Apply on Employer Site

Mass General Brigham · 11 hours ago

Sr. IAM Analyst - Risk and Compliance

Somerville-MA

Full-time

Hybrid

Senior Level

$92K/yr - $134K/yr

5+ years exp

Mass General Brigham is a not-for-profit organization dedicated to advancing patient care, research, teaching, and community service. They are seeking a Senior IAM Analyst – Risk & Compliance to ensure that Identity and Access Management controls align with regulatory, security, and risk management requirements, acting as a liaison between various teams and managing IAM governance and audit readiness.

Health CareHome Health CareMedical

H1B Sponsor Likely

Responsibilities

Own and maintain IAM-related controls mapped to frameworks such as NIST 800-53, NIST CSF, HIPAA Security Rule, and Mass General Brigham security policies

Partner with IAM Engineering and Operations teams to ensure controls are properly designed, implemented, and operating effectively

Identify IAM control gaps, assess risk, and drive remediation plans with clear owners and timelines

Evaluate IAM processes for alignment with least privilege, separation of duties, and zero trust principles

Define and report IAM risk and compliance KPIs, such as: Certification completion and exception rates, Orphaned and dormant account trends, Privileged access violations, Access request SLA adherence

Use data to identify trends, emerging risks, and opportunities for automation or control enhancement

Contribute to continuous improvement of IAM governance processes and tooling

Act as the primary IAM point of contact for: Internal audits, External audits, Regulatory inquiries

Prepare audit evidence, narratives, and walkthroughs for IAM controls including: User lifecycle management, Access requests and approvals, Access certifications, Privileged access management, Authentication and authorization controls

Track audit findings, manage remediation efforts, and validate closure

Provide risk and compliance oversight for access certification campaigns (manager, application owner, privileged access)

Define and enforce certification standards, review quality thresholds, and escalation criteria

Analyze certification results to identify systemic risk, role sprawl, or control weaknesses

Develop and maintain IAM-related: Policies, Standards, Procedures, Control documentation

Ensure policies are actionable, enforceable, and aligned with technical implementations

Support annual policy reviews and exception management processes

Collaborate closely with: IAM Engineering and Operations, Information Security Operations and Program Governance, Privacy and Legal teams, Internal Audit, Application and Infrastructure owners

Serve as a trusted advisor on IAM risk topics to technical and non-technical stakeholders

Qualification

IAM governanceRisk managementCompliance frameworksAudit supportCISSPCISACRISCIAM platformsAnalytical thinkingCommunication skillsDecision-making

Required

5+ years of progressively responsible experience in Identity and Access Management, Information Security, or IT Risk & Compliance, preferably in a large, regulated healthcare or academic medical environment

Demonstrated experience supporting audits, regulatory inquiries, and control remediation efforts related to IAM

Advanced expertise in IAM governance, risk, and compliance, including identity lifecycle controls, access governance, privileged access management, and authentication and authorization models

Strong working knowledge of healthcare regulatory and security frameworks, including HIPAA and NIST-based control models, and the ability to map requirements to technical IAM controls

Hands-on experience assessing and governing IAM controls within enterprise IAM platforms (e.g., IGA, access management, PAM, directory services)

Ability to apply risk-based and analytical thinking to identify control gaps, prioritize remediation, and drive measurable improvements

Strong written and verbal communication skills, with the ability to clearly articulate IAM risk and compliance concepts to technical teams, auditors, and non-technical stakeholders

Proven ability to lead complex initiatives, manage competing priorities, and deliver outcomes in a matrixed enterprise environment

Strong judgment and decision-making skills, with demonstrated ability to evaluate trade-offs and recommend solutions that align with MGB's risk tolerance

Preferred

Bachelor's or Associate's Degree preferred

Relevant certifications such as CISSP, CISA, CRISC, or IAM platform certifications (e.g., Saviynt, Okta, CyberArk) – Preferred

Benefits

Comprehensive benefits

Career advancement opportunities

Differentials

Premiums

Bonuses

Recognition programs

Company

Mass General Brigham

Glassdoor3.7

Mass General Brigham specializes in providing medical treatments and health diagnostics services.

Founded in 1994

Somerville, Massachusetts, USA

10001+ employees

https://www.massgeneralbrigham.org

H1B Sponsorship

Mass General Brigham has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (77)

2024 (61)

2023 (93)

2022 (70)

2021 (80)

2020 (29)

Funding

Current Stage

Late Stage

Leadership Team

Erin Flanigan

SVP, Human Resources, Community, Specialty Hospital Division

O’Neil A. Britton

Chief Integration Officer, Executive Vice President

Recent News

PR Newswire

DiMe launches new initiative to scale trusted, high-impact AI care navigation in response to how patients are already using AI to navigate care

2026-01-11

Bizjournals.com Feed (2025-11-12 15:43:17)

Fallon Health merges with Mass General Brigham as health plans face financial pressure

2026-01-09

Boston Globe

Mass General Brigham to acquire insurer Fallon Health

2026-01-09

Company data provided by crunchbase