Identity & Access Management Lead
Apply NowCompany: Washington Health Benefit Exchange
Location: Olympia, WA 98501
Description:
The mission of Washington Health Benefit Exchange (Exchange) is to radically improve how Washington residents secure health insurance through innovative and practical solutions, an easy-to-use customer experience, our values of integrity, respect, equity and transparency, and by providing undeniable value to the health care community.
The Exchange is a public-private partnership that operates Washington Healthplanfinder, the eligibility and enrollment portal used by one in four Washington residents to obtain health and dental coverage. Through this platform, and with support from a Customer Support Center and statewide network of in-person navigators and brokers, individuals and families can shop, compare and enroll in private, qualified health plans (as defined in the Affordable Care Act) or enroll in Washington Apple Health, the state Medicaid program.
The Exchange embraces the following equity statement adopted by our Board of Directors:
Equity is fundamental to the mission of the Washington Health Benefit Exchange. The process of advancing toward equity and becoming anti-racist is disruptive and demands vigilance to dismantle deeply entrenched systems of privilege and oppression. While systemic racism is a root cause of many societal inequities, we must also use an intersectional approach to address all forms of bias and oppression, which interact with and often exacerbate racial inequities. To be successful, we must recognize the socioeconomic drivers of health and focus on people and places where needs are greatest. As we listen to community, we must hold ourselves accountable to responding to recommendations to remedy inequitable policies, systems, or practices within the Exchange's area of influence. Our goal is that all Washingtonians have full and equal access to opportunities, power and resources to achieve their full potential.
SUMMARY
The Identity and Access Management (IAM) Lead is responsible for overseeing the development, configuration, and management of the WAHBE's IAM solution, leveraging ForgeRock technology. This role encompasses designing, managing, and monitoring IAM systems to ensure the implementation of robust security controls. The IAM Lead collaborates with the risk management team on IT audits and remediation efforts, partners with the delivery team to support modernization initiatives, and assists the incident response team in investigating IT security incidents and breaches. Additionally, the role involves evaluating new IAM requirements, assessing and migrating IAM products, and providing management with impact analyses and status updates.
DUTIES AND RESPONSIBILITIES
Develop and lead the WAHBE's Identity and Access Management (IAM) strategy, ensuring alignment with delivery team goals and WAHBE policies.
Design and architect IAM solutions that seamlessly integrate with existing and future infrastructure.
Lead the evaluation, deployment, migration, and management of IAM technologies.
Provide hands-on expertise in configuring and deploying IAM solutions.
Ensure the availability, scalability, and reliability of IAM systems.
Manage the end-to-end integration of IAM systems with cloud-based applications and services.
Oversee the entire user identity lifecycle, including provisioning, deprovisioning, and account management.
Implement and manage Single Sign-On (SSO), federation (SAML, OAuth, OIDC), Multi-Factor Authentication (MFA), and risk-based authentication.
Ensure IAM compliance with regulatory standards such as NIST, CMS MARS-E, IRS publication 1075, and OWASP.
Monitor and audit IAM systems to identify and address potential security incidents.
Lead cross-functional teams to deliver successful IAM initiatives.
Collaborate with IT, Security, Risk Management, and Delivery teams to define and refine IAM requirements.
Manage vendor relationships, including monitoring performance, product updates, and organizational impacts.
Serve as a subject matter expert during security incidents and investigations related to IAM.
Perform root cause analysis and implement solutions to address IAM-related issues effectively.
Mentor and manage a team of IAM administrators and engineers, promoting best practices and professional growth.
Track and resolve IAM bugs and release issues, reporting progress to management.
Conduct access re-certifications for privileged user accounts within the IAM framework.
Manage and resolve day-to-day IAM issues, ensuring escalation and process adherence.
Configure both standard and custom reporting using industry-standard tools.
Stay informed about emerging trends and capabilities in IAM technologies.
Advise management on IAM risk-related issues and recommend actions to support risk management and compliance goals.
Lead risk assessments for proposed IAM solutions, escalating issues when necessary and ensuring resolution.
Assist WAHBE in reviewing and updating policies, procedures, and standards related to IAM solutions.
Collaborate with the Risk Management Office to remediate vulnerabilities and address audit findings.
Collaborate closely with architects and engineers to share insights, best practices, and technical requirements.
