Information Security Architect
Mass General Brigham

Job Info

---

About Us:

As a not-for-profit organization, Mass General Brigham is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women's Hospital and Massachusetts General Hospital, Mass General Brigham supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities. Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research.

We're focused on a people-first culture for our system's patients and our professional family. That's why we provide our employees with more ways to achieve their potential. Mass General Brigham is committed to aligning our employees' personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development-and we recognize success at every step.

Our employees use the Mass General Brigham values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.

General Summary:

Reporting directly to the Director of Identity and Access Management, Mass General Brigham Digital is seeking a highly skilled and experienced IAM (Identity and Access Management) Architect to join our team. The IAM Architect will be responsible for designing, implementing secure, scalable, and robust IAM solutions for our organization. our identity and access management strategies and systems. The ideal candidate possesses a deep understanding of IAM concepts, industry best practices, and possesses excellent analytical and problem-solving skills.

Principal Duties and Responsibilities:

• Design and develop IAM strategies: Collaborate with stakeholders to understand business requirements, define IAM strategies, and develop comprehensive IAM architectures and solutions.
• IAM system implementation: Lead the implementation and deployment of IAM systems, including identity provisioning, authentication, authorization, single sign-on, and role-based access control (RBAC).
• Security and compliance: Ensure that IAM systems adhere to industry standards, security best practices, and regulatory requirements. Perform regular audits, vulnerability assessments, and risk analysis to identify and mitigate potential security threats.
• Identity lifecycle management: Define and implement processes for the entire identity lifecycle, including onboarding, provisioning, entitlements, role management, access reviews, and offboarding.
• Identity governance: Establish and enforce identity governance policies and procedures to ensure the appropriate use and protection of enterprise resources.
• Privileged Access Management: Establish and enforce polices and procedures to manage and protect highly privileged access to the MGB environment
• Integration and interoperability: Collaborate with cross-functional teams to integrate IAM systems with other enterprise applications, directories, and databases, ensuring seamless interoperability.
• IAM system enhancements and maintenance: Stay updated with the latest IAM technologies, industry trends, and emerging threats. Continuously enhance and optimize existing IAM systems and processes to meet changing business needs.
• Documentation and reporting: Prepare comprehensive technical documentation, including architecture diagrams, system configurations, and operational procedures. Generate reports on IAM system performance, compliance status, and security incidents.
• Team collaboration and leadership: Collaborate with other IT teams, stakeholders, and vendors to deliver effective IAM solutions. Provide technical guidance and mentorship to junior team members.
• Other related duties as assigned

Qualifications

• Bachelor's or Master's degree in computer science, information technology, or a related field.
• 7+ years of proven experience working as an IAM Architect or in a similar role, designing and implementing enterprise-level IAM solutions.
• Strong knowledge of IAM concepts, protocols, and technologies, including but not limited to identity provisioning, authentication, authorization, RBAC, SSO, and federation.
• In-depth understanding of industry frameworks and standards such as OAuth, SAML, OpenID Connect, and LDAP.
• Proficiency in IAM tools and platforms, such as Saviynt, Sailpoint, Azure Active Directory, Entra, CyberArk or similar solutions.
• Extensive experience with IAM integration, including directory services, HR systems (Workday, Peoplesoft) and cloud-based applications.
• Familiarity with cybersecurity principles and best practices, including risk management, access controls, and secure coding.
• Strong analytical and problem-solving skills, with the ability to assess complex business requirements and translate them into practical IAM solutions.
• Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and stakeholders at various organizational levels.
• Relevant certifications such as CISSP, CISM, or vendor-specific IAM certifications are highly desirable.

Skills/Abilities/Competencies:

Extensive technical knowledge and experience in the domains of application security, and network administration and maintenance, including:
Protocol and technical standards including encryption, TCP/IP, SSL, S/MIME, Radius, IPSEC and PKI technology
Creating actionable secure design patterns in support of technical standards
Operating system (Windows, Mac OS, Unix) security and hardening
Database security
Endpoint security, including encryption technologies, NAC, and related technologies
Cloud-based technologies and design patterns including Azure, AWS, and Google
Cloud Access Security Broker toolsets
Authentication solutions and standards including Active Directory, SAML, OAuth, Kerberos, IWA
All aspects of IAM\IGA including identity lifecycle management, role-based access, directory services, application provisioning, access certification
Privileged Access Management including best practices and solutions for on premises and cloud-based privilege
Service Oriented Architecture concepts such as micro-service design and implementation patterns
Exposure to Clinical and EMR systems such as EPIC
Knowledge of industry standards such as: ISO27000, NIST SP 800-53, OWASP, and other standards.
Strong project management skills.
Ability to compile, analyze, and summarize data for communication.
Strong interpersonal and communications skills.
Demonstrated ability to handle heavy multi-tasking.
Clear ability to complete work with minimal oversight

EEO Statement
Mass General Brigham is an Equal Opportunity Employer. By embracing diverse skills, perspectives and ideas, we choose to lead. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law. We will ensure that all individuals with a disability are provided a reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.

---