Cybersecurity IAM Architect

Estimated Pay Range
$57.38 - $95.64 / hour, based on location, education, & experience. In accordance with State Pay Transparency Rules.

Department Name
IT Identity Access Mgmt-Corp

Work Shift
Day

Job Category
Information Technology

Location
Remote (Arizona Time Zone). Eligible for remote work in the following states: AL, AK, AR, AZ, CA, CO, FL, GA, IA, ID, IN, KS, KY, LA, MD, MI, MN, MO, MS, NC, ND, NE, NH, NM, NV, NY, OH, OK, OR, PA, SC, TN, TX, UT, VA, WA, WI, WV & WY. Monday to Friday, 8am-5pm AZ.

Banner Health is seeking a Cybersecurity IAM Architect to lead the enterprise Cybersecurity IAM strategy, ecosystem, and architecture. The role involves developing architectural artifacts, models, patterns in alignment with industry standard frameworks such as SABSA, TOGAF, etc., and setting standards for identities and access in compliance with legal, regulatory, and Banner Health requirements. Responsibilities include lifecycle management of user accounts, IAM product rationalization and design, cloud identity, Azure Active Directory, AWS IAM, privileged access management, MFA, SSO, Zero Trust, and related capabilities.

This position is responsible for leading the enterprise Cybersecurity IAM strategy, ecosystem, and architecture for Banner Health. It includes development of architectural artifacts, models, patterns, and leading standards for identities and access. The role will design solutions to resolve complex technical and business issues related to Identity Governance and Administration (IGA), and drive IAM projects, strategic initiatives, budget, and goals.

• Analyzes the business and IT environment, including Azure, Google Cloud platforms, and on-premises, to detect critical deficiencies from an IAM risk perspective, recommend solutions, and implement them. Performs IAM architecture validation against IT and Cybersecurity Policies and Standards, applicable regulations (HIPAA, PCI, GDPR, etc.). Participates in threat modelling exercises and architecture design assessments for identity‑related systems.


• Creates and enforces IT Technical standards, IAM policies, standards, guidelines, best practices, and requirements. Develops, maintains, improves, and enforces architectural templates, processes, and documentation.


• In collaboration with stakeholders, develops and maintains IGA current and future states, technical requirements, aligning them with business objectives.


• Designs IAM solutions implementations in a rationalized, requirements‑aligned and systematic manner. Solution designs support Banner’s Zero Trust strategy and architecture.


• Incorporates IAM governance concepts in all architectural designs to include segregation of duties, provisioning and de‑provisioning consistency and governance, user lifecycle workflows, authentication and authorization, master data authorities, federation, security controls, logging and monitoring, privileged access management, automation, zero‑trust concepts, and other considerations to keep IAM functions and solutions accounted for and secured.


• Acts as trusted advisor by creating solution building blocks and reference architectures, providing guidance to cybersecurity engineers. Serves as mentor and maintains in‑depth knowledge of business strategies, initiatives, goals, industry trends, regulatory requirements, and cybersecurity threats.


• Advises managers and engineering teams on investments in technologies or processes resulting from solution design, architecture development, cybersecurity risk assessments, identity architectural designs, and IGA risks.


• Evaluates emerging/innovative IAM technologies for potential risks and opportunities, validates architectures for technical soundness. Develops relationships with business stakeholders and information technology management; excellent communicator.

• Bachelor’s degree in business, information security, computer science, or related field.


• 10+ years of experience in a healthcare environment or equivalent combination of education, technical, business, and healthcare experience, including one year in cybersecurity architecture at enterprise scale, preferably in healthcare.


• Expertise in IAM concepts: identification, authentication, authorization, access control, identity federation, digital identity lifecycle management.


• Deep knowledge of information technology and cybersecurity principles and practices.


• Experience with acquisition process: vendor selection, requirement definition, contractual documentation development.


• Independent judgment, critical decision making, analytical skills, excellent verbal and written communication. Ability to balance project workloads with customer support and mentor less experienced team members.


• Variable shifts and hours, ability to respond to after‑hours notifications.

• Bachelor’s Degree in Computer Science, Information Security, Information Systems, Engineering, or related field.


• 10+ years of experience in healthcare environment or equivalent combination of education, technical, business and healthcare experience.


• 10+ years of IT and cybersecurity experience focused on IAM architecture.


• Experience with architecture principles and design, systems thinking, business requirements engineering, enterprise architecture, solutions architecture, cybersecurity architecture, IT operations, automation of security processes, coding and scripting languages, use case development.


• Experience assessing IAM products, defining requirements, designing, mapping architecture diagrams, setting roadmap for IAM solutions, implementing and managing lifecycle of consumer identity solutions in regulated environment (e.g., HIPAA).


• Proficiency with Azure Active Directory, Azure AD B2C, Okta, SailPoint, CyberArk, and similar IAM tools.


• Experience with IAM related protocols: SAML, SCIM, SPML, XACML, Blockchain, TACACS, OpenID, OAuth, LDAP, etc.

• Certified Identity and Access Manager (CIAM)


• Microsoft Certified Azure Security Engineer Associate


• Certified Cloud Security Professional (CCSP)


• Google Professional Cloud Architect (GPCA)


• SABSA Chartered Security Architect – Foundation (SCF)


• Professional or Master, Certified Information Systems Security Professional (CISSP)


• Information Systems Security Architecture Professional (ISSAP)


• HealthCare Information Security & Privacy Practitioner (HCISPP)

2026-06-13

EEO/Disabled/Veterans. Our organization supports a drug‑free work environment.

Privacy Policy