Security Engineer III - Identity and Access Management

Title: IAM Security Engineer
Location: Skokie, IL
Salary Range: 115000 to 135000
Work Schedule: Remote 90% with some light travel on-site for meetings and go-live, and 1 week rotations of 24/7 support every 8 weeks or so.

Notes from Hiring manager:

- They are looking for somewhat of a technical lead to take charge on their IAM/IGA implementation that is upcoming.
- 3 mergers and they don't have one localized IAM/IGA Solution, so that's what they are looking to do.
- They have been shopping around different tools (SailPoint, Savient, Ping, etc.) but are heavily leaning towards SailPoint.
- If they have experience implementing and configuring one or more of these tools, they could be a great fit.
- Not looking for just a "do-er " or a user, but someone who can lead the implementation and configuration of this tool, then run with it.
- Same remote schedule as the other roles... Remote, with some light travel on-site for meetings and go-live, and 1 week rotations of 24/7 support every 8 weeks or so.

Job Summary:

The IAM Security Engineer III serves as a senior technical resource responsible for designing, implementing, and supporting Identity and Access Management solutions that ensure secure and compliant access to Health systems and data. This role requires deep understanding and expertise in IGA platforms, automation, governance, as well as experience with healthcare-specific applications and compliance frameworks such as HIPAA, HITRUST, and NIST. The IAM Security Engineer will partner with security, compliance, HR, and clinical teams to deliver robust identity lifecycle management, privileges access controls, and authentication/authorization solutions for the Healthcare organization. The IAM Security Engineer III will also design and implement security IAM policies for various devices and systems, oversee security for internal and external systems, and mentor junior staff. Candidates should be proficient in using source code editor tools and programming/scripting languages. Responsibilities extend to participating in compliance audits, managing IAM projects, and ensuring alignment with HIPAA, other applicable laws and regulations and/or standards. This mostly remote role includes a 24/7 on-call rotation and requires strong leadership, project management, and communication skills.

To be successful in this role, you will be expected to stay up to date on the latest IAM solutions and technologies and advocate for the adoption of industry best practices.

What you will do:

• Lead the configuration, integration, and management of IAM solutions across the organization.
• Design and configure role-based access and attribute-based access controls for automation and birthright access.
• Configure and manage access certification campaigns for entitlements, roles, and elevated access for regulatory compliance needs.
• Implement and support privileged access controls using solutions like Delinea or MS Entra PIM for admin accounts, break-glass access, and clinical application elevated privileges.
• Enforce multi-factor authentication (MFA) and just-in-time access for privileged accounts.
• Develop and maintain integrations between IAM platforms and EHR systems, cloud services, and on-prem applications.
• Create scripts, APIs, and workflows to streamline access user lifecycle management.
• Ensure IAM systems meet HIPAA, HITRUST, PCI, DSS, NIST CSF, and other healthcare regulatory requirements.
• Configure and support Single Sign-on (SSO) integrations using SAML, OAuth, or OpenID Connect for internal and third-party applications.
• Participate in security incident response, including rapid access revocation and forensic investigations.
• Serve as a technical mentor for junior IAM engineers and analysts.
• Lead complex IAM projects and act as a subject matter expert for cross-functional initiatives.
• Socializes strategies, standards, policies, procedures, communications, and awareness efforts with business partners.
• Participates in reviews of new or existing systems to ensure IAM requirements are satisfied, prior to implementation, including performing pre-deployment and as-built risk assessments.
• Design policies and standard operational procedures (SOP) as required for IAM, PAM, and access management solutions.

What you will need:

• Education : Bachelor's Degree in Information Security, Computer Science, or other related fields, or equivalent experience.
• Certifications : at least one industry preferred related certification such as CISA, CISM, CISSP, CRISC, CIAM, or IAM platform specific.
• Experience :
• Minimum eight (8) years combined IT/ Cybersecurity experience.
• Minimum five (5) years IAM experience.
• Hand-on experience with IAM tools such as SailPoint, Saviynt, Ping, MS Entra, Duo, Dilenea, or similar.
• Strong scripting skills (e.g., Powershell, Python, Java, JavaScript) and experience with APIs and system integrations.
• Proven experience in healthcare IT environments, with knowledge of clinical workflows and EHR systems.
• Previous experience leading IAM projects and initiatives.
• Unique or Preferred Skills:
• Expertise in HIPAA, HITRUST, and NIST security controls.
• Strong understanding of modern authentication protocols (SAML, OAuth, OpenID Connect, LDAP).
• Knowledge of RBAC/ABAC design and governance in a healthcare setting.
• Familiarity with IAM integrations for EPIC and other cloud-based healthcare applications.
• Excellent communication skills, with the ability to work effectively with technical and non-technical stakeholders.
• Strong analytical and problem-solving skills with attention to detail.
• Ability to work independently with minimal oversight on a broad range of IAM projects and initiatives.
• Deep understanding of IAM security principals and best practices, including principal of least privileges, defense in depth, Zero Trust, and separation of duties.