Perform additional responsibilities as needed within the scope of IAM solutions.
QUALIFICATIONS
Required:
7+ years of experience in Identity and Access Management (IAM) using tools like Oracle, ForgeRock, Okta, PingOne, or similar technologies, including at least 3 years in a lead or architect role.
In-depth knowledge of IAM technologies such as ForgeRock, SailPoint, Okta, Ping Identity, or Oracle Identity Suite.
Proficiency in SAML, OAuth, OIDC, MFA, and risk-based authentication mechanisms.
Strong understanding of Directory Services, RESTful APIs, and microservices architectures.
Ability to assess the impact of new requirements on IAM and all upstream and downstream applications, systems, and processes.
Advanced troubleshooting capabilities, including log analysis and root cause identification.
Hands-on experience with implementing IAM solutions in cloud environments, such as AWS, Azure, and Google Cloud Platform (GCP).
Knowledge of hybrid cloud IAM deployments and integrations.
Exceptional leadership and decision-making abilities with a proactive approach to problem-solving.
Excellent verbal and written communication skills, with the ability to effectively convey technical concepts to diverse audiences.
Strong project management skills, with the ability to prioritize and manage multiple projects simultaneously.
Experience developing and documenting business processes and workflows within IAM implementations.
Experience assisting in security/privacy incident investigations and collaborating with incident response teams.
Experience in vendor management and oversight, with the ability to escalate concerns to management when necessary.
Motivated self-starter with the ability to take initiative and ownership of responsibilities.
Ability to maintain a high level of confidentiality and demonstrate sound judgment.
Creative, proactive analytical person who can independently make decisions and manage work priorities.
Highly organized, flexible, and resourceful, with strong attention to detail.
Desired:
Minimum of 3 years of hands-on experience with ForgeRock Identity and Access Management (IAM) solutions.
Strong knowledge and practical experience in understanding and implementing IT security controls.
Experience working with Security Information and Event Management (SIEM) systems.
Background in government and/or healthcare industries.
Comprehensive understanding of standards and guidelines, including IRS 1075, MARS-E, NIST, FISMA, and HITECH.
Proven experience in contracts management.
Bachelor's or master's degree in Cybersecurity or a related field.
Relevant certifications such as CISSP, CISM, or vendor-specific IAM credentials (e.g., ForgeRock Certified Identity Management Specialist, Okta Certified Professional).
Demonstrated ability to quickly learn and apply new concepts effectively.
APPLICATION INSTRUCTIONS
This position will be open until we find a suitable number of candidates to review. If interested, please submit an application as soon as possible. The Exchange reserves the right to close the recruitment at any time.
SALARY INFORMATION
Full Salary Range: $106,523.00 to $159,785.00 annually, with midpoint at $133,154.00.
Hiring Range: $122,502.00 and $133,154.00 annually. This is an estimate of where a qualified candidate can expect to receive an offer.
The actual salary offer will consider candidate experience, skills, qualifications, internal equity, and the market. Our compensation policy reserves the salary range above the midpoint for employees who are meeting and exceeding expectations and for growth and development, up to the maximum.
BENEFITS
Take a peek at our benefits package.
WORKING CONDITIONS
Core business hours are 8:00 a.m. to 5:00 p.m., Monday through Friday. There are times where irregular hours will be required. The preferred duty station is our Olympia, Washington headquarters. The nature of this role relies heavily on remote and in-person collaboration. While a hybrid remote and on-site schedule may be considered, the position will require flexibility to allow for in-office availability as business needs dictate. Travel requirements will be limited, however there may be occasions where an employee is required to travel and work irregular hours to attend meetings or trainings. Duties of this position require the use of standard office furniture and equipment, including setup for remote work. The employee is responsible for providing and maintaining a safe, ergonomic, and secure workspace at their remote location.
The working conditions and physical demands are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
SPECIAL REQUIREMENTS
A criminal background screen will be conducted for candidates under final consideration, and if hired, every five years of employment where highly sensitive data is processed or maintained by the position. The result of this background screen must meet the Exchange's eligibility standards.
OTHER INFORMATION
The above statements are intended to describe the general nature and levels of work being performed. They are not intended to be construed as an exhaustive list of responsibilities, duties and skills of personnel so classified.
