Senior Director IT- IAM & Provisioning Operations

City/State:
Yonkers, New York
Grant Funded:
No
Department:
IT - Technology & Cloud Services
Work Shift:
Day
Work Days:
MON-FRI
Scheduled Hours:
8:30 PM-5 AM
Scheduled Daily Hours:
8.5 HOURS
Pay Range:
$160,000.00-$200,000.00

Montefiore is ranked among the top hospitals nationally and regionally by U.S. News & World Report. For more than 100 years we have been innovating new treatments, procedures, and approaches to patient care, producing stellar outcomes and raising the bar for academic medical centers in the region and around the world. Our work to improve health outcomes in underserved communities is unparalleled in the United States. Our workforce is among the most diverse in the US: Montefiore associates speak 60+ languages.

As Montefiore has built paths to deliver lifesaving health outcomes to underserved communities, we are looking to the future of being a data driven organization and tech-enabled care delivery to create better experiences for patients, providers, and operations teams.

The Senior Director of IAM & Provisioning Operations is responsible for leading and evolving the enterprise identity, access management, and provisioning strategy across a large and complex IT organization. This role oversees the teams, platforms, processes, and controls that govern workforce identity, application access, privileged access, certificate lifecycle management, access reviews, and automated user lifecycle operations. The position ensures that employees, contractors, partners, service accounts, and non-human identities receive the right access at the right time, with strong security, auditability, and operational discipline across the enterprise.

Education

A combination of education, experience, and training should qualify the candidate. A bachelor's degree in Information Technology, Cybersecurity, Computer Science, Business Administration, or a related discipline is preferred; equivalent enterprise leadership experience may be considered in lieu of formal education.

Certification(s)

Preferred certifications include but are not limited to:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Identity and Access Manager (CIAM) or equivalent IAM certification
• SailPoint IdentityIQ / IdentityNow certification or equivalent experience
• CyberArk, BeyondTrust, Delinea, or equivalent Privileged Access Management certification
• Microsoft Certified: Identity and Access Administrator Associate
• Certified Cloud Security Professional (CCSP)
• ITIL Foundation Certification
• Equivalent Experience.

Role and Responsibilities

The Senior Director of IAM & Provisioning Operations provides strategic and operational leadership across all aspects of enterprise identity governance, provisioning, privileged access, and certificate management. The role ensures secure, compliant, reliable, and scalable access operations while enabling the business to move efficiently and reducing access-related risk across the organization.

Key responsibilities

• Lead the IAM & Provisioning Operations organization, overseeing teams responsible for identity governance, access provisioning, privileged access management, certificate lifecycle management, and access operations.
• Own and evolve the enterprise IAM strategy, roadmap, operating model, and governance framework in partnership with Cybersecurity, Enterprise Architecture, Infrastructure, Applications, HR, Cloud teams, Compliance, Internal Audit, and business leadership.
• Oversee SailPoint or equivalent Identity Governance and Administration platforms, including identity aggregation, access request workflows, Automations, code changes, role management, access certifications, policy enforcement, segregation of duties, and lifecycle event processing.
• Direct enterprise provisioning and deprovisioning operations for employees, contractors, vendors, partners, and other workforce populations across on-premises, cloud, SaaS, and legacy application environments.
• Govern joiner, mover, leaver, transfer, rehire, and termination processes to ensure timely, accurate, auditable, and automated access changes aligned to HR source-of-truth data.
• Own the enterprise Multi-Factor Authentication program, including platform governance, registration and adoption monitoring, end-user experience, exception and exclusion management, and phishing-resistant authentication initiatives such as FIDO2 and certificate-based authentication. Lead MFA migration and modernization programs across workforce populations, and ensure MFA controls are aligned with conditional access policy, regulatory requirements, and risk-based authentication standards.
• Lead the Privileged Access Management (PAM) program, including vaulting, credential rotation, privileged session management, just-in-time access, break-glass procedures, service account governance, and privileged access reviews.
• Oversee certificate management and PKI-related operations, including certificate inventory, discovery, issuance, renewal, expiration monitoring, key management, automation, standards, and operational controls to prevent outages.
• Establish standards for role-based access control, attribute-based access control, least privilege, access recertification, privileged access, service accounts, shared accounts, application onboarding, and access exception handling.
• Partner with application, infrastructure, cloud, and security teams to onboard critical applications and platforms into IAM, SailPoint, PAM, SSO, MFA, and access review processes.
• Manage identity integrations with directories and authentication services such as Active Directory, Microsoft Entra ID, LDAP, SSO, MFA, federation, and cloud identity platforms as applicable.
• Ensure IAM operations support regulatory, audit, and compliance requirements, including evidence production, control testing, remediation tracking, policy alignment, and risk reporting.
• Develop and monitor service levels, key risk indicators, key performance indicators, operational dashboards, queue health, provisioning timeliness, access removal timeliness, certification completion, and incident trends.
• Lead major incident response, root cause analysis, problem management, and continuous improvement for IAM, PAM, provisioning, certificate, and access-related service disruptions.
• Drive automation and process improvement to reduce manual provisioning, improve fulfillment accuracy, accelerate onboarding, reduce orphaned access, and improve the overall user experience.
• Own vendor relationships, platform support models, contract input, licensing optimization, and roadmap alignment for IAM, IGA, PAM, certificate management, and related identity technologies.

