

REMOTE (EST AND CST only)

EAD

Healthcare or highly regulated industry experience

Strong background in regulated environments including HIPAA and SOX

PLEASE SHARE YOUR TOP CANDIATE ONLY - I CAN ONLY SEND VERY LIMITED PROFILES**

QualificationsBasic Qualifications

• 10+ years of IAM experience with principal or executive-level ownership
• Deep hands-on expertise in Active Directory, Entra ID, and Google Cloud Platform IAM
• Experience running IAM as a program with accountability for outcomes
• Experience managing Privileged Access Management at scale
• Strong background in regulated environments including HIPAA and SOX

• Proven autonomy and success building identity platforms from zero
• Experience with Google Cloud Platform Config Connector (KCC) IAM resources
• Familiarity with Wiz IAM and Security Command Center findings
• Experience with CyberArk, HashiCorp Vault, or similar PAM platforms
• CISSP, CISM, or Google Cloud Platform Security Engineer certification
• Healthcare or highly regulated industry experience

Education
Bachelor’s degree in Computer Science, Information Security, Engineering, or equivalent experience. Advanced security or cloud certifications are strongly preferred.

Principal Identity & Access Management (IAM)Who Are You
You are a principal-level identity and security authority with deep technical credibility and executive-level ownership of enterprise IAM programs. You operate at the intersection of strategy, architecture, governance, and operations, and you are accountable for organizational outcomes, not just system design.

You excel in greenfield and ambiguous environments, where you are expected to build IAM capabilities from zero, serve as the initial subject matter expert, and mature identity services into a scalable, audited, and reliable enterprise program. You are flexible in managing changing requirements. You bring authoritative experience across Active Directory (cloud and on-prem), Entra ID, Google Cloud Platform IAM, and Privileged Access, and you lead through technical influence, clarity, and uncompromising standards rather than people management.

You are a leader in IAM as a business-critical platform, not a support function. 
Role Responsibilities

Development & Enforcement

• Own and execute the enterprise IAM strategy across the PCW & H100 Google Cloud Platform landing zone and hybrid identity environment
• Lead the design and enforcement of cloud-first Entra ID, with stewardship of on-prem Active Directory, including AD ↔ Entra ↔ Google Cloud Platform federation
• Own and enforce the IAM tiering model (ADR-016), including group-based access, time-bound PAM entitlements, and elimination of persistent admin bindings
• Provide principal-level ownership of Active Directory security hardening, compliance controls, and forest-level governance
• Own Privileged Access Management (PAM) strategy for all elevated human and service identities

Collaboration & Expertise

• Serve as the enterprise IAM authority and escalation point across Security, Infrastructure, GRC, and Application teams
• Lead cross-organizational governance for identity controls, access approvals, and risk decisions
• Partner with audit, compliance, and legal teams to meet HIPAA and SOX obligations
• Act as a trusted advisor to senior leadership on identity-related risk, architecture, and operational readiness

Analysis & Configuration

• Provide architectural oversight of Active Directory OU design, Group Policy strategy, and permission hierarchies
• Ensure permissions prevent privilege creep and unintended inheritance
• Direct analysis of identity logs for incidents, audits, and compliance reporting
• Own IAM access reviews and remediation of over-privileged and unused identities
• Govern IAM design for VPC Service Controls and emergency access patterns with dual control approval

Operational Support

• Own IAM KPIs, reporting, SOPs, runbooks, training materials, executive dashboards, and audit responses
• Be accountable for IAM service reliability, including on-call availability
• Own Active Directory disaster recovery, forest recovery, and business continuity planning
• Ensure execution of emergency terminations and high-risk access revocations
• Provide principal-level oversight of IAM incident management and SLA performance

Mentorship & Training

• Provide technical mentorship to senior engineers and architects
• Establish IAM standards, reference architectures, and best practices
• Drive adoption of IAM knowledge through documentation and training
• Team Lead of other contingent workers across multiple agencies

Innovation and Research

• Own the identity provisioning service model and lifecycle workflows
• Sponsor IAM automation for provisioning, certification, and compliance reporting
• Evaluate and integrate new IAM, PAM, and access governance technologies

Strategic Planning

• Run IAM as a formal enterprise program with roadmap and maturity targets
• Demonstrate multi-year strategic planning balancing security, usability, and compliance
• Operate autonomously in ambiguous environments, transitioning capabilities to steady-state teams