This is not an employment agreement or contract. Management has the exclusive right to alter this job description at any time without notice.
The Washington Health Benefit Exchange is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, marital status, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
We participate in E-Verify. You can view the Department of Justice's Right to Work poster here.
The Exchange is a public-private partnership that operates Washington Healthplanfinder, the eligibility and enrollment portal used by one in four Washington residents to obtain health and dental coverage. Through this platform, and with support from a Customer Support Center and statewide network of in-person navigators and brokers, individuals and families can shop, compare and enroll in private, qualified health plans (as defined in the Affordable Care Act) or enroll in Washington Apple Health, the state Medicaid program.
The Exchange embraces the following equity statement adopted by our Board of Directors:
Equity is fundamental to the mission of the Washington Health Benefit Exchange. The process of advancing toward equity and becoming anti-racist is disruptive and demands vigilance to dismantle deeply entrenched systems of privilege and oppression. While systemic racism is a root cause of many societal inequities, we must also use an intersectional approach to address all forms of bias and oppression, which interact with and often exacerbate racial inequities. To be successful, we must recognize the socioeconomic drivers of health and focus on people and places where needs are greatest. As we listen to community, we must hold ourselves accountable to responding to recommendations to remedy inequitable policies, systems, or practices within the Exchange's area of influence. Our goal is that all Washingtonians have full and equal access to opportunities, power and resources to achieve their full potential.
SUMMARY
The Identity and Access Management (IAM) Lead is responsible for overseeing the development, configuration, and management of the WAHBE's IAM solution, leveraging ForgeRock technology. This role encompasses designing, managing, and monitoring IAM systems to ensure the implementation of robust security controls. The IAM Lead collaborates with the risk management team on IT audits and remediation efforts, partners with the delivery team to support modernization initiatives, and assists the incident response team in investigating IT security incidents and breaches. Additionally, the role involves evaluating new IAM requirements, assessing and migrating IAM products, and providing management with impact analyses and status updates.
DUTIES AND RESPONSIBILITIES
Develop and lead the WAHBE's Identity and Access Management (IAM) strategy, ensuring alignment with delivery team goals and WAHBE policies.
Design and architect IAM solutions that seamlessly integrate with existing and future infrastructure.
Lead the evaluation, deployment, migration, and management of IAM technologies.
Provide hands-on expertise in configuring and deploying IAM solutions.
Ensure the availability, scalability, and reliability of IAM systems.
Manage the end-to-end integration of IAM systems with cloud-based applications and services.
Oversee the entire user identity lifecycle, including provisioning, deprovisioning, and account management.
Implement and manage Single Sign-On (SSO), federation (SAML, OAuth, OIDC), Multi-Factor Authentication (MFA), and risk-based authentication.
Ensure IAM compliance with regulatory standards such as NIST, CMS MARS-E, IRS publication 1075, and OWASP.
Monitor and audit IAM systems to identify and address potential security incidents.
Lead cross-functional teams to deliver successful IAM initiatives.
Collaborate with IT, Security, Risk Management, and Delivery teams to define and refine IAM requirements.
Manage vendor relationships, including monitoring performance, product updates, and organizational impacts.
Serve as a subject matter expert during security incidents and investigations related to IAM.
Perform root cause analysis and implement solutions to address IAM-related issues effectively.
Mentor and manage a team of IAM administrators and engineers, promoting best practices and professional growth.
Track and resolve IAM bugs and release issues, reporting progress to management.
Conduct access re-certifications for privileged user accounts within the IAM framework.
Manage and resolve day-to-day IAM issues, ensuring escalation and process adherence.
Configure both standard and custom reporting using industry-standard tools.
Stay informed about emerging trends and capabilities in IAM technologies.
Advise management on IAM risk-related issues and recommend actions to support risk management and compliance goals.
Lead risk assessments for proposed IAM solutions, escalating issues when necessary and ensuring resolution.
Assist WAHBE in reviewing and updating policies, procedures, and standards related to IAM solutions.
Collaborate with the Risk Management Office to remediate vulnerabilities and address audit findings.
Collaborate closely with architects and engineers to share insights, best practices, and technical requirements.
Perform additional responsibilities as needed within the scope of IAM solutions.
QUALIFICATIONS
Required:
7+ years of experience in Identity and Access Management (IAM) using tools like Oracle, ForgeRock, Okta, PingOne, or similar technologies, including at least 3 years in a lead or architect role.
