**Your Future Evolves Here** Evolent Health has a bold mission to change the health of the nation by changing the way health care is delivered. Our pursuit of this mission is the driving force that brings us to work each day. We believe in embracing new ideas, challenging ourselves and failing forward. We respect and celebrate individual talents and team wins. We have fun while working hard and Evolenteers often make a difference _working_ in everything from scrubs to jeans. Are we growing? Absolutely and Globally. In 2021 we grew our teams by almost 50% and continue to grow even more in 2022. Are we recognized as a company you are supported by for your career and growth, and a great place to work? Definitely. Evolent Health International (Pune, India) has been certified as “Great Places to Work” in 2021. In 2020 and 2021 Evolent in the U.S. was both named Best Company for Women to Advance list by Parity.org and earned a perfect score on the Human Rights Campaign (HRC) Foundation’s Corporate Equality Index (CEI). This index is the nation's foremost benchmarking survey and report measuring corporate policies and practices related to LGBTQ+ workplace equality. We recognize employees that live our values, give back to our communities each year, and are champions for bringing our whole selves to work each day. If you’re looking for a place where your work can be personally and professionally rewarding, don’t just join a company with a mission. Join a mission with a company behind it. **What You’ll Be Doing:** The Lead IAM Engineer reports to the IAM Leader and sits under the IT function. The Lead IAM Engineer provides technical expertise on areas of authentication, authorization, access management, privileged access management, identity governance and administration, IAM modernization for humans and machines. In this role, you will design, implement, and maintain our IAM infrastructure to ensure secure and efficient access management across our digital ecosystem. You will play a crucial role in supporting Evolent’s digital transformation by leveraging cutting-edge technologies and best practices in identity and access management. **Responsibilities** + Privileged Access Management: + Develop and implement security policies, procedures, and best practices related to privileged access + Implement PAM solution, ensuring seamless access, operation resilience and user-friendly functionality + Integrate PAM tools with a wide range of security and IT systems + Identity Governance and Administration: + Manage humans and machines in a hybrid and multi-cloud environment. + Life-cycle of accounts. + Life-cycle entitlements based on responsibilities. + Access Management: + Define and enforce policies to control access to resources. + Implement access control models, such as RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control). + Roll out authentication mechanisms and author adaptive access policies. + Define user journeys , including identity verification, aggregate risk scores and control access. + Integrate applications and services with IAM capabilities such as federation, life-cycle management and privileged access management. + Security and Compliance: + Conduct IAM audits and assessments to identify and remediate risks. + Implement security controls to protect IAM systems from unauthorized access and attacks. + Ensure systems comply with relevant security standards and regulations, such as PCI DSS, HIPAA,. + Monitoring and Reporting: + Monitor IAM systems for anomalies and potential security threats. + Generate reports on IAM activity and access patterns. + Provide insights to management on IAM risks and compliance status. + IAM system design and implementation: + Work with IT architects and engineers to design and connect APIs, services and applications to IAM systems. + Evaluate and integrate IAM tools and technologies. + Develop and test IAM configurations. + IAM training and support: + Provide training to IT staff and business users on IAM policies and procedures. + Troubleshoot IAM-related issues and support users with access problems. + Document IAM policies, procedures, and configurations. + Staying up-to-date with IAM trends and technologies: + Attend IAM conferences and workshops. + Read IAM-related blogs, articles, and whitepapers. + Participate in IAM communities and forums. **Requirements** A successful Lead IAM Engineer candidate will have the expertise and skills described below. + Bachelor’s degree in computer science, information systems, cybersecurity, or a related field. + **5-7** years of dedicated Privileged Access Management & identity governance and administration experience. + **5-7** years of information technology administration experience or equivalent combination of work and educational experiences. + **5-7** years designing and implementing identity solutions. + Advanced knowledge of identity technologies and concepts. + Advanced knowledge of Active Directory, Single-Sign On (SSO), and Federated Identities. + Proven direct experience with developing/architecting solutions using two or more leading IAM Solution providers such as Azure Entra ID, Delinea, CyberArk, BeyondTrust. + Familiarity with scripting languages, such as PowerShell and Python, to automate IAM tasks + Knowledge of relevant IT infrastructure and security concepts, such as networking, operating systems, and security protocols. + Excellent knowledge of MFA, risk based and adaptive access control and protocols such as OpenID Connect, SAML, OAuth 2.0 and SCIM + Strong understanding of risk management, disaster recovery, business continuity, IT security architecture, and IT regulatory compliance **Knowledge and Skills** + Methodical and able to follow documented procedures and instructions + Ability to keep meticulous and consistent documentation of processes, architecture, and solutions + Excellent problem-solving and analytical skills, with the ability to independently analyze reported issues, document, and recommend solutions + Ability to collaboratively work with technical and non-technical staff, as well as upper management **Mandatory Requirements:** We require that all employees have the following technical capability at their home: High speed internet over 10 Mbps, the ability to plug in directly to the home internet router. These at-home technical requirements are subject to change with any scheduled re-opening of our office locations. ​ **Evolent Health is an equal opportunity employer and considers all qualified applicants equally without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, or disability status** . Don't see the dream job you are looking for? Drop off your contact information and resume and we will reach out to you if we find the perfect fit!