Apply Now

Director, Identity Access Management and Governance

Nashville, TN, USA | ARDENT

  • Industry:
    Healthcare - Hospitals
  • Position Type:
  • Functions:
    General Management
    Legal / Compliance
  • Experience:
    5-7 years
Job Description:
59 people have viewed this job

Ardent Health Services invests in people, technology, facilities and communities, producing high-quality care and extraordinary results. Based in Nashville, Tennessee, Ardent’s subsidiaries own and operate 30 hospitals in six states with more than 26,000 employees including 1,000+ employed providers and $4.4B in annual revenue. Ardent facilities exceed national averages in Overall Hospital Quality Star Rating as ranked by the Centers for Medicare & Medicaid Services; 89 percent of its hospitals received a three-star rating or above in comparison with 73 percent of all hospitals ranked Ardent's corporate office has been named "Top Work Places" for Nashville based companies for 5 consecutive years including 2021.

We have an exciting opportunity to join our Information Security team as Director, Identity Access Management and Governance.

The Director, Identity Access Management and Governance is responsible for providing leadership in the areas of Identity and Access Management with special emphasis on Identity Governance and Administration, as well as Privileged Access Management. This position will lead the management of the Identity Access Management function and will safeguard Ardent Health Services brand by promoting, implementing and supporting controls to manage risks associated with identity. Through collaboration with other IT and company stakeholder leaders, this role will help ensure our Identity Access and Provisioning posture is strong, proactive and aligns with our current and future business objectives.

This role is responsible for assisting in the design and support of the AHS enterprise-wide identity, access management and governance strategy that meets the needs of our current and future acquired operational locations.The person in this position is responsible for providing expert advice and effective oversight of information security and technology risk activities to identify, assess, control, and manage identity and access risks throughout Ardent Health Services. This role is charged with overseeing identity risk aggregation, correlation of risk, and reporting in support of enterprise-wide objectives. This role will lead our Identity Access Management and Governance department and to meet both regulatory and contractual regulatory obligations.


  • Serves as an internal information security consultant to the enterprise while balancing the needs of the day-to-day business.

  • Research and recommend solutions that meet security standards while ensuring functionality for business continuity.

  • Develop security test scenarios for unit, process, function, integration, and acceptance testing.

  • Design integration schema and linkage for multi-platform business and technological solutions.

  • Evaluates the security of new technologies and assist with the plan to integrate them into the company environment.

  • Help develop the policies and procedures in conjunction with the established IT governance channels to manage the use and operation of these systems

  • Develop disaster recovery and contingency plans for Information Security projects and participate in DR planning for other projects.

  • Recommend best practices for security controls without hindering functionality.

  • Define the minimum access and identity configuration standards for all IT systems.

  • Evaluates new and proposed security systems and technologies.

  • Reviews, develops, test, and implements security plans, products, and control techniques.

  • Develops guidelines for the usage, control, maintenance, and auditability of information and computer resources.


Education and Experience

  • BS/BA degree and specialized information security technical training required. An advanced degree is a plus.

  • A reputable security certification (CISSP, CISSP w/specialization HCISPP, GIAC, CISA, etc.) is required

  • A minimum of 6 years of progressive Information Security experience.

  • A minimum of 3+ years of management experience leading information security.

  • Identity Governance experience is required.

  • Experience in security architecture design is a plus.

  • Working knowledge of Epic EHR and Lawson ERP are a plus.

  • Working knowledge of IAM platforms (Imprivata, SailPoint, MIM) are a plus

  • In-depth knowledge of information security industry and regulatory obligations (Sarbanes-Oxley (SOX), HIPAA, GLBA, PCI DSS, HITRUST, NIST Framework, etc.).

  • Working knowledge of Microsoft Active Directory.

  • Ability to analyze all layers of the OSI model from the security stance.

  • Prepare and present plans/designs to IT and business leaders.

  • Advocate the integration of solutions into the enterprise directory structure.

  • In-depth knowledge of networking technologies and architecture.

  • Prioritize tasks effectively to meet project deadlines and deliverables.

  • ITIL familiarization - managing incidents, requests, and changes. Experience is a plus.

  • Excellent problem-solving ability.

  • High degree of self-motivation.

  • Competent using the Microsoft Office suite of products.

  • Additional Knowledge, Skills and Attributes (Underlying skills and abilities that enable the execution of duties and responsibilities)

Knowledge of:

  • Federal and state laws regarding security and privacy of electronic information assets, within the context of the healthcare industry is highly preferred (e.g., HIPAA, Sarbanes-Oxley, etc.);

  • Industry security standards (e.g., NIST), with healthcare industry standards such as CMS, JCAHO, etc. is required;

  • Platform independent information security policy and standards;

  • E-commerce/e-business security related strategies, policies, and standards;

  • Enterprise security awareness program practices that incrementally create organizational security awareness and education;

  • Compliance programs to help ensure conformity with established enterprise security policies, practices, and standards;

  • Risk assessment processes for the protection of electronic information assets; and

  • Large scale Wide Area Network and multiple platform environments with both decentralized and centralized focuses.

Skills including:

  • Superior analytical skills to identify high-risk security breach opportunities with the ability to develop solutions to prevent, correct, detect, or mitigate security risks via people, processes and technology;

  • Ability to relate business requirements and risks to technology implementation for security-related activities;

  • Ability to collaborate with IT&S and business area professionals to identify/recommend applicable security practices/controls rather than dictating security methods;

  • Ability to balance the seriousness of protecting electronic information assets with the need to enable users to effectively and efficiently use systems to perform job responsibilities, while continuing to emphasize quality patient care;

  • Solid project management and collaboration skills, especially in a cross-functional dynamic team environment;

  • Excellent oral and written communication skills with the ability to present and discuss technical information in a manner that establishes rapport, persuades others, and allows the individual to increase understanding of subject matter.

  • Working both independently and with key stakeholders to develop security policy and standards; and

  • Taking initiatives toward personal development such as maintaining skills and obtaining professional certifications (e.g., Information Systems Security Association, Certified Information Systems Security Professional, etc.).

Other Factors

  • Must be willing to travel occasionally.

  • Must be willing to respond to information security issues surrounding identity access and governance 24x7.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.

Other companies hiring with Ivy Exec

 Company Logos