Senior Director IT- IAM & Provisioning Operations

City/State:
Yonkers, New York | Pay: $160k-$200k | Department: IT - Technology & Cloud Services | Shift: Day (Mon-Fri 8:30-5)

Montefiore is a leading academic medical center dedicated to innovative patient care, with a diverse workforce and a commitment to serving underserved communities.

The Senior Director of IAM & Provisioning Operations leads the enterprise identity and access management strategy across a complex IT organization. Responsibilities include governance, platform oversight, provisioning, privileged access, and certificate lifecycle management.

• Build and lead the IAM & Provisioning Operations organization, overseeing teams for identity governance, access provisioning, privileged access management, certificate lifecycle, and access operations.
• Own and evolve the enterprise IAM strategy, roadmap, operating model, and governance framework in partnership with cybersecurity, architecture, infrastructure, HR, and business leadership.
• Manage SailPoint (or equivalent) Identity Governance and Administration platforms, including identity aggregation, access request workflows, automations, role management, access certifications, policy enforcement, segregation of duties, and lifecycle event processing.
• Direct enterprise provisioning and deprovisioning operations for all workforce populations across on‑premises, cloud, SaaS, and legacy application environments.
• Govern joiner, mover, leaver, transfer, rehire, and termination processes to ensure timely, accurate, auditable, and automated access changes aligned to HR source of truth.
• Lead the MFA program, overseeing platform governance, registration and adoption monitoring, end‑user experience, exception management, and migration to secure methods such as FIDO2 and certificate‑based authentication.
• Lead the PAM program, including vaulting, credential rotation, privileged session management, just‑in‑time access, break‑glass procedures, service account governance, and privileged access reviews.
• Oversee certificate management and PKI operations, including inventory, discovery, issuance, renewal automation, expiration monitoring, key management, and operational controls.
• Establish standards for role‑based and attribute‑based access control, least privilege, access recertification, privileged access, service accounts, shared accounts, application onboarding, and access exception handling.
• Partner with application, infrastructure, cloud, and security teams to onboard critical applications and platforms into IAM, PAM, SSO, MFA, and access review processes.
• Ensure IAM operations meet regulatory, audit, and compliance requirements, providing evidence production, control testing, remediation tracking, policy alignment, and risk reporting.
• Develop and monitor service levels, key risk indicators, performance dashboards, provisioning and removal timeliness, certification completion, incident trends, and continuous improvement initiatives.
• Own major incident response, root‑cause analysis, problem management, and service disruption resolution for IAM-related incidents.
• Drive automation and process improvement to reduce manual provisioning, accelerate onboarding, reduce orphaned access, and improve the user experience.
• Manage vendor relationships, platform support models, licensing optimization, and roadmap alignment for IAM and related technologies.
• Champion innovation, automation, and Zero Trust‑aligned access management practices across the enterprise, aligning operations with security architecture, risk tolerance, and regulatory obligations.
• Provide regular leadership reporting on outages, access risks, audit issues, certification status, provisioning performance, certificate expiration risk, PAM adoption, and project status.
• Support merger, acquisition, divestiture, application migration, cloud adoption, and major transformation efforts from an identity and access operations perspective.
• Ensure the IAM organization is prepared for audits, security assessments, disaster recovery, regulatory reviews, and resilience exercises.

• A minimum of 10 years of experience in Identity and Access Management, cybersecurity, or IT operations, with at…