Xtensys
Identity and Access Management (IAM) Architect
Xtensys, Northeast Ithaca, New York, United States
Identity and Access Management (IAM) Architect
1 week ago Be among the first 25 applicants
Who We Are We are new but mighty. Xtensys, a recently established managed service provider, delivers cutting-edge technology to health systems, starting in NY and expanding beyond. Owned by two industry leaders focused on innovation in rural and community health, we are rapidly growing with several major initiatives underway. We are seeking an experienced Identity and Access Management (IAM) Architect to join our team of 500 and support our exciting journey. We value people and are building a culture to match.
Overview The Identity and Access Management (IAM) Architect is responsible for designing, implementing, and optimizing the organization’s identity, access, and account lifecycle strategies across both on-premises and cloud environments. This role ensures secure, efficient, and compliant management of user identities, integrating with platforms such as Azure AD, Workday, and third-party systems. In addition to driving IAM architecture and workflow design, this is also a support-facing role—serving as the technical escalation point for identity-related issues and service tickets. The ideal candidate will bring a strategic vision for how to get there, including a defined roadmap and actionable steps toward long-term IAM maturity. The IAM Architect collaborates closely with IT, security, HR, clinical departments (e.g., Nursing, Education, Medstaff), and business stakeholders to define IAM policies, streamline onboarding/offboarding workflows, and implement identity governance solutions that align with organizational goals and compliance requirements (e.g., HIPAA, NIST).
Responsibilities
Design, implement, and maintain scalable IAM solutions, including identity lifecycle management, authentication, and authorization systems.
Create and document IAM-related processes and publish technical guides for cross-functional teams.
Lead the development and enforcement of enterprise-wide IAM standards and policies, including RBAC, SSO, and MFA.
Participate in or lead IAM components of system migrations, mergers, or new application implementations.
Architect and manage end-to-end identity workflows, including onboarding, offboarding, and user access changes, ensuring alignment with compliance and operational requirements.
Collaborate with Human Resources, Nursing, Education, and other business units to analyze identity-related needs and opportunities to streamline IAM processes.
Serve as technical lead for integrating IAM systems with internal and third-party applications, including cloud (Azure, SaaS) and on-premise systems.
Provide technical support and operational ownership for ManageEngine ADManager, including role-based access templates and delegated workflows.
Assist team members supporting third-party access tools such as SecureLink and BeyondTrust.
Respond to and resolve JIRA service tickets related to identity access requests, provisioning issues, and workflow escalations in a timely and accurate manner.
Conduct regular access reviews and recertifications to ensure appropriate user access and mitigate risk of unauthorized access.
Monitor IAM infrastructure for performance, availability, and security concerns; proactively identify and remediate anomalies and vulnerabilities.
Maintain knowledge of emerging IAM trends, protocols (e.g., SAML, OAuth2, LDAP, SCIM), and regulatory requirements (e.g., HIPAA, NIST).
Support internal and external audits by ensuring access documentation, logs, and configurations meet governance requirements.
Partner with cybersecurity, infrastructure, and application teams to ensure IAM architecture aligns with organizational security strategy. Stay current on IAM trends and technologies, recommending improvements and innovations.
Qualifications And Experience
Relevant certifications are strongly preferred, such as Security+, CISSP, CISM, or IAM-specific credentials (CIAM, Microsoft Identity and Access Administrator, SailPoint Certified IdentityNow Engineer, etc.).
Minimum of 7 years of hands-on experience in Identity and Access Management or IT Security Architecture, including implementation and governance of enterprise IAM systems.
Proven experience architecting and supporting IAM platforms such as Microsoft Entra ID (Azure AD), SailPoint, or similar is required.
Demonstrated expertise with RBAC, SSO, MFA, LDAP, SAML, OAuth, SCIM, and other identity standards/protocols is required.
Experience designing and managing IAM workflows for onboarding, offboarding, and user change processes across complex environments is required.
Experience implementing and supporting Workday-to-Active Directory integration, including identity provisioning, attribute mapping, and lifecycle synchronization is preferred.
Working knowledge of ManageEngine ADManager Plus, including delegated role templates and user provisioning workflows is preferred.
Strong scripting and automation skills (e.g., PowerShell) for identity lifecycle tasks and access control auditing is required.
Experience supporting JIRA-based ticketing systems and workflows related to IAM issues, role requests, and access approvals is preferred.
Familiarity with Epic Electronic Medical Record (EMR) system is a plus, especially in contexts involving clinical access workflows and user provisioning is preferred.
Familiarity with regulatory compliance frameworks and security standards such as HIPAA, NIST 800-53, or ISO 27001 is required.
Excellent analytical, problem-solving, and communication skills with the ability to collaborate cross-functionally with technical and non-technical teams is required.
Education/Certifications
Highschool Diploma or GED is required.
Travel Requirements
up to 5%
Physical Requirements
Sedentary work: Exerting up to 10 pounds of force occasionally in carrying, lifting, pushing, pulling objects. Sitting most of the time, with walking and standing required only occasionally.
Why Join Us
You can help shape the future of healthcare managed services delivery.
You can work alongside dynamic leaders and a passionate, mission-driven team.
You can take ownership of building scalable project management practices from the ground up.
You’re able to enjoy a flexible, high-impact role with major opportunities for growth.
You’ll receive a competitive salary, bonus plan, benefits, and career development pathways.
