Senior Director, Zero Trust and Identity Security

Primary City/State:

Phoenix, Arizona

Department Name:

IT Info Tech Admin-Corp

Work Shift:

Day

Job Category:

Information Technology

Banner Health believes leadership matters. We look for leaders who share our vision making health care easier, so life can be better. Our executives are at the forefront of the health care transformation, planning the future of Banner Health.

Your pay and benefits are important components of your journey at Banner Health. This opportunity includes the option to participate in a variety of health, financial, and security benefits. In addition, this position may be eligible for our Management Incentive Program as part of your Total Rewards package.

Within Banner Health Corporate, you will have the opportunity to apply your unique experience and expertise in support of a nationally-recognized healthcare leader. We offer stimulating and rewarding careers in a wide array of disciplines. Whether your background is in Human Resources, Finance, Information Technology, Legal, Managed Care Programs or Public Relations, you'll find many options for contributing to our award-winning patient care.

POSITION SUMMARY

This position leads the strategic development, implementation, and ongoing management of the organization's zero trust security framework. This role drives transformational security initiatives across network infrastructure, identity and access management, data protection, and configuration management domains. This position includes influencing the vision and strategy of Banner's cybersecurity, staying current on the latest technology trends, understanding market changes and business needs, and working with senior leadership to develop and drive the direction.

Partners and collaborates with other security and IT leaders to develop and drive strategies, work on special projects, and solve complex security challenges facing the organization.

CORE FUNCTIONS

1. Develops and executes comprehensive zero trust strategy aligned with organizational business objectives and risk tolerance. Establishes roadmap for zero trust maturity progression across all security domains. Provides executive leadership on security architecture decisions and investments. Collaborates with C-suite and business unit leaders to integrate zero trust principles into digital transformation initiatives. Defines success metrics and KPIs for zero trust implementation and effectiveness.

Supports and promotes security governance and ensures security architectures are aligned to business priority, comply with reference architecture standards, policy and regulatory requirements. Ensures Key Performance Indicators are established and tracked in all levels of work effort.

2. Designs and implements micro-segmentation strategies to minimize lateral movement and contain potential breaches. Leads deployment and optimization of Zscaler cloud security platform for secure internet and SaaS access. Architects zero trust network access (ZTNA) solutions replacing traditional VPN infrastructure. Oversees network security policies, enforcement mechanisms, and continuous monitoring. Ensures secure connectivity for remote workforce, partners, and third-party access.

3. Establishes identity-centric security controls as the foundation of zero trust architecture. Implements adaptive authentication, multi-factor authentication (MFA), and risk-based access policies. Leads privileged access management (PAM) and just-in-time (JIT) access initiatives. Drives identity governance programs including access certification and lifecycle management. Integrates IAM with SIEM/SOAR platforms for threat detection and automated response.

4. Develops data classification framework and implements appropriate protection controls. Deploys data loss prevention (DLP), encryption, and rights management solutions. Establishes data access policies based on least privilege and need-to-know principles. Implements cloud access security broker (CASB) technologies for SaaS data protection. Ensures compliance with data privacy regulations (GDPR, CCPA, HIPAA, etc.).

5. Establishes security configuration baselines and hardening standards across all technology platforms. Implements infrastructure as code (IaC) with embedded security controls. Leads vulnerability management and patch management programs. Deploys configuration monitoring and drift detection capabilities. Ensures secure Dev Sec Ops  practices and CI/CD pipeline security.

6. Builds, mentors, and leads high-performing security engineering and architecture teams in a fully remote environment. Fosters culture of continuous learning and security innovation. Develops talent pipeline and succession planning for critical security roles. Collaborates with HR on security awareness training and culture initiatives. Creates inclusive remote work culture with strong team cohesion across distributed workforce.

7. Ensures zero trust implementation meets regulatory and compliance requirements. Establishes security policies, standards, and…