Sr Director, IAM & Data Security Engineering
Role details
Job location
Tech stack
Job description
The Senior Director of Identity Access Management (IAM) & Data Security Engineering is a senior leadership role responsible for the strategy, architecture, engineering, and operations of enterprise-wide identity, access, and data protection programs. The role will report to the Global CISO and part of the Cyber Leadership Team. Operating at the intersection of healthcare and financial technology, this leader will ensure that our platforms meet the stringent security and compliance requirements of HIPAA, PCI-DSS, SOC 2, and other applicable frameworks while enabling a frictionless experience for internal users, partners, and patients. This executive will build and scale a world-class engineering team, partner closely with Product, Infrastructure, Legal, and Compliance leadership, and serve as the subject-matter authority for IAM and data security across the organization.
Requirements
- 12+ years of progressive experience in information security, with at least 5 years in a senior leadership role managing security engineering teams.
- Deep hands-on expertise in IAM technologies: Okta, Azure Active Directory / Entra ID, SailPoint, CyberArk, or equivalent enterprise platforms.
- Demonstrated success delivering enterprise IAM and data security programs in highly regulated industries, specifically healthcare (HIPAA) and/or financial services (PCI-DSS, GLBA).
- Proven ability to architect and implement Zero Trust, PAM, CIAM, and data governance solutions at scale in cloud-native environments (AWS, Azure, or GCP).
- Strong working knowledge of identity protocols: OAuth 2.0, OIDC, SAML 2.0, SCIM, and FIDO2.
- Experience with data security tooling: DLP platforms, encryption key management, tokenization, and data discovery/classification.
- Demonstrated executive presence with the ability to communicate complex security concepts to C-suite, technical and non-technical stakeholders.
- Experience recruiting, developing, and retaining diverse, high-performing engineering teams.
- Relevant certifications such as CISSP, CISM, CCSP, CISA
- Familiarity with DevSecOps practices, security automation, and Infrastructure-as-Code security controls (Terraform, CloudFormation).
- Experience integrating acquired companies and harmonizing disparate identity environments post-M&A.
Advanced degree (MS or MBA) in Computer Science, Information Security, or a related field.