Identity Access Management (IAM) Architect

The Massachusetts Executive Office of Health and Human Services (EOHHS) is the largest secretariat in MA state government, comprised of 16 agencies with over 20,000 employees statewide. EOHHS services directly touch the lives of slightly more than 1 in 4 residents in the Commonwealth - some of our most vulnerable children, youth, adults, and elders. EOHHS provides access to medical and behavioral health care, substance misuse treatment, long term services and support, and nutritional and financial benefits to those with low incomes. We connect elders, individuals with disabilities, and veterans with employment opportunities, housing, and supportive services. We steer troubled youth towards a more successful path and do everything possible to keep children in our child welfare system safe. We support individuals who are developmentally disabled, mentally ill, blind, deaf, or hard of hearing.

EOHHS is seeking to hire an Identity Access Management (IAM) Architect to join the EOHHS Technology Office and assist with strategic planning and tactical implementation of our next generation Enterprise-wide IAM solution across a majority of EOHHS internal and client-facing applications. The IAM Architect will be responsible for providing architectural and technical solution support and to work on modernizing the IAM solution to fall within the Executive Office of Technology Services and Security (EOTSS) guidelines. The incumbent will also collaborate with business stakeholders and application development teams from multiple EOHHS agencies to implement a standard based secure IAM solution.

The primary work location for this role will be at 100 Hancock Street, Quincy, Massachusetts 02171. The work schedule for this position is Monday thru Friday, 9:00AM to 5:00PM EST.

This position will follow a hybrid model of reporting that combines in-office workdays and work from home days as needed. This position is expected to perform occasional after hours support as authorized and required.

Duties and Responsibilities:

• Provide technical leadership in IAM technologies, architectures, and solutions
• Collaborate with business stakeholders and application development teams from multiple EOHHS agencies to define, architect, and implement a standard based secure IAM solution that is scalable, robust, and performant while fulfilling business requirements and the Commonwealth of Massachusetts' security guidelines
• Architect solutions for new and more dynamic environments with Agile, DevOps, containers, microservices, stateless architectures, and APIs
• Document and present technical architecture and design with a focus on architectural standards, growth, performance, flexibility, reliability, scalability, and security
• Develop detailed plans and execution in security administration to meet the needs of applications hosting PII and PHI data sets
• Define, plan, and design innovative Identity Management solutions to meet the needs of B2B and B2C segments of IAM
• Lead technical efforts between teams to proactively resolve issues with applications, performance, infrastructure, and configurations while serving as a final escalation point for IAM tools while providing and maintaining accurate documentation
• Ensure a strong understanding of IAM best practices and requirements by building strong relationships and proactively engaging to safely maintain and track access
• Develop seamless and transparent migration strategies from legacy IAM integrations with minimal impact to business processes, workflows, and user communities
• Oversee new developments and life-cycle management of the services related to Identity Governance and Administration services
• Identify, implement, and improve current processes by identifying gaps and recommending/delivering changes and enhancements to support controls, data quality, security risk reduction, scalability, efficiency, and regulatory compliance
• Partner with application owners and leaders to address business and technical issues involved in deploying, governing, and extending identity services

Preferred Knowledge, Skills, and Abilities:

• Two (2) years of experience as an IAM Architect using modern enterprise authentication and access management technologies
• Four (4) years of experience as a lead IAM Developer for large scale enterprise applications
• Eight (8) years of IT experience providing solutions and integrations in a large technology enterprise environment
• Professional experience in the healthcare domain preferred
• Proven hands-on experience with developing/architecting solutions using two or more leading IAM Solution providers such as Azure AD, Oracle OAIM, and ForgeRock
• Demonstrated experience with performance management and capacity planning for large scale enterprise applications
• Thorough understanding of modern enterprise architecture and hands-on experience with Enterprise Application frameworks
• Excellent knowledge of authentication protocols such as SAML, OpenID Connect, OAuth, MFA, and Risk Based Authentication
• Ability to translate business strategies and project portfolios into short and long-term architectural plans, detailed requirements, and models
• Strong understanding of risk management, disaster recovery, business continuity, IT security architecture, and IT regulatory compliance
• Ability to comprehend and leverage the functions and capabilities of new technologies
• Ability to create estimations of time and resource requirements for different activities and determine which activities can be completed in parallel and in sequence

• Methodical and able to follow documented procedures and instructions
• Ability to keep meticulous and consistent documentation of processes, architecture, and solutions
• Strong multitasking and time management skills with the ability to prioritize effectively and efficiently
• Excellent problem-solving and analytical skills, with the ability to independently analyze reported issues, document, and recommend solutions
• Ability to collaboratively work with technical and non-technical staff, as well as upper management
• Excellent communication and writing skills with the ability to clearly communicate technical concepts to both technical and non-technical audiences across all levels of an organization

Education and Certifications:

• Bachelor's degree in Computer Science, Information Technology, or related field required or equivalent work experience
• Cyber Security Certification preferred
• CISSP, CISM, or equivalent certification preferred

A criminal background check will be completed on the recommended candidate as required by the regulations set forth by the Executive Office of Health and Human Services prior to the candidate being hired. For more information, please visit .

Education and license/certification information provided by the selected candidate(s) is subject to the Massachusetts Public Records Law and may be published on the Commonwealth's website.

If you require assistance with the application/interview process and would like to request an ADA accommodation, please click on the link and complete the .

For questions, please the contact the Office of Human Resources at 1-800-510-4122 and select option #2.

First consideration will be given to those applicants that apply within the first 14 days.

Please see Preferred Qualifications.

Comprehensive Benefits

When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future.

Want the specifics?

An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.

The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law. Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC) may self-select out of opportunities if they don't meet 100% of the job requirements. We encourage individuals who believe they have the skills necessary to thrive to apply for this role.