In-depth knowledge of IAM technologies such as ForgeRock, SailPoint, Okta, Ping Identity, or Oracle Identity Suite.
Proficiency in SAML, OAuth, OIDC, MFA, and risk-based authentication mechanisms.
Strong understanding of Directory Services, RESTful APIs, and microservices architectures.
Ability to assess the impact of new requirements on IAM and all upstream and downstream applications, systems, and processes.
Advanced troubleshooting capabilities, including log analysis and root cause identification.
Hands-on experience with implementing IAM solutions in cloud environments, such as AWS, Azure, and Google Cloud Platform (GCP).
Knowledge of hybrid cloud IAM deployments and integrations.
Exceptional leadership and decision-making abilities with a proactive approach to problem-solving.
Excellent verbal and written communication skills, with the ability to effectively convey technical concepts to diverse audiences.
Strong project management skills, with the ability to prioritize and manage multiple projects simultaneously.
Experience developing and documenting business processes and workflows within IAM implementations.
Experience assisting in security/privacy incident investigations and collaborating with incident response teams.
Experience in vendor management and oversight, with the ability to escalate concerns to management when necessary.
Motivated self-starter with the ability to take initiative and ownership of responsibilities.
Ability to maintain a high level of confidentiality and demonstrate sound judgment.
Creative, proactive analytical person who can independently make decisions and manage work priorities.
Highly organized, flexible, and resourceful, with strong attention to detail.
Desired:
Minimum of 3 years of hands-on experience with ForgeRock Identity and Access Management (IAM) solutions.
Strong knowledge and practical experience in understanding and implementing IT security controls.
Experience working with Security Information and Event Management (SIEM) systems.
Background in government and/or healthcare industries.
Comprehensive understanding of standards and guidelines, including IRS 1075, MARS-E, NIST, FISMA, and HITECH.
Proven experience in contracts management.
Bachelor's or master's degree in Cybersecurity or a related field.
Relevant certifications such as CISSP, CISM, or vendor-specific IAM credentials (e.g., ForgeRock Certified Identity Management Specialist, Okta Certified Professional).
Demonstrated ability to quickly learn and apply new concepts effectively.
APPLICATION INSTRUCTIONS
This position will be open until we find a suitable number of candidates to review. If interested, please submit an application as soon as possible. The Exchange reserves the right to close the recruitment at any time.
SALARY INFORMATION
Full Salary Range: $106,523.00 to $159,785.00 annually, with midpoint at $133,154.00.
Hiring Range: $122,502.00 and $133,154.00 annually. This is an estimate of where a qualified candidate can expect to receive an offer.
The actual salary offer will consider candidate experience, skills, qualifications, internal equity, and the market. Our compensation policy reserves the salary range above the midpoint for employees who are meeting and exceeding expectations and for growth and development, up to the maximum.
BENEFITS
Take a peek at our benefits package.
WORKING CONDITIONS
Core business hours are 8:00 a.m. to 5:00 p.m., Monday through Friday. There are times where irregular hours will be required. The preferred duty station is our Olympia, Washington headquarters. The nature of this role relies heavily on remote and in-person collaboration. While a hybrid remote and on-site schedule may be considered, the position will require flexibility to allow for in-office availability as business needs dictate. Travel requirements will be limited, however there may be occasions where an employee is required to travel and work irregular hours to attend meetings or trainings. Duties of this position require the use of standard office furniture and equipment, including setup for remote work. The employee is responsible for providing and maintaining a safe, ergonomic, and secure workspace at their remote location.
The working conditions and physical demands are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
SPECIAL REQUIREMENTS
A criminal background screen will be conducted for candidates under final consideration, and if hired, every five years of employment where highly sensitive data is processed or maintained by the position. The result of this background screen must meet the Exchange's eligibility standards.
OTHER INFORMATION
The above statements are intended to describe the general nature and levels of work being performed. They are not intended to be construed as an exhaustive list of responsibilities, duties and skills of personnel so classified.
This is not an employment agreement or contract. Management has the exclusive right to alter this job description at any time without notice.
The Washington Health Benefit Exchange is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, marital status, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
We participate in E-Verify. You can view the Department of Justice's Right to Work poster here.