Duke University Health System
IT Consultant - Identity & Access Management
Duke University Health System, Durham, North Carolina, United States, 27703
IT Consultant - Identity & Access Management
Get AI‑powered advice on this job and more exclusive features.
At Duke Health, we're driven by a commitment to compassionate care that changes the lives of patients, their loved ones, and the greater community. No matter where your talents lie, join us and discover how we can advance health together.
About Duke Health Technology Solutions Pursue your passion for caring and innovation with Duke Health Technology Solutions, which is dedicated to the transformation, development, and management of enterprise information technology solutions across Duke Health. By harnessing the power of innovative technologies like cloud computing and artificial intelligence — and pairing them with a forward‑thinking approach — Duke Health Technology Solutions is revolutionizing the future of health care at Duke Health and beyond.
IT Consultant Strategic Activities
IAM Strategy & Roadmap: Support a long‑term IAM strategy, aligning identity/access management initiatives with business goals and security best practices. Define the IAM architecture (covering identity lifecycle, authentication/authorization models, and governance policies) and collaborate to create a roadmap for implementing new IAM technologies and processes.
Governance & Compliance: Participate in establishing and enforcing IAM policies and standards (e.g., access control policies, password/MFA requirements, role‑based access models) to ensure compliance with relevant regulations and internal security requirements. Advise senior leadership on IAM risk and governance matters, integrating IAM considerations into broader IT and security strategies (e.g., Zero Trust, least privilege).
Cross‑Functional Collaboration: Work closely with IT, security, and business units to incorporate IAM into projects and operations. Coordinate identity integration during organizational changes (such as mergers or restructuring of departments), including merging directory or domain infrastructures when necessary. Serve as an IAM subject matter expert in committees and planning groups, ensuring alignment across the organization.
Tactical Activities
Implementation of IAM Solutions: Collaborate with stakeholders on the configuration of IAM technologies. This includes setting up and managing Single Sign‑On (SSO) and Multi‑Factor Authentication (MFA) solutions, configuring identity federation with external/internal systems, and implementing privileged access management tools. Customize IAM platforms or scripts to automate provisioning, deprovisioning, and access reviews.
User Lifecycle & Access Management: Represent Duke Health in end‑to‑end user identity lifecycle processes. Ensure timely provisioning of accounts and access for new hires, role changes, and terminations in all relevant systems. Maintain role‑based access control (RBAC) frameworks and group management, verifying that users have appropriate access privileges. Regularly perform access recertification and audits, and remediate any discrepancies in permissions.
Security Monitoring & Issue Resolution: Define the strategy for monitoring IAM systems (logs, alerts, etc.) for unusual access patterns or security events, and respond to identity‑related security incidents (such as account compromises or unauthorized access). Troubleshoot and resolve IAM‑related technical issues, including login/authentication failures, authorization errors, and directory synchronization problems. Provide support and guidance to IT support teams for complex access requests or issues, and create documentation/KB articles for common procedures.
Continuous Improvement & Integration: Stay up‑to‑date with evolving IAM best practices and emerging technologies. Recommend and implement improvements to enhance security, user experience, and efficiency (for example, introducing passwordless authentication options or improving self‑service access request workflows). Work on integrating new applications and services into the existing IAM framework, ensuring any new technology (cloud service, enterprise app, etc.) uses centralized identity and access management for consistency and security.
Education/Training
Bachelor's Degree in Computer Science, Information Systems, Cybersecurity, or a related field or equivalent work experience.
Required Experience
Identity & Access Management: 5+ years of experience in IT with significant focus on Identity and Access Management. Hands‑on responsibility for implementing or managing IAM solutions (directories, SSO/MFA, identity governance, or privileged access management) in a complex enterprise environment.
Azure AD/Entra & Active Directory Expertise: Strong experience with Microsoft Active Directory (on‑premises) and Azure Active Directory/Microsoft Entra ID in a hybrid environment is required. Experience with AD synchronization, Azure AD Connect or Entra Cloud Sync, and resolving hybrid identity issues is expected.
Technology Implementation Track Record: Demonstrated ability to design and implement IAM technologies and processes. Examples include deploying an enterprise SSO solution, rolling out MFA to a large user base, implementing an identity governance platform, or establishing a privileged account management process.
Project Leadership: Experience leading or significantly contributing to the execution of IT security or IAM projects, coordinating across teams, managing timelines and deliverables, and working with vendors or external consultants.
