Mass General Brigham · 17 hours ago
Sr. IAM Analyst - Risk and Compliance
Somerville, MA
Full-time
Hybrid
Senior Level
$92K/yr - $134K/yr
5+ years expMass General Brigham is a not-for-profit organization that supports patient care, research, teaching, and community service. The Senior IAM Analyst – Risk & Compliance is responsible for ensuring that Identity and Access Management controls are designed, implemented, and operated in alignment with regulatory, security, and risk management requirements, serving as a liaison between various teams and stakeholders.
Health CareHome Health CareMedical
Responsibilities
Own and maintain IAM-related controls mapped to frameworks such as NIST 800-53, NIST CSF, HIPAA Security Rule, and Mass General Brigham security policies
Partner with IAM Engineering and Operations teams to ensure controls are properly designed, implemented, and operating effectively
Identify IAM control gaps, assess risk, and drive remediation plans with clear owners and timelines
Evaluate IAM processes for alignment with least privilege, separation of duties, and zero trust principles
Define and report IAM risk and compliance KPIs, such as: Certification completion and exception rates, Orphaned and dormant account trends, Privileged access violations, Access request SLA adherence
Use data to identify trends, emerging risks, and opportunities for automation or control enhancement
Contribute to continuous improvement of IAM governance processes and tooling
Act as the primary IAM point of contact for: Internal audits, External audits, Regulatory inquiries
Prepare audit evidence, narratives, and walkthroughs for IAM controls including: User lifecycle management, Access requests and approvals, Access certifications, Privileged access management, Authentication and authorization controls
Track audit findings, manage remediation efforts, and validate closure
Provide risk and compliance oversight for access certification campaigns (manager, application owner, privileged access)
Define and enforce certification standards, review quality thresholds, and escalation criteria
Analyze certification results to identify systemic risk, role sprawl, or control weaknesses
Develop and maintain IAM-related: Policies, Standards, Procedures, Control documentation
Ensure policies are actionable, enforceable, and aligned with technical implementations
Support annual policy reviews and exception management processes
Collaborate closely with: IAM Engineering and Operations, Information Security Operations and Program Governance, Privacy and Legal teams, Internal Audit, Application and Infrastructure owners
Serve as a trusted advisor on IAM risk topics to technical and non-technical stakeholders
Qualification
Required
5+ years of progressively responsible experience in Identity and Access Management, Information Security, or IT Risk & Compliance, preferably in a large, regulated healthcare or academic medical environment
Demonstrated experience supporting audits, regulatory inquiries, and control remediation efforts related to IAM
Advanced expertise in IAM governance, risk, and compliance, including identity lifecycle controls, access governance, privileged access management, and authentication and authorization models
Strong working knowledge of healthcare regulatory and security frameworks, including HIPAA and NIST-based control models, and the ability to map requirements to technical IAM controls
Hands-on experience assessing and governing IAM controls within enterprise IAM platforms (e.g., IGA, access management, PAM, directory services)
Ability to apply risk-based and analytical thinking to identify control gaps, prioritize remediation, and drive measurable improvements
Strong written and verbal communication skills, with the ability to clearly articulate IAM risk and compliance concepts to technical teams, auditors, and non-technical stakeholders
Proven ability to lead complex initiatives, manage competing priorities, and deliver outcomes in a matrixed enterprise environment
Strong judgment and decision-making skills, with demonstrated ability to evaluate trade-offs and recommend solutions that align with MGB's risk tolerance
Preferred
Bachelor's or Associate's Degree preferred
Relevant certifications such as CISSP, CISA, CRISC, or IAM platform certifications (e.g., Saviynt, Okta, CyberArk)
Benefits
Comprehensive benefits
Career advancement opportunities
Differentials
Premiums
Bonuses
Recognition programs designed to celebrate your contributions and support your professional growth
Company
Mass General Brigham
Mass General Brigham specializes in providing medical treatments and health diagnostics services.
10001+ employees
H1B Sponsorship
Mass General Brigham has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (77)
2024 (61)
2023 (93)
2022 (70)
2021 (80)
2020 (29)
Funding
Current Stage
Late StageLeadership Team
E
Erin Flanigan
SVP, Human Resources, Community, Specialty Hospital Division
O’Neil A. Britton
Chief Integration Officer, Executive Vice President
Recent News
Bizjournals.com Feed (2025-11-12 15:43:17)
2026-01-09
2026-01-09
Company data provided by crunchbase