Digital Identity Architect (New York)

Job Title

How you move is why we're here. Now more than ever, our guiding principles are helping us in our search for exceptional talent - candidates who align with our unique workplace culture and who want to maximize the abundant opportunities for growth and success. If this describes you then let's talk! HSS is consistently among the top-ranked hospitals for orthopedics and rheumatology by U.S. News & World Report. As a recipient of the Magnet Award for Nursing Excellence, HSS was the first hospital in New York City to receive the distinguished designation. Whether you are early in your career or an expert in your field, you will find HSS an innovative, supportive and inclusive environment.

Working with colleagues who love what they do and are deeply committed to our Mission, you too can be part of our transformation across the enterprise.

Emp Status : Regular Full Time

Work Shift : Not specified

Compensation Range : $124,000.00 - $189,250.00. In addition, this position will be eligible for additional benefits consistent with the role. The salary of the finalist selected for this role will be determined based on various factors, including but not limited to : scope of role, level of experience, education, accomplishments, internal equity, budget, and subject to Fair Market Value evaluation. The hiring range listed is a good faith determination of potential compensation at the time of this job advertisement and may be modified in the future.

What You Will Be Doing

Architect and implement IAM solutions that support secure, seamless access across on-premises and cloud environments for diverse user groups.

Lead technical design and integration efforts for identity lifecycle management, role-based access control (RBAC), and privileged access management (PAM).

Translate business requirements into scalable IAM capabilities by effectively communicating complex technical solutions in business-relevant terms.

Design and enforce policies for authentication, authorization, identity governance, and access provisioning across enterprise systems.

Configure, maintain, and optimize IAM platforms including SailPoint, Entra ID, Active Directory, Microsoft Authenticator, and Delinea.

Develop and maintain automation workflows, scripts, and APIs to drive efficiency, standardization, and consistency across IAM processes.

Ensure compliance with regulatory and audit requirements by implementing controls and conducting risk assessments related to identity services.

Collaborate with IT, cybersecurity, HR, and application teams to align IAM with broader security and operational goals.

Act as a subject matter expert for IAM issues and incidents, providing deep technical troubleshooting and root cause analysis.

Stay current with emerging trends, threats, and technologies to evolve the organization's IAM roadmap and strategic direction.

Required Qualifications

Bachelor's degree in computer science, information systems, cybersecurity, or a related field, or equivalent years of experience.

7+ years of IT experience, with at least 5 years focused on identity and access management in an enterprise setting.

Expert knowledge of IAM tools and protocols including SailPoint, Microsoft Entra ID, Active Directory, Microsoft Authenticator, and Delinea.

Strong understanding of identity federation, access control models, authentication protocols (SAML, OAuth2, OpenID Connect), and directory services.

Experience designing IAM solutions for diverse environments with complex user personas and varying access needs.

Solid understanding of compliance requirements relevant to healthcare, such as HIPAA and HITECH.

Demonstrated ability to lead technical projects and collaborate cross-functionally.

Preferred Qualifications

Experience working in healthcare or an academic medical center environment.

Master's degree in cybersecurity, information systems, or a related field.

Industry certifications such as CISSP, GIAC, Microsoft Certified : Identity and Access Administrator Associate, or SailPoint IdentityNow Certification.

Familiarity with identity risk management and zero trust architecture.

Experience with workflow development, scripting (PowerShell, Python), and RESTful API integrations.

Non-Discrimination Policy : Hospital for Special Surgery is committed to providing high quality care and skilled, compassionate, reliable service to our community in a safe and healing environment. Consistent with this commitment, Hospital for Special Surgery provides care, admits, and treats patients and provides all services without regard to age, race, color, creed, ethnicity, religion, national origin, culture, language, physical or mental disability, socioeconomic status, veteran or military status, marital status, sex, sexual orientation, gender identity or expression, or any other basis prohibited by federal, state, or local law or by accreditation standards.