IT Consultant - Identity & Access Management

At Duke Health, we're driven by a commitment to compassionate care that changes the lives of patients, their loved ones, and the greater community. No matter where your talents lie, join us and discover how we can advance health together.

About Duke Health Technology Solutions

Pursue your passion for caring and innovation with Duke Heath Technology Solutions, which is dedicated to the transformation, development, and management of enterprise information technology solutions across Duke Health.By harnessing the power of innovative technologies like cloud computing and artificial intelligence - and pairing them with a forward-thinking approach - Duke Health Technology Solutions is revolutionizing the future of health care at Duke Health and beyond.

IT Consultant

Strategic Activities:

• IAM Strategy & Roadmap: Support a long-term IAM strategy, aligning identity/access management initiatives with business goals and security best practices. Define the IAM architecture (covering identity lifecycle, authentication/authorization models, and governance policies) and collaborate to create a roadmap for implementing new IAM technologies and processes.
• Governance & Compliance: Participate in establishing and enforcing IAM policies and standards (e.g., access control policies, password/MFA requirements, role-based access models) to ensure compliance with relevant regulations and internal security requirements. Advise senior leadership on IAM risk and governance matters, integrating IAM considerations into broader IT and security strategies (e.g., Zero Trust, least privilege).
• Cross-Functional Collaboration: Work closely with IT, security, and business units to incorporate IAM into projects and operations. Coordinate identity integration during organizational changes (such as mergers or restructuring of departments), including merging directory or domain infrastructures when necessary. Serve as an IAM subject matter expert in committees and planning groups, ensuring alignment across the organization.

Tactical Activities:

• Implementation of IAM Solutions: Collaborate with stakeholders on the configuration of IAM technologies. This includes setting up and managing Single Sign-On (SSO) and Multi-Factor Authentication (MFA) solutions, configuring identity federation with external/internal systems, and implementing privileged access management tools. Customize IAM platforms or scripts to automate provisioning, deprovisioning, and access reviews.
• User Lifecycle & Access Management: Represent Duke Health in end-to-end user identity lifecycle processes. Ensure timely provisioning of accounts and access for new hires, role changes, and terminations in all relevant systems. Maintain role-based access control (RBAC) frameworks and group management, verifying that users have appropriate access privileges. Regularly perform access recertification and audits, and remediate any discrepancies in permissions.
• Security Monitoring & Issue Resolution: Represent Duke Health in defining the strategy for monitoring IAM systems (logs, alerts, etc.) for unusual access patterns or security events, and respond to identity-related security incidents (such as account compromises or unauthorized access). Troubleshoot and resolve IAM-related technical issues, including login/authentication failures, authorization errors, and directory synchronization problems. Provide support and guidance to IT support teams for complex access requests or issues, and create documentation/KB articles for common procedures.
• Continuous Improvement & Integration: Stay up-to-date with evolving IAM best practices and emerging technologies. Recommend and implement improvements to enhance security, user experience, and efficiency (for example, introducing passwordless authentication options or improving self-service access request workflows). Work on integrating new applications and services into the existing IAM framework, ensuring any new technology (cloud service, enterprise app, etc.) uses centralized identity and access management for consistency and security.

Education/Training:

• Bachelor's Degree: Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field or equivalent work experience.

Required Experience:

• Identity & Access Management: 5+ years of experience in IT with significant focus on Identity and Access Management. This should include hands-on responsibility for implementing or managing IAM solutions (such as directories, SSO/MFA, identity governance, or privileged access management) in a complex enterprise environment.
• Azure AD/Entra & Active Directory Expertise: Strong experience with Microsoft Active Directory (on-premises) and Azure Active Directory/Microsoft Entra ID in a hybrid environment is required . Candidate should have been involved in projects synchronizing AD with Azure AD and ideally have led or contributed to migrating on-prem AD infrastructure to Azure cloud services. Familiarity with tools like Azure AD Connect or Entra Cloud Sync, and resolving issues in hybrid identity setups, is expected.
• Technology Implementation Track Record: Demonstrated ability to design and implement IAM technologies and processes. Examples include deploying an enterprise SSO solution, rolling out MFA to a large user base, implementing an identity governance platform, or establishing a privileged account management process. The candidate should be able to point to specific IAM projects or improvements they were responsible for and the outcomes achieved.
• Project Leadership: Experience leading or significantly contributing to the execution of IT security or IAM projects. This includes coordinating across different teams or departments, managing timelines and deliverables, and possibly working with vendors or external consultants. The role requires the ability to take ownership of IAM initiatives and drive them to completion, so project management skills in an IAM context are important.
• Security & Compliance Experience: Background in environments with rigorous security or compliance requirements. The candidate should understand how IAM supports compliance standards (such as SOX user access controls, HIPAA for healthcare data security, or GDPR for personal data protection) and have experience passing security audits or assessments related to access management. Experience implementing controls to meet regulatory or policy requirements (for instance, enforcing MFA, performing quarterly access reviews, or implementing least-privilege models) is required.

