We are seeking a skilled Director of Identity & Access Management (IAM) to join our team in Franklin, TN. The first 90 days in this role will be fully in-person to ensure comprehensive onboarding and training. After the initial period, the position will transition to a hybrid model, with 2 days remote and 3 days in the office each week. 

The Director of Identity & Access Management (IAM) will play a critical role in ensuring the security, integrity, and accessibility of Acadia’s digital assets and sensitive information. This position involves leading the design, implementation, and management of the IAM strategy, policies, and controls to protect patient data, enable secure access to systems and applications, and ensure compliance with regulatory requirements. Additionally, the role requires hands-on experience with IAM architecture, including designing and integrating IAM solutions in complex, multi-cloud, and hybrid environments. This role demands strong leadership, technical expertise, and a deep understanding of the unique challenges in the healthcare industry.

ESSENTIAL FUNCTIONS:

• Create an IAM strategy aligned with Acadia’s business objectives, industry best practices, and regulatory requirements, focusing on protecting patient privacy and confidentiality.
• Lead the design and architecture of IAM solutions, ensuring scalable, secure, and resilient identity and access management systems. Integrate IAM solutions across diverse environments, including on-premises, cloud, and hybrid setups.
• Oversee the deployment and integration of IAM technologies, including identity provisioning, access management, single sign-on (SSO), multi-factor authentication (MFA), and privileged access management (PAM).
• Define, implement, and enforce IAM policies, standards, and procedures to ensure compliance with healthcare regulations such as HIPAA, HITECH, and state privacy laws, as well as industry standards and best practices.
• Establish and maintain identity lifecycle management processes, including user provisioning, deprovisioning, and access recertification, to ensure the accuracy and integrity of user identities and entitlements.
• Implement identity governance capabilities, such as role-based access control (RBAC), entitlement management, and identity analytics, to manage risks, enforce least privilege principles, and improve compliance.
• Establish key performance indicators (KPIs) for IAM activities and proactively report to stakeholders on the performance of IAM operations, metrics, and the organization's risk posture. Provide actionable insights and recommendations to enhance security and compliance.
• Stay informed about developments in Generative AI and other AI technologies, assessing their implications for IAM and IT infrastructure. Evaluate potential risks, benefits, and opportunities to enhance IAM strategies and processes through AI-driven solutions.
• Collaborate with IT, cybersecurity, compliance, and clinical teams to assess IAM requirements, prioritize initiatives, and address business needs while maintaining security and compliance.
• Monitor and analyze IAM-related metrics, trends, and incidents to identify security gaps, mitigate risks, and optimize IAM operations, including incident response and threat detection.
• Provide leadership and guidance to the IAM team, including hiring, training, mentoring, and performance management to build and maintain a high-performing, cohesive team.
• Stay informed about emerging IAM technologies, trends, and threats in the healthcare and behavioral health industry and assess their potential impact on Acadia’s security posture and IAM strategy.
• Continuously review and optimize IAM architecture to address evolving threats and business requirements, ensuring a future-proof IAM environment.

STANDARD EXPECTATIONS:

• Complies with organizational policies, procedures, performance improvement initiatives and maintains organizational and industry policies regarding confidentiality.
• Development of constructive and cooperative working relationships.
• Fostering mutual trust, respect, and cooperation among team members.

EDUCATION/EXPERIENCE/SKILL REQUIREMENTS:

• Education: A bachelor’s degree in computer science, Information Technology, or related field, or equivalent work experience.
• Experience: At least 7 years of proven experience leading IAM programs, with at least 2 years focusing on IAM architecture in a complex, multi-cloud, or hybrid environment. Experience in healthcare or behavioral health organizations is preferred.
• Expertise: Strong knowledge of IAM concepts, principles, technologies, and best practices. Proven experience in healthcare security, including industry regulations such as HIPAA and HITECH. Familiarity with healthcare IT systems, electronic health records, and clinical workflows, with experience integrating IAM solutions across these systems.
• Architecture & Design: Hands-on experience in designing IAM architecture, including cloud identity solutions (e.g., Azure AD, AWS IAM), and knowledge of integration patterns and security frameworks.
• Communication: Excellent communication skills, including the ability to convey complex technical concepts to non-technical stakeholders and collaborate effectively with cross-functional teams.
• Organization: Strong project management skills, with the ability to prioritize tasks, manage multiple projects concurrently, and deliver results on time and within budget.
• Leadership: Proven leadership capabilities, including the ability to build and motivate high-performing teams, foster collaboration, and drive continuous improvement in IAM operations and security posture.
• Compliance: Deep understanding of relevant legal and regulatory requirements, including SOX, HIPAA, and PCI, with the ability to ensure compliance across all IAM processes.
• Self-Motivation: Self-motivated with strong organizational skills and exceptional attention to detail.
• Adherence: Ability to work within established policies, procedures, and practices set by the organization.
• Continuous Learning and Development: Commitment to continuous learning and professional development in IAM. Stay current with emerging threats, new technologies, and best practices through ongoing education and training.
• Language Skills: Proficient in English to provide and receive instructions and directions effectively.

LICENSES/DESIGNATIONS/CERTIFICATIONS:

• Certifications: Desired by not required, any one of these or a combination: CompTIA A+, CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), or Certified Identity and Access Manager (CIAM), other IAM-related certifications.

SUPERVISORY REQUIREMENTS:

Supervises a team of employees

AHCORP

#LI-AH