Director Information Security Identity Access Mgmt and Governance

Overview

Ardent Health is a leading provider of healthcare in communities across the country. With a focus on consumer-friendly processes and investments in innovative services and technologies, Ardent is passionate about making healthcare better and easier to access. We are driven by our purpose of caring for people: our patients, our communities and one another.

Located in Brentwood, Tennessee, Ardent has earned a reputation as one of the industry's strongest and most innovative healthcare systems. Our facilities and clinics are consistently recognized among healthcare's best employers. We recognize each hospital and clinic is as unique as the community it serves. We strive to maintain strong community ties through advisory boards, contributions, charitable care, education and outreach.

Ardent includes:

• 30 hospitals
• 280 sites of care
• 4,281 beds
• 24,000+ team members
• 8,200+ nurses
• 1,800+ aligned providers
• 5.8M annual provider encounters
• 421 medical residents

Ardent makes considerable investments in people, technology, facilities, and communities, producing high quality care and extraordinary results. From newly constructed facilities and expanded services, to lifesaving technology and outstanding opportunities for employees, Ardent is committed to providing its hospitals and clinics the tools needed to succeed.

We believe it is this mix of corporate support and local autonomy that equips our teams for success.

The Director, Information Security provides strategic and operational leadership for enterprise-wide Identity and Access Management (IAM), with a strong focus on Identity Governance and Administration and Privileged Access Management. This role leads the IAM function to protect Ardent Health Services by mitigating identity-related risks, ensuring regulatory and contractual compliance, and aligning identity strategies with current and future business objectives, including acquisitions.

Through collaboration with IT and business stakeholders, the Director oversees the design, implementation, governance, and reporting of identity and access controls, ensuring a proactive, risk-based posture across the organization.

• Provides strategic IAM leadership, presenting architecture, plans, and designs to IT and business leaders
• Drives continuous improvement of IAM, IGA, and PAM capabilities aligned to business growth and evolving threats
• Leads integration of IAM solutions into enterprise directory services and multiplatform environments
• Serves as an internal information security leader, balancing risk management with operational needs
• Ensures identity data integrity, authoritative source alignment, and automated Joiner/Mover/Leaver lifecycle management
• Strengthens identity governance through access reviews, certifications, policy enforcement, and minimum access standards
• Expands and oversees Privileged Access Management capabilities, including vaulting, session monitoring, and just-in-time access
• Defines, measures, and reports IAM KPIs, risk metrics, and operational effectiveness
• Evaluates, selects, and implements security technologies and controls that meet standards without hindering business continuity
• Develops and maintains IAM security architecture, integration schemas, testing scenarios, policies, procedures, and auditability standards
• Manages IAM budgets, vendors, resources, disaster recovery planning, and builds, mentors, and scales IAM teams across engineering, operations, and governance

Job Requirements:

• Bachelor's degree
• 6+ years of progressive Information Security experience.
• 3+ years of management experience leading information security.
• Identity Access Management and Governance experience
• Security certification (CISSP, CISSP w/specialization HCISPP, GIAC, CISA, etc.)
• Working knowledge of Industry security standards (e.g., NIST), with healthcare industry standards such as CMS, JCAHO, etc.
• Ability and willingness to travel on an as-needed basis
• Availability to participate in a 24x7 on-call or escalation rotation to address identity, access, and governance-related security incidents

Preferred

Job Requirements:

• Experience designing and implementing security and IAM architectures in complex enterprise environments
• Working knowledge of healthcare and enterprise platforms such as Epic EHR, Workday ERP, Lawson ERP, and Microsoft Active Directory
• Hands-on experience with IAM technologies and tools (e.g., Imprivata, SailPoint, Microsoft Identity Manager or similar)
• Strong understanding of information security regulations, frameworks, and assurance programs (e.g., HIPAA, SOX, PCI DSS, GLBA, HITRUST, NIST)
• Familiarity with federal and state security and privacy laws, particularly within the healthcare industry
• Knowledge of IT service management practices (ITIL), including incident, request, and change management
• Experience with risk assessment, compliance programs, and enterprise security policies, standards, and awareness initiatives
• Exposure to securing large, multiplatform, distributed environments,…