Candidate Qualifications

• A minimum of 10 years of experience in Identity and Access Management, cybersecurity, infrastructure, application access operations, or IT operations, with at least 5 years in a senior leadership or director-level role.
• Deep experience leading IAM operations in a large, complex, highly regulated, or distributed enterprise environment.
• Proven experience with SailPoint IdentityIQ, SailPoint IdentityNow, or equivalent Identity Governance and Administration platforms.
• Strong experience with Privileged Access Management platforms and operating models, including CyberArk, BeyondTrust, Delinea, or equivalent technologies.
• Experience managing certificate lifecycle operations, PKI processes, certificate discovery, renewal automation, expiration prevention, and operational controls.
• Demonstrated success improving provisioning, deprovisioning, access request, access review, and lifecycle management processes at enterprise scale.
• Strong understanding of directory services, identity sources, HR-driven identity lifecycle, SSO, MFA, federation, conditional access, service accounts, non-human identities, and cloud identity patterns.
• Experience supporting audit, risk, compliance, regulatory reviews, and control remediation activities related to access management and privileged access.
• Ability to lead large, cross-functional teams and influence application owners, infrastructure teams, security teams, business leaders, and executive stakeholders.
• Experience managing vendors, budgets, staffing models, managed service partners, roadmaps, and enterprise technology lifecycle decisions.

Required Skills

• Expertise in enterprise Identity and Access Management, Identity Governance and Administration, access provisioning, Privileged Access Management, and certificate lifecycle operations.
• Strong leadership and people management skills, including team development, mentorship, succession planning, workload management, and strategic planning.
• Deep understanding of security principles including least privilege, zero trust, separation of duties, privileged access controls, access certification, and risk-based access governance.
• Strong operational discipline with experience managing service levels, incident management, problem management, change management, audit findings, control gaps, and continuous improvement initiatives.
• Ability to translate technical IAM risks, operational metrics, and control issues into clear executive-level communications and business decisions.
• Excellent communication, collaboration, negotiation, and stakeholder management skills across technical, security, compliance, HR, legal, finance, and business functions.
• Ability to manage multiple priorities, large programs, complex escalations, and enterprise-wide transformation efforts with urgency and attention to detail.
• Strong analytical skills with the ability to use metrics, dashboards, and data-driven insights to improve IAM performance, reduce risk, and drive accountability.

Additional Responsibilities

• Champion identity modernization, automation, and Zero Trust-aligned access management practices across the enterprise.
• Partner with cybersecurity leadership to align IAM operations with enterprise security architecture, risk tolerance, threat management, and regulatory obligations.
• Develop and maintain IAM documentation, operational runbooks, engineering standards, access models, governance models, procedures, and executive reporting materials.
• Provide regular leadership reporting on outages, access risks, audit issues, certification status, provisioning performance, certificate expiration risk, PAM adoption, and project status.
• Drive improvements in employee onboarding, contractor onboarding, transfers, terminations, emergency access, and access request user experience.
• Partner with HR and business operations to improve identity source data quality, identity lifecycle triggers, organizational hierarchy alignment, and access assignment accuracy.
• Support merger, acquisition, divestiture, application migration, cloud adoption, and major transformation efforts from an identity and access operations perspective.
• Drive cost efficiency, platform rationalization, licensing optimization, operational automation, and managed service effectiveness across IAM and access operations.
• Ensure the IAM organization is prepared for audits, security assessments, disaster recovery events, regulatory reviews, and enterprise resilience exercises.

The Senior Director of IAM & Provisioning Operations plays a critical leadership role in protecting the enterprise, enabling secure access, reducing operational risk, and ensuring identity and access processes are reliable, auditable, scalable, and aligned with business needs across the organization.

#LI-SC1

#SF-DICE-MIT

Montefiore Health System, Inc. is an equal employment opportunity employer. Montefiore Health System, Inc. will recruit, hire, train, transfer, promote, layoff and discharge associates in all job classifications without regard to their race, color, religion, creed, national origin, alienage or citizenship status, age, gender, actual or presumed disability, history of disability, sexual orientation, gender identity, gender expression, genetic predisposition or carrier status, pregnancy, military status, marital status, or partnership status, or any other characteristic protected by law.