Security & Compliance Experience: Background in environments with rigorous security or compliance requirements (SOX, HIPAA, GDPR, etc.). Experience passing security audits or assessments related to access management and implementing controls to meet regulatory or policy requirements.
Preferred Experience
Sector Experience (Healthcare/Education): Prior experience in an academic medical center, university, or healthcare environment is strongly preferred.
Mergers & Identity Consolidation: Experience with merging or consolidating identity systems during mergers, acquisitions, or IT integrations.
Cloud IAM & Digital Transformation: Involvement in large‑scale cloud adoption projects, specifically handling the IAM portion.
Required Skills
IAM Domain Knowledge: Deep understanding of identity and access management concepts, protocols, and best practices. Expertise in authentication technologies, authorization models, and identity lifecycle processes.
Microsoft Identity & Cloud Skills: Expert skills in administering Active Directory and Azure Active Directory (Entra). Knowledge of Conditional Access, MFA, Identity Protection, Privileged Identity Management, and PowerShell automation.
Security Mindset: Strong security and risk management mindset as it relates to IAM. Familiarity with Zero Trust security and robust IAM controls.
Analytical Problem‑Solving: Excellent problem‑solving skills to diagnose and resolve complex identity/access issues.
Communication & Documentation: Clear communication skills, both written and verbal. Ability to write documentation, runbooks, and training materials.
Collaboration & Teamwork: Collaborative approach to work with various teams across both Duke Health and Duke University.
Preferred Skills
Certifications: Certifications such as CISSP, CISM, Microsoft Certified: Azure Solutions Architect, or Identity and Access Administrator are a plus.
Additional IAM Tools & Technologies: Experience with SailPoint, Okta, CyberArk, or multi‑cloud IAM (AWS IAM) is beneficial.
Industry‑Specific IAM Knowledge: Understanding of healthcare or higher education identity management needs and regulations.
Change Management & User Education: Experience driving user adoption of new IAM solutions through communication plans and training.
Leadership & Mentoring: Ability to lead and mentor others in IAM best practices.
Duke is an Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex (including pregnancy and pregnancy related conditions), sexual orientation or military status.
Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas — an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.
Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essential job functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.
#J-18808-Ljbffr
At Duke Health, we're driven by a commitment to compassionate care that changes the lives of patients, their loved ones, and the greater community. No matter where your talents lie, join us and discover how we can advance health together.
About Duke Health Technology Solutions Pursue your passion for caring and innovation with Duke Health Technology Solutions, which is dedicated to the transformation, development, and management of enterprise information technology solutions across Duke Health. By harnessing the power of innovative technologies like cloud computing and artificial intelligence — and pairing them with a forward‑thinking approach — Duke Health Technology Solutions is revolutionizing the future of health care at Duke Health and beyond.
IT Consultant Strategic Activities
IAM Strategy & Roadmap: Support a long‑term IAM strategy, aligning identity/access management initiatives with business goals and security best practices. Define the IAM architecture (covering identity lifecycle, authentication/authorization models, and governance policies) and collaborate to create a roadmap for implementing new IAM technologies and processes.
Governance & Compliance: Participate in establishing and enforcing IAM policies and standards (e.g., access control policies, password/MFA requirements, role‑based access models) to ensure compliance with relevant regulations and internal security requirements. Advise senior leadership on IAM risk and governance matters, integrating IAM considerations into broader IT and security strategies (e.g., Zero Trust, least privilege).
Cross‑Functional Collaboration: Work closely with IT, security, and business units to incorporate IAM into projects and operations. Coordinate identity integration during organizational changes (such as mergers or restructuring of departments), including merging directory or domain infrastructures when necessary. Serve as an IAM subject matter expert in committees and planning groups, ensuring alignment across the organization.
Tactical Activities
Implementation of IAM Solutions: Collaborate with stakeholders on the configuration of IAM technologies. This includes setting up and managing Single Sign‑On (SSO) and Multi‑Factor Authentication (MFA) solutions, configuring identity federation with external/internal systems, and implementing privileged access management tools. Customize IAM platforms or scripts to automate provisioning, deprovisioning, and access reviews.
