Principal Identity and Access Management (IAM) Analyst and Developer

HealthPartners is currently hiring a Principal Identity and Access Management (IAM) Analyst and Developer. This is a senior technical leadership role responsible for driving strategic direction, architecture, and hands-on execution across our identity platforms. The principal leads the design, implementation, and evolution of our enterprise-wide identity and access management (IAM) capabilities.

The ideal candidate brings deep IAM expertise, strong security knowledge, and a proven ability to partner with engineering, application, infrastructure, and security teams to mature an identity program. The principal reports to the Manager, Identity and Access Management and collaborates with a dedicated team focused on enterprise security and access solutions.

Required Qualifications:

• Bachelor's degree in Information Technology, Computer Science, or a related field; or an equivalent combination of education and experience. Four (4) years of professional experience will be considered in lieu of a degree.
• Seven (7) years of experience in identity and access management, cybersecurity, or related fields.
• Four (4) years of experience with SailPoint (ISC) administration including application onboarding, provisioning, and certifications.
• Deep knowledge of identity protocols and standards: SAML, OAuth2, OIDC, SCIM, LDAP, Kerberos, X.509.
• Experience designing and implementing Zero Trust, RBAC/ABAC, and modern authentication frameworks.
• Strong scripting and automation capabilities (PowerShell, Java Beanshell, REST APIs).
• Hands-on experience with Privileged Access Management (PAM) solutions.
• Strong architectural background with the ability to create reference designs and drive adoption.
• Excellent communication and stakeholder engagement skills, including translating complex concepts for nontechnical audiences.

Preferred Qualifications:

• Experience working within the healthcare industry.
• Familiarity with compliance frameworks such as SOX, HIPAA, PCI-DSS, NIST, ISO 27001.
• Relevant certifications such as CISSP, CISM, Azure Identity Engineer, Okta Certified Professional, SailPoint Architect.

Hours/Location:

• Monday - Friday; core business hours
• Work may be performed remotely; however, on-site presence is required on Tuesdays and Thursdays to help jumpstart project work.

Responsibilities:

• Serve as the subject matter expert for identity, authentication, and directory services across the organization.
• Evaluate and recommend IAM technologies, tools, and process improvements.
• Coordinates across Business Partners and Information Technology Application Groups to identify access requirements and assists in integrating these requirements into Security Administration tools and processes.
• Analyzes Security Administration processes / workflows, recommends ways to improve efficiency and effectiveness and helps implement the solutions.
• Design and oversee implementation of identity solutions for cloud, hybrid, and on-prem environments.
• Lead modernization initiatives, including lifecycle automation, access governance, and privileged access controls.
• Build scalable, resilient enterprise identity patterns for applications, APIs, and infrastructure.
• Develop automation and orchestration to streamline joiner/mover/leaver processes.
• Collaborate with security operations, compliance, and audit teams to ensure identity controls meet regulatory requirements.
• Mentor junior IAM engineers and provide technical leadership across the IAM function.
• Ensures that HealthPartners access management aligns with IT's security policies and standards.
• Performs other duties as assigned.