IT Security Identity and Access Manager
Gainesville, GA Hybrid
Job Summary
Services the organization, patients, and employees by ensuring timely and accurate provisioning utilizing role based access controls and least privilege access principles. Provide leadership and guidance for the Identity and Access team, including all provisioning and system access related processes. Lead the Identity and Access team and provide support and engagement with 1:1s, lead staff meetings, and develop staff. Implement continual process improvement and innovation in processes, policies, and governance enabling the team to provide secure service delivery in a timely and accurate manner. Management, oversight and ownership of the comprehensive identity and access platform in use by the organization. This role is responsible for creating, maintaining, automating and improving standards in account lifecycle management. Assists in the formulation of strategic planning for both short- and long-term activities, and performing all other duties as assigned by the Director of Information Security. Well versed with a deep understanding of Active Directory, permissions, role based access, access provisioning, and access controls. Manage the provisioning of Epic security and work with other applications teams and managers to ensure data confidentiality, integrity, and availability.
Minimum Job Qualifications
- Educational Requirements: Bachelor's Degree in Information System, Information Technology Management or related Field.
- Minimum Experience: 7 years of IT security operations experience. Minimum of three years working in a complex IT Security position.
Preferred Job Qualifications
- Preferred Licensure or other certifications: CISSP or CISM. May hold additional IT security certifications.
- Preferred Experience: Healthcare IT security experience.
Job Specific and Unique Knowledge, Skills and Abilities
- Must be able to follow written technical instructions without assistance.
- Minimum of three years working in a complex IT Security position.
- Well organized and able to communicate effectively with end users as well as ITS staff.
- Must be detail oriented.
- Knowledge of the organization's core business/mission processes.
- Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Knowledge of Personal Health Information (PHI) data security standards.
- Knowledge of the organizational planning and staffing process.
Essential Tasks and Responsibilities
- Leadership and direction of the Identity & Access Management (IAM) team responsible for IT Security account provisioning and deprovisioning.
- Manages provisioning teams to reduce backlogs, prioritize workloads and intelligently automate platforms in support of a fast paced, growing healthcare environment.
- Microsoft Active Directory (AD) subject matter expert with a deep understanding of AD principles and best practices eager to optimize and improve legacy configurations.
- Administer accounts, network rights, and access to systems and equipment.
- Operate and maintain highly automated systems for gaining and maintaining access to target systems.
- Apply and utilize authorized cyber capabilities to enable access to targeted networks.
- Assess adequate access controls based on principles of least privilege and need-to-know.
- Ability to work in a fast-paced environment, supporting multiple initiatives simultaneously and prioritizing work to meet and or exceed expectations.
- Understanding Business requirements, processes, and best practice.
- Apply cybersecurity functions (e.g., encryption, access control, and identity management) to reduce exploitation opportunities.
- Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation.
- Design group policies and access control lists continuously to ensure compatibility with organizational standards, business rules, and needs.
- Familiar with HIPAA Security and other regulatory healthcare requirements and provides input on security policy and protocol to ensure compliance.
- Reviews new systems for appropriate application security access controls and audit functionality.