User Lifecycle & Access Management: Represent Duke Health in end‑to‑end user identity lifecycle processes. Ensure timely provisioning of accounts and access for new hires, role changes, and terminations in all relevant systems. Maintain role‑based access control (RBAC) frameworks and group management, verifying that users have appropriate access privileges. Regularly perform access recertification and audits, and remediate any discrepancies in permissions.
Security Monitoring & Issue Resolution: Define the strategy for monitoring IAM systems (logs, alerts, etc.) for unusual access patterns or security events, and respond to identity‑related security incidents (such as account compromises or unauthorized access). Troubleshoot and resolve IAM‑related technical issues, including login/authentication failures, authorization errors, and directory synchronization problems. Provide support and guidance to IT support teams for complex access requests or issues, and create documentation/KB articles for common procedures.
Continuous Improvement & Integration: Stay up‑to‑date with evolving IAM best practices and emerging technologies. Recommend and implement improvements to enhance security, user experience, and efficiency (for example, introducing passwordless authentication options or improving self‑service access request workflows). Work on integrating new applications and services into the existing IAM framework, ensuring any new technology (cloud service, enterprise app, etc.) uses centralized identity and access management for consistency and security.
Education/Training
Bachelor's Degree in Computer Science, Information Systems, Cybersecurity, or a related field or equivalent work experience.
Required Experience
Identity & Access Management: 5+ years of experience in IT with significant focus on Identity and Access Management. Hands‑on responsibility for implementing or managing IAM solutions (directories, SSO/MFA, identity governance, or privileged access management) in a complex enterprise environment.
Azure AD/Entra & Active Directory Expertise: Strong experience with Microsoft Active Directory (on‑premises) and Azure Active Directory/Microsoft Entra ID in a hybrid environment is required. Experience with AD synchronization, Azure AD Connect or Entra Cloud Sync, and resolving hybrid identity issues is expected.
Technology Implementation Track Record: Demonstrated ability to design and implement IAM technologies and processes. Examples include deploying an enterprise SSO solution, rolling out MFA to a large user base, implementing an identity governance platform, or establishing a privileged account management process.
Project Leadership: Experience leading or significantly contributing to the execution of IT security or IAM projects, coordinating across teams, managing timelines and deliverables, and working with vendors or external consultants.
Security & Compliance Experience: Background in environments with rigorous security or compliance requirements (SOX, HIPAA, GDPR, etc.). Experience passing security audits or assessments related to access management and implementing controls to meet regulatory or policy requirements.
Preferred Experience
Sector Experience (Healthcare/Education): Prior experience in an academic medical center, university, or healthcare environment is strongly preferred.
Mergers & Identity Consolidation: Experience with merging or consolidating identity systems during mergers, acquisitions, or IT integrations.
Cloud IAM & Digital Transformation: Involvement in large‑scale cloud adoption projects, specifically handling the IAM portion.
Required Skills
IAM Domain Knowledge: Deep understanding of identity and access management concepts, protocols, and best practices. Expertise in authentication technologies, authorization models, and identity lifecycle processes.
Microsoft Identity & Cloud Skills: Expert skills in administering Active Directory and Azure Active Directory (Entra). Knowledge of Conditional Access, MFA, Identity Protection, Privileged Identity Management, and PowerShell automation.
Security Mindset: Strong security and risk management mindset as it relates to IAM. Familiarity with Zero Trust security and robust IAM controls.
Analytical Problem‑Solving: Excellent problem‑solving skills to diagnose and resolve complex identity/access issues.
Communication & Documentation: Clear communication skills, both written and verbal. Ability to write documentation, runbooks, and training materials.
Collaboration & Teamwork: Collaborative approach to work with various teams across both Duke Health and Duke University.
Preferred Skills
Certifications: Certifications such as CISSP, CISM, Microsoft Certified: Azure Solutions Architect, or Identity and Access Administrator are a plus.
Additional IAM Tools & Technologies: Experience with SailPoint, Okta, CyberArk, or multi‑cloud IAM (AWS IAM) is beneficial.
Industry‑Specific IAM Knowledge: Understanding of healthcare or higher education identity management needs and regulations.
Change Management & User Education: Experience driving user adoption of new IAM solutions through communication plans and training.
Leadership & Mentoring: Ability to lead and mentor others in IAM best practices.
Duke is an Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex (including pregnancy and pregnancy related conditions), sexual orientation or military status.
Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas — an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.
Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essential job functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.
#J-18808-Ljbffr