Identity Access Management Analyst

Creating Life Better Here starts with you. At San Juan Regional Medical Center, we're more than a healthcare provider-we're a values-driven organization dedicated to delivering exceptional care. As a team member, you help fulfill our mission to make life better here for our community. The IT Identity Access Management Analyst provides ownership for the administration and support of managing systems access and processes that ensure appropriate user access to the organization's IT resources. The successful candidate will be responsible for design, development, and implementation of identity access management systems, provisioning processes, reviewing user access rights, maintaining access policies, and performing system access audits. The ideal candidate will have a deep understanding of identity and access management principles, as well as familiarity with a wide range of identity audit and management tools.

Required Behaviors:

As you go about fulfilling this mission, your work habits and work relationships should embody SJRMC's values. These values are our culture, our identity as an organization. Sacred Trust, Personal Reverence, Thoughtful Anticipation, Team Accountability and Creative Vitality ask more of us than merely completing some list of tasks. Our values ask for a deeper level of commitment, and what is asked of us we freely give because we believe in our mission.

Required Qualifications:

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field OR 2+ years of progressive, hands-on experience with enterprise access, provisioning, and identity risk mitigation operations.

Proven strong experience with identity access provisioning and administration in a team environment. and developing security posture matrix reporting.

Experience with identity management software such as Active Directory, Okta, Microsoft Identity Manager or Oracle Identity Management.

Excellent knowledge of cyber security principles, information security frameworks, cloud platforms, SSO, directory services, SAML, and data privacy regulations.

Current experience with and a working knowledge of IT security and health industry standard frameworks to lead compliance alignment efforts as it relates to HIPAA, HITECH, NIST CSF, RMF, PCI DSS, and MITRE ATT&CK structures.

Excellent written and verbal communication, excellent organizational ability, demonstrating a strong aptitude for systematic defense and codified analysis.

Demonstrates ethical judgment, confidentiality, privacy, and diligence.

Ability to work in a team environment.

Ability to consistently provide world-class and excellent customer service.

Strong documentation and communication skills.

Manage relationships with trust, honesty, respect, and integrity

Preferred Qualifications:

Industry Standard Certifications: CIAM, CISM, Microsoft MCSE, MCSA, Entra ID Security certifications.

Strong understanding of authentication protocols, such as SAML, OAuth, and Kerberos.

Hands-on experience with attributes-based, role-based, and/or discretionary access permissions principles.

Familiarity with secure EHR integration, medical device network segmentation, and healthcare risk frameworks.

Awareness of HIPAA, HI-TECH, NIST Cybersecurity Framework, and ISO 27001 Security Standards.

Knowledge of IT security operations and ability to communicate technical risks in plain language.

Duties and Responsibilities:
Identity Access Operations Management:

Work with IT leadership to ensure that the program meets the needs of the business and complies with all relevant laws and regulations.

Collaborate with other departments to ensure secure access to systems and data.

Manage user identity lifecycle including onboarding, offboarding, and account updates.

Plan, design, implement, and maintain identity and access management systems.

Administer user accounts, permissions, and access controls.

Analyze user access requirements and develop access policies.

Perform regular audits to ensure security protocols are not being breached.

Manage user identities and determine their access rights.

Ensure compliance with privacy laws and regulations.

Investigate any anomalies or irregularities in system access.

Develop strategies to handle security access incidents and coordinate responses to such incidents.

Train staff on security protocols and the use of identity management software.

Work closely with IT department to align system protocols with company needs.

Monitor, analyze, and respond to provisioning events.

Ensure the continuous availability and effectiveness of security monitoring tools.

Respond to audit findings and implement remediation measures.

Develop and maintain training materials related to identity and access management.

Keep up to date with the latest industry developments and trends.

Performs additional responsibilities across teams as needed to support operational continuity, security posture, and cross-functional collaboration.

Each caregiver is responsible for implementing SJRMC's Service Standards into their daily work: Safety, Courtesy, Effectiveness, Ownership, and Stewardship

Physical Demands and Environmental Work Conditions:

Regularly on-site during scheduled shifts and quickly responsive, remote support when allowed or approved, occasional travel.

Primarily office-based, frequent computer use; could involve long-term walking, standing, bending, or assisting with physical aspects of projects in clinical or administrative areas. Rounding during go-lives is common.

Possible lifting and carrying of IT hardware and materials (up to 50 lbs.).

Participation in scheduled shift coverage and on-call support for emergencies, maintenance, and upgrades.

Maintain a professional appearance, demeanor, and service-oriented communication in all interactions.

---