Get notified about new Identity and Access Management (IAM) Architect jobs in Ithaca, NY.
#J-18808-Ljbffr
Who We Are We are new but mighty. Xtensys, a recently established managed service provider, delivers cutting-edge technology to health systems, starting in NY and expanding beyond. Owned by two industry leaders focused on innovation in rural and community health, we are rapidly growing with several major initiatives underway. We are seeking an experienced Identity and Access Management (IAM) Architect to join our team of 500 and support our exciting journey. We value people and are building a culture to match.
Overview The Identity and Access Management (IAM) Architect is responsible for designing, implementing, and optimizing the organization’s identity, access, and account lifecycle strategies across both on-premises and cloud environments. This role ensures secure, efficient, and compliant management of user identities, integrating with platforms such as Azure AD, Workday, and third-party systems. In addition to driving IAM architecture and workflow design, this is also a support-facing role—serving as the technical escalation point for identity-related issues and service tickets. The ideal candidate will bring a strategic vision for how to get there, including a defined roadmap and actionable steps toward long-term IAM maturity. The IAM Architect collaborates closely with IT, security, HR, clinical departments (e.g., Nursing, Education, Medstaff), and business stakeholders to define IAM policies, streamline onboarding/offboarding workflows, and implement identity governance solutions that align with organizational goals and compliance requirements (e.g., HIPAA, NIST).
Responsibilities
Design, implement, and maintain scalable IAM solutions, including identity lifecycle management, authentication, and authorization systems.
Create and document IAM-related processes and publish technical guides for cross-functional teams.
Lead the development and enforcement of enterprise-wide IAM standards and policies, including RBAC, SSO, and MFA.
Participate in or lead IAM components of system migrations, mergers, or new application implementations.
Architect and manage end-to-end identity workflows, including onboarding, offboarding, and user access changes, ensuring alignment with compliance and operational requirements.
Collaborate with Human Resources, Nursing, Education, and other business units to analyze identity-related needs and opportunities to streamline IAM processes.
Serve as technical lead for integrating IAM systems with internal and third-party applications, including cloud (Azure, SaaS) and on-premise systems.
Provide technical support and operational ownership for ManageEngine ADManager, including role-based access templates and delegated workflows.
Assist team members supporting third-party access tools such as SecureLink and BeyondTrust.
Respond to and resolve JIRA service tickets related to identity access requests, provisioning issues, and workflow escalations in a timely and accurate manner.
Conduct regular access reviews and recertifications to ensure appropriate user access and mitigate risk of unauthorized access.
Monitor IAM infrastructure for performance, availability, and security concerns; proactively identify and remediate anomalies and vulnerabilities.
Maintain knowledge of emerging IAM trends, protocols (e.g., SAML, OAuth2, LDAP, SCIM), and regulatory requirements (e.g., HIPAA, NIST).
Support internal and external audits by ensuring access documentation, logs, and configurations meet governance requirements.
Partner with cybersecurity, infrastructure, and application teams to ensure IAM architecture aligns with organizational security strategy. Stay current on IAM trends and technologies, recommending improvements and innovations.
Qualifications And Experience
Relevant certifications are strongly preferred, such as Security+, CISSP, CISM, or IAM-specific credentials (CIAM, Microsoft Identity and Access Administrator, SailPoint Certified IdentityNow Engineer, etc.).
Minimum of 7 years of hands-on experience in Identity and Access Management or IT Security Architecture, including implementation and governance of enterprise IAM systems.
Proven experience architecting and supporting IAM platforms such as Microsoft Entra ID (Azure AD), SailPoint, or similar is required.
Demonstrated expertise with RBAC, SSO, MFA, LDAP, SAML, OAuth, SCIM, and other identity standards/protocols is required.
Experience designing and managing IAM workflows for onboarding, offboarding, and user change processes across complex environments is required.
Experience implementing and supporting Workday-to-Active Directory integration, including identity provisioning, attribute mapping, and lifecycle synchronization is preferred.
Working knowledge of ManageEngine ADManager Plus, including delegated role templates and user provisioning workflows is preferred.
Strong scripting and automation skills (e.g., PowerShell) for identity lifecycle tasks and access control auditing is required.
Experience supporting JIRA-based ticketing systems and workflows related to IAM issues, role requests, and access approvals is preferred.
Familiarity with Epic Electronic Medical Record (EMR) system is a plus, especially in contexts involving clinical access workflows and user provisioning is preferred.
Familiarity with regulatory compliance frameworks and security standards such as HIPAA, NIST 800-53, or ISO 27001 is required.
Excellent analytical, problem-solving, and communication skills with the ability to collaborate cross-functionally with technical and non-technical teams is required.
Education/Certifications
Highschool Diploma or GED is required.
Travel Requirements
up to 5%
Physical Requirements
Sedentary work: Exerting up to 10 pounds of force occasionally in carrying, lifting, pushing, pulling objects. Sitting most of the time, with walking and standing required only occasionally.
Why Join Us
You can help shape the future of healthcare managed services delivery.
You can work alongside dynamic leaders and a passionate, mission-driven team.
You can take ownership of building scalable project management practices from the ground up.
You’re able to enjoy a flexible, high-impact role with major opportunities for growth.
You’ll receive a competitive salary, bonus plan, benefits, and career development pathways.
Get notified about new Identity and Access Management (IAM) Architect jobs in Ithaca, NY.
#J-18808-Ljbffr