Key Responsibilities:

The IGA lead position requires technical knowledge and experience in implementing and supporting enterprise Identity Access Management platforms and systems. The lead is responsible for the development and design of IGA system architecture, integrations and frameworks in an automated, measurable, and repeatable manner that aligns tightly with business needs.

Responsibilities:

• Strong understanding of Identity & Access Management (IAM) User Lifecycle Processes including User Activity Monitoring, Access Re-Certification, SOD, Reporting, IAM Standards and Policies

• Ability to lead or manage IGA engineering projects and team.

• Hands-on experience designing, implementing, and deploying IAM/IGA solutions in an enterprise environment (e.g., Saviynt (preferred), SailPoint, Okta, etc.)

• Ability to on-board third party and cloud applications utilizing various federation protocols within the IGA platform, as well as outside of the IGA platform.

• Ability to drive identity management strategically across the enterprise as a critical security pillar aligning where possible with IAM standard practices.

• Evaluate an application’s user-base with the business and determine if the application is a candidate for Role-Based Access Controls.

• Identify data and process improvement ideas; contribute to the transformation of the Identity Access Governance function.

• Consistently demonstrates professional demeanour and communication skills with business partners and team members.

• Support day-to-day security controls including but not limited to creating access and control, monitoring, security awareness relating to BCBSMA mainframe, Active Directory, desktop computers, and remote access

• Maintain security governance and policies for business, groups, products & security access types ensuring audit review approval.

• Ability to Implement/Customize IAM Workflows, Forms, Rules, Provisioning and Certifications

Minimum Requirements/Qualifications:

• Bachelors Degree in Information Technology or related field.

• 8+ years in Information Technology.

• 8+ years of experience in implementing IAM products (e.g., Saviynt, SailPoint, Okta, etc.).

• 2+ years of leading IGA engineering projects and team.

• Experience in access control concepts, including access administration, directory services, SAML, LDAP, or PKI.

• Understanding of IAM standards like RBAC, SCIM, SAML, OAuth, OpenID Connect.

• Programming languages: PowerShell & SQL, Computer networking, OS fundamentals (e.g., Windows/UNIX/Linux).

• Strong communication skills to articulate technically complex issues to non-IAM teams.

• Knowledge of agile development methodologies and DevOps tools for continuous deployments.

Strong pluses:

• Experience with (including technical certifications for):

• Saviynt, SailPoint IIQ or IDN, Oracle Identity Governance, One Identity, RSA or other user identity lifecycle management solution products or role-based access control solutions.

• Azure AD, OKTA, or other single sign-on, multi-factor and federation solutions.

• ADSI and ServiceNow integration with IGA platform is a big plus.

• PAM solutions: BeyondTrust, CyberArk, Thycotic, Centrify, Hashicorp, or other privilege accounts lifecycle management solutions.

• Directory services (e.g., AD) / Virtual Directory services (e.g., Radiant Logic).

• Experience defining or re-engineering IAM related processes, including incident management, change management, and configuration management.

• Experience in Policy Based Access Control (PBAC), SOD, or risk-based access controls.

• Experience presenting to executive level client stakeholders.

• CISSP, CISA or CISM certification.