Job Description

Newport News, Virginia

The Director Enterprise Identity Services and Cybersecurity serves as a senior cybersecurity leader responsible for the design, implementation, and governance of enterprise identity and access management (IAM) across the health system. This role combines hands-on IAM leadership with senior-level cybersecurity responsibilities, ensuring secure, compliant, and efficient access to clinical, administrative, and third-party systems. The position requires extensive cybersecurity experience in a healthcare environment and direct leadership of an IAM team, supporting patient safety, regulatory compliance, and organizational risk management.

What you will do

• Lead, mentor, and manage the IAM team, including engineers, analysts, and administrators. Define and execute the IAM strategy aligned with organizational cybersecurity and clinical objectives. Oversee user lifecycle management (JML: joiner, mover, leaver) across workforce, clinicians, contractors, and vendors. Manage privileged access management (PAM), role-based access control (RBAC), and least-privilege models.Ensure secure identity integration across EHR (Epic), clinical systems, cloud platforms, and third-party applications. Lead the design and implementation of Identity Governance (IGA) frameworks, specifically defining Separation of Duties (SoD) policies and orchestrating periodic access certifications to ensure the principle of least privilege. Integrate robust Change Management protocols into the IAM lifecycle to ensure that identity-related updates, configuration shifts, and privilege escalations are executed with minimal operational disruption and full audit-ability.
• Serve as a senior cybersecurity leader, collaborating with members of the information security, infrastructure, and application security teams. Assess, mitigate, and manage identity-related cybersecurity risks, including insider threats and credential compromise. Support incident response and breach investigations involving identity, access, or authentication events. Contribute to enterprise security architecture and zero-trust initiatives. Lead security reviews for new systems, integrations, and vendor access.
• Ensure IAM controls meet healthcare regulatory requirements (HIPAA, HITECH, NIST, HITRUST, ISO 27001)
• Support audits, risk assessments, and compliance reporting related to identity security
• Develop and enforce IAM policies, standards, and procedures
• Partner with clinical leadership to balance security, usability, and patient care workflows

Qualifications

Education

• Bachelors Degree, Bachelor’s degree in Information Security, Computer Science, Healthcare Informatics, or related field (or equivalent experience) (Required)

Experience

• 7-10 years Cybersecurity experience, with significant experience in healthcare environments (Required)
• 3-4 years Supervisory experience (Required)

Skills and Abilities

• Experience with Zero Trust Architecture and modern identity security frameworks
• Prior experience supporting large health systems or multi-facility organizations
• Strong knowledge of IAM, PAM, MFA, SSO, directory services, and cloud identity
• Proven experience supporting regulatory compliance and audits in healthcare
• Demonstrated ability to lead cross-functional security initiatives
• Strategic leadership and team development
• Strong communication skills with technical and non-technical stakeholders
• Risk-based decision making in clinical environments
• Ability to balance security, compliance, and patient care priorities
• High level of integrity and accountability

Licenses and Certifications

• CISSP Upon Hire (Preferred)

Other Requirements

• Call Rotation

To learn more about being a team member with Riverside Health System visit us at https://www.riversideonline.com/careers