Sr. IAM Analyst Risk and Compliance

Somerville, NJ - USA

Monthly Salary: $ 92102 - 134056

Posted on: 10 hours ago

Vacancies: 1 Vacancy

Job Summary

Site: Mass General Brigham Incorporated

Mass General Brigham relies on a wide range of professionals including doctors nurses business people tech experts researchers and systems analysts to advance our mission. As a not-for-profit we support patient care research teaching and community service striving to provide exceptional care. We believe that high-performing teams drive groundbreaking medical discoveries and invite all applicants to join us and experience what it means to be part of Mass General Brigham.

Job Summary

The Senior IAM Analyst Risk & Compliance is responsible for ensuring that Identity and Access Management controls are designed implemented and operated in alignment with regulatory security and risk management requirements. This role serves as the primary liaison between IAM engineering/operations teams Information Security operations internal and external auditors and application owners

The role focuses on governance control effectiveness policy enforcement metrics and audit readiness across the IAM ecosystem including Identity Governance & Administration (IGA) Access Management Privileged Access Management (PAM) and directory services.

This position requires strong analytical skills deep understanding of IAM control frameworks and the ability to translate regulatory and audit requirements into actionable IAM controls and operational processes.

Qualifications

Essential Functions:

IAM Risk & Control Management

Own and maintain IAM-related controls mapped to frameworks such as NIST 800-53 NIST CSF HIPAA Security Rule and Mass General Brigham security policies
Partner with IAM Engineering and Operations teams to ensure controls are properly designed implemented and operating effectively
Identify IAM control gaps assess risk and drive remediation plans with clear owners and timelines
Evaluate IAM processes for alignment with least privilege separation of duties and zero trust principles

Metrics Reporting & Continuous Improvement

Define and report IAM risk and compliance KPIs such as:
- Certification completion and exception rates
- Orphaned and dormant account trends
- Privileged access violations
- Access request SLA adherence
Use data to identify trends emerging risks and opportunities for automation or control enhancement
Contribute to continuous improvement of IAM governance processes and tooling

Audit & Compliance Support

Act as the primary IAM point of contact for:
- Internal audits
- External audits
- Regulatory inquiries
Prepare audit evidence narratives and walkthroughs for IAM controls including:
- User lifecycle management
- Access requests and approvals
- Access certifications
- Privileged access management
- Authentication and authorization controls
Track audit findings manage remediation efforts and validate closure

Access Governance & Certification Oversight

Provide risk and compliance oversight for access certification campaigns (manager application owner privileged access)
Define and enforce certification standards review quality thresholds and escalation criteria
Analyze certification results to identify systemic risk role sprawl or control weaknesses

Policy Standards & Procedures

Develop and maintain IAM-related:
- Policies
- Standards
- Procedures
- Control documentation
Ensure policies are actionable enforceable and aligned with technical implementations
Support annual policy reviews and exception management processes

Cross-Functional Collaboration

Collaborate closely with:
- IAM Engineering and Operations
- Information Security Operations and Program Governance
- Privacy and Legal teams
- Internal Audit
- Application and Infrastructure owners
Serve as a trusted advisor on IAM risk topics to technical and non-technical stakeholders

Education:

Bachelors or Associates Degree preferred

Licenses and Certification:

Relevant certifications such as CISSP CISA CRISC or IAM platform certifications (e.g. Saviynt Okta CyberArk) Preferred

Work Experience:

5 years of progressively responsible experience in Identity and Access Management Information Security or IT Risk & Compliance preferably in a large regulated healthcare or academic medical environment
Demonstrated experience supporting audits regulatory inquiries and control remediation efforts related to IAM

Knowledge Skills and Abilities:

Advanced expertise in IAM governance risk and compliance including identity lifecycle controls access governance privileged access management and authentication and authorization models.
Strong working knowledge of healthcare regulatory and security frameworks including HIPAA and NIST-based control models and the ability to map requirements to technical IAM controls.
Hands-on experience assessing and governing IAM controls within enterprise IAM platforms (e.g. IGA access management PAM directory services).
Ability to apply risk-based and analytical thinking to identify control gaps prioritize remediation and drive measurable improvements.
Strong written and verbal communication skills with the ability to clearly articulate IAM risk and compliance concepts to technical teams auditors and non-technical stakeholders.
Proven ability to lead complex initiatives manage competing priorities and deliver outcomes in a matrixed enterprise environment.
Strong judgment and decision-making skills with demonstrated ability to evaluate trade-offs and recommend solutions that align with MGBs risk tolerance and

Additional Job Details (if applicable)

M-F Eastern Business Hours required
Hybrid onsite Flexible working model required weekly includes onsite in office (number of days weekly can vary must be flexible for business needs)
1-2 onsite days per week
Remote working days require stable secure quiet compliant working station

Remote Type

Hybrid

Work Location

399 Revolution Drive

Scheduled Weekly Hours

Employee Type

Regular

Work Shift

Day (United States of America)

Pay Range

$92102.40 - $134056.00/Annual

Grade

At Mass General Brigham we believe in recognizing and rewarding the unique value each team member brings to our organization. Our approach to determining base pay is comprehensive and any offer extended will take into account your skills relevant experience if applicable education certifications and other essential factors. The base pay information provided offers an estimate based on the minimum job qualifications; however it does not encompass all elements contributing to your total compensation addition to competitive base pay we offer comprehensive benefits career advancement opportunities differentials premiums and bonuses as applicable and recognition programs designed to celebrate your contributions and support your professional growth. We invite you to apply and our Talent Acquisition team will provide an overview of your potential compensation and benefits package.

EEO Statement:

0100 Mass General Brigham Incorporated is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religious creed national origin sex age gender identity disability sexual orientation military service genetic information and/or other status protected under law. We will ensure that all individuals with a disability are provided a reasonable accommodation to participate in the job application or interview process to perform essential job functions and to receive other benefits and privileges of employment. To ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973 the Vietnam Veterans Readjustment Act of 1974 and Title I of the Americans with Disabilities Act of 1990 applicants who require accommodation in the job application process may contact Human Resources at .

Mass General Brigham Competency Framework

At Mass General Brigham our competency framework defines what effective leadership looks like by specifying which behaviors are most critical for successful performance at each job level. The framework is comprised of ten competencies (half People-Focused half Performance-Focused) and are defined by observable and measurable skills and behaviors that contribute to workplace effectiveness and career success. These competencies are used to evaluate performance make hiring decisions identify development needs mobilize employees across our system and establish a strong talent pipeline.

Required Experience:

Senior IC

Site: Mass General Brigham IncorporatedMass General Brigham relies on a wide range of professionals including doctors nurses business people tech experts researchers and systems analysts to advance our mission. As a not-for-profit we support patient care research teaching and community service striv...