Preferred Experience:

• Sector Experience (Healthcare/Education): Prior experience in an academic medical center, university, or healthcare environment is strongly preferred . Such experience means the candidate is familiar with the unique IAM challenges of these settings - for example, managing identities across both university and healthcare systems, dealing with research collaborators or medical staff rotations, and ensuring compliance with healthcare regulations.
• Mergers & Identity Consolidation: Experience with merging or consolidating identity systems (such as during mergers, acquisitions, or organization-wide IT integrations) is a plus. This could involve consolidating multiple Active Directory domains/forests, integrating separate user databases, or migrating users into a single directory service. Experience in this area indicates the ability to navigate complex technical and organizational challenges while unifying identity platforms.
• Cloud IAM & Digital Transformation: Involvement in large-scale cloud adoption projects, specifically handling the IAM portion of such projects, is preferred. For instance, having guided an organization's shift from on-prem IAM to cloud-based IAM services, or implementing modern authentication and authorization solutions for cloud applications (like adapting legacy apps to use SAML/OAuth with Azure AD). This shows readiness to handle the cloud-centric IAM strategy the role demands.

Required Skills:

• IAM Domain Knowledge: Deep understanding of identity and access management concepts, protocols, and best practices. Must be well-versed in authentication technologies (LDAP, Kerberos, SAML, OAuth 2.0/OIDC, etc.), authorization models (RBAC, ABAC), and identity lifecycle processes. Ability to design secure and efficient access models (e.g., applying least privilege, implementing role-based access controls) is essential.
• Microsoft Identity & Cloud Skills: Expert skills in administering Active Directory and Azure Active Directory (Entra) . This includes user and group management, group policy creation, managing AD forests/domains, setting up and troubleshooting Azure AD Connect, and configuring Conditional Access policies. Comfort with PowerShell or similar for automating IAM tasks is expected. Additionally, familiarity with related Microsoft security features (Azure MFA, Identity Protection, Privileged Identity Management) is important.
• Security Mindset: Strong security and risk management mindset as it relates to IAM. The consultant should be adept at identifying potential vulnerabilities in identity systems (like password policies, service account misuse, inactive accounts) and implementing measures to mitigate them. Must understand concepts like Zero Trust security and how robust IAM controls (MFA, device compliance, just-in-time access) contribute to overall cybersecurity.
• Analytical Problem-Solving: Excellent problem-solving skills to diagnose and resolve complex identity/access issues. Whether it's a user having inconsistent access across systems or a synchronization conflict between directories, the consultant should systematically troubleshoot and resolve the problem. Attention to detail is key, as IAM issues often involve subtle configuration settings or data inconsistencies.
• Communication & Documentation: Clear communication skills, both written and verbal. Able to explain IAM concepts and changes to non-technical stakeholders (for instance, explaining the need for MFA to end-users or outlining an IAM roadmap to executives). Should be skilled at writing documentation-such as IAM policies, how-to guides for users, and runbooks for IT teams-and at training technical staff on new IAM tools or processes.
• Collaboration & Teamwork: A collaborative approach to work with various teams. The IAM consultant will engage a variety of teams across both Duke Health and Duke University. Being able to gather requirements, incorporate feedback, and work together to implement identity solutions is crucial. Strong interpersonal skills will help drive user adoption of IAM initiatives and ensure alignment across different stakeholders.

Preferred Skills:

• Certifications: Professional certifications related to security and IAM are a plus. These include certifications like CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or Microsoft Certified: Azure Solutions Architect / Identity and Access Administrator . Such certifications demonstrate validated expertise and a commitment to staying current in the field.
• Additional IAM Tools & Technologies: Experience with a range of IAM and security tools beyond the core Microsoft suite is beneficial. For example, familiarity with identity governance products (e.g., SailPoint), cloud SSO platforms (e.g., Okta), or privileged access management solutions (e.g., CyberArk). Knowledge of multi-cloud IAM (such as AWS IAM) can also be an advantage, indicating versatility across different environments.
• Industry-Specific IAM Knowledge: Understanding of identity management needs and solutions specific to healthcare or higher education is desirable. For instance, awareness of clinical single sign-on systems or hospital badge access solutions, or knowledge of academic federated identity frameworks and student access systems. Likewise, familiarity with regulations like HIPAA or FERPA and how they impact IAM policies would be valuable.
• Change Management & User Education: Skill in driving user adoption of new IAM solutions. This includes experience in change management activities like creating user communication plans, training sessions, and support resources when rolling out new authentication methods or IAM tools. An ability to make the transition to new processes smooth for users (minimizing resistance and confusion) is a strong plus.
• Leadership & Mentoring: The ability to lead and mentor others in the realm of IAM. Whether it's guiding junior IT staff on IAM best practices, or leading an internal IAM workgroup, leadership skills help in championing the IAM program. A candidate who can foster knowledge sharing and elevate the overall IAM competence of the team will be highly regarded.

Duke is an Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex (including pregnancy and pregnancy related conditions), sexual orientation or military status.

Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas-an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.

Essential Physical Job Functions:

Certain jobs at Duke University and Duke University Health System may include essential job functions that require specific physic

Required

Preferred

Job Industries

• Other