Associate Director, Information Security Engineering - IAM

About The Role

We're looking for an experienced and dynamic Associate Director of Information Security Engineering to build and lead our Identity and Access Management (IAM) Engineering and Architecture function. This role acts as a key operational and strategic leader, responsible for the strategy, design, and execution of our IAM, Identity Governance and Administration (IGA), and Privileged Access Management (PAM) initiatives.

You will mature our identity program and enhance our security posture to prepare for an AI-enabled, autonomous era. You will provide hands-on technical leadership, define enterprise identity architecture, and partner closely with Security Operations, Cloud Security, IT, Application Engineering, Enterprise Architecture, HR, Risk, Audit, and Compliance to reduce identity risk and enable the business securely.

This role is eligible for our Flex Persona for candidates local to our Boston, MA office.

Your Day to Day

• Partner with senior leadership and your product management counterpart to define and execute the technical strategy and roadmap for IAM, IGA, and PAM, aligned with Zero Trust principles.

• Serve as the lead design authority for all identity security architecture, defining the enterprise standards, patterns, and engineering decisions to be followed.

• Lead the end-to-end engineering lifecycle for all workforce and customer IAM solutions, including authentication, authorization, SSO, MFA, and conditional access.

• Drive the automation of Identity Governance and Administration (IGA), including joiner/mover/leaver (JML) processes, access certifications, and the implementation of role-based and attribute-based access models (RBAC/ABAC).

• Own and mature the enterprise Privileged Access Management (PAM) program, focusing on reducing standing privileges through credential vaulting, rotation, and Just-in-Time (JIT) access.

• Architect modern identity solutions for cloud platforms (AWS, Azure, GCP) and SaaS ecosystems, securing federated identities, APIs, and non-human workload identities.

• Partner with Cloud and Platform teams to embed identity controls directly into CI/CD pipelines and DevOps workflows (DevSecOps).

• Lead the integration of IAM, IGA, and PAM telemetry with SIEM and SOAR platforms to enhance the organization's threat detection and response capabilities.

• Act as the senior technical expert during security investigations and incident response related to account compromise, privilege escalation, and insider risk.

• Lead the strategy for the intersection of AI and Identity by both governing the secure implementation of AI-enabled identity capabilities and architecting the identity framework required to secure the company's AI platforms and non-human workloads.

• Drive key, cross-functional IAM initiatives from concept to completion, defining and tracking measurable outcomes tied to risk reduction and operational efficiency.

• Lead, mentor, and grow a high-performing team of security engineers and architects, fostering a culture of innovation and excellence.

• Build strong, collaborative relationships with stakeholders across IT, Engineering, HR, Legal, and Risk to ensure IAM services enable the business securely.

• Communicate identity risks, architecture decisions, and program progress effectively to executive stakeholders.

What We're Looking For

• Deep IAM Domain Expertise:A leader with the ability to translate strategy into concrete engineering execution and act as the sole IAM architecture and engineering authority in a complex enterprise.

• Strategic & Tactical Execution:A proven ability to think strategically to create a long-term vision and the tactical skills to drive the execution of that vision.

• Problem-Solving:The ability to own complex problems from start to finish, driving toward creative and effective solutions in a dynamic environment.

• Leadership & Influence:A collaborative leader who seeks input, fosters partnerships, and can influence effectively across all levels of the organization, delivering crisp, concise messages tailored for maximum impact.

What You Bring

• Bachelor's degree in Computer Science, Information Security, or a related field.

• 10+ years of experience in information security, with a minimum of 5 years in a leadership role focused on building and managing an IAM/IGA/PAM program in a large, complex enterprise.

• Expert-level knowledge of identity protocols (SAML, OAuth 2.0, OpenID Connect)

• Hands-on experience with leading IAM, IGA, and PAM solutions (e.g., Active Directory, Entra ID, SailPoint, Ping, ForgeRock, Delinea).

• Solid experience managing and mentoring senior engineers and technologists.

• Strong understanding of cloud security (AWS, GCP, Azure) and experience securing SaaS, APIs, and non-human identities.

• Master's degree and/or relevant certifications (e.g., CISSP, CISM, CCSP) are preferred.

• Exposure to Zero Trust architecture and securing GenAI platforms is a plus.

What You'll Gain:

In this role, you will drive the technical vision for the enterprise Identity and Access Management strategy, serving as the definitive engineering and architecture leader for all IAM, IGA, and PAM initiatives. You will gain significant executive visibility, partnering directly with security leadership and your peer in IAM Product & Operations to make decisions that materially reduce risk and enable the business at scale. This is a unique opportunity to architect modern identity controls across a cutting-edge landscape of cloud, SaaS, and GenAI platforms while leading a high-performing engineering team, placing you at the intersection of strategy and execution and on a clear path to broader enterprise security leadership.

It is our mission at Blue Cross Blue Shield of Massachusetts to foster a culture that enables associates to do their best work while living happy and healthy lives. That's why we offer you a variety of ways to support your best physical, emotional, financial, and social well-being. For more information on our benefit offerings, visit https://careers.bluecrossma.org/us/en/benefits

High school degree or equivalent required unless otherwise noted above

The job posting range is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee's pay position within the salary range will be based on several factors including, but limited to, relevant education, qualifications, certifications, experience, skills, performance, shift, travel requirements, sales or revenue-based metrics, and business or organizational needs and affordability.

This job is also eligible for variable pay.

We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance, 401(k), and a suite of well-being benefits to eligible employees.

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law.

WHY Blue Cross Blue Shield of MA?

We understand that theconfidence gapandimposter syndromecan prevent amazing candidates coming our way, so please don't hesitate to apply. We'd love to hear from you. You might be just what we need for this role or possibly another one at Blue Cross Blue Shield of MA. The more voices we have represented and amplified in our business, the more we will all thrive, contribute, and be brilliant. We encourage you to bring us your true colors, , your perspectives, and your experiences. It's in our differences that we will remain relentless in our pursuit to transform healthcare for ALL.

As an employer, we are committed to investing in your development and providing the necessary resources to enable your success. Learn how we are dedicated to creating an inclusive and rewarding workplace that promotes excellence and provides opportunities for employees to forge their unique career path by visiting ourCompany Culturepage. If this sounds like something you'd like to be a part of, we'd love to hear from you. You can also join ourTalent Communityto stay "in the know" on all things Blue.

At Blue Cross Blue Shield of Massachusetts, we believe in wellness and that work/life balance is a key part of associate wellbeing. For more information on how we work and support that work/life balance visit our "How We Work" Page.