Lead Director, Identity and Access Management

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

Position Summary
 

The Director of Identity & Access Management (IAM) is a senior security and engineering leader responsible for building, leading, and sustaining the IAM function for a new CVS Health Venture. This role owns the end‑to‑end IAM program, including strategy, governance, engineering, and operations across a complex hybrid environment spanning Active Directory, Entra ID, GCP IAM, and Privileged Access Management. Operating in a greenfield environment, the Director will establish foundational identity models, access controls, and operating frameworks to deliver a secure, scalable, and audit‑ready IAM capability aligned with HIPAA, SOX, and enterprise security standards.

This leader is accountable for IAM as a business‑critical enterprise program, driving outcomes across security, compliance, and operational performance. The Director will lead and scale a high‑performing organization, establish clear governance and accountability across first and second lines of defense, and influence senior stakeholders on identity related risk and priorities. This role will define the IAM roadmap, advance automation and lifecycle capabilities, and drive continuous improvement as the function matures into a critical enabler of growth and compliance.
 

Role Responsibilities:

IAM Strategy, Governance & Execution

• Own and execute the enterprise IAM program strategy across the hybrid environment (Active Directory, Entra ID, GCP IAM, PAM).
• Define and enforce identity governance frameworks, including tiering models, access controls, and federation across AD, Entra, and GCP.
• Ensure IAM controls meet HIPAA, SOX, and enterprise security standards, partnering with audit, compliance, and legal teams.
• Serve as the primary IAM authority, guiding cross-functional decisions on identity risk, access governance, and control enforcement.

Engineering Leadership & Identity Architecture Oversight

• Provide leadership oversight of identity platform design and configuration, including AD structure, group policy, and permission models.
• Ensure identity access is structured to prevent privilege creep through effective role design, inheritance control, and policy enforcement.
• Oversee Privileged Access Management (PAM), enforcing least privilege and eliminating persistent administrative access.
• Guide implementation of secure identity patterns (e.g., federation, service accounts, VPC Service Controls, emergency access).

Operations, Risk & Service Delivery

• Own IAM operational performance, including KPIs, reporting, audit readiness, and service reliability.
• Establish and maintain runbooks, SOPs, and access lifecycle processes (joiner/mover/leaver).
• Oversee incident response, access escalations, and high-risk revocations, ensuring timely resolution and SLA adherence.
• Lead access reviews, remediation efforts, and continuous improvement of IAM maturity and control effectiveness.
• Ensure disaster recovery, business continuity, and resilience of identity platforms.

Organizational Leadership & Program Build

• Build and lead a high-performing IAM organization, including hiring, structure, and capability development across engineering and operations.
• Establish clear operating models, accountability, and governance across first and second lines of defense.
• Provide executive-level reporting and communication on IAM risks, performance, and maturity.

Innovation, Automation & Continuous Improvement

• Drive automation of identity lifecycle management, provisioning, certification, and compliance reporting.
• Own the IAM roadmap, aligning technology investments with business growth and regulatory requirements.
• Evaluate and implement emerging IAM and PAM technologies to enhance scalability, efficiency, and security posture.

Required Qualifications

• 10+ years of IAM experience, including senior leadership ownership of enterprise identity platforms.
• 7+ years of hands on experience in:
  • Active Directory (cloud and on‑prem), including security hardening and forest‑level controls
  • Entra ID federation and hybrid identity
  • GCP IAM architecture and governance
  • Privileged Access Management
• 7+ years of experience in people management including but not limited to hiring, training and mentorship, team building, etc.
• 5+ years of experience in regulated environments, including HIPAA and SOX impact on identity controls.

Preferred Qualifications

• Demonstrated autonomy, tolerance for ambiguity, and success building identity platforms from zero.
• Demonstrated experience running IAM as a program, with accountability for outcomes.

• Experience with KCC (Config Connector) IAM Policy Member and IAM Service Account resources.
• Familiarity with Wiz IAM analysis and Security Command Center findings.
• Experience with CyberArk, HashiCorp Vault, or similar PAM platforms.
• CISSP, CISM, or GCP Security Engineer certification.
• Healthcare or highly regulated industry experience.

Education

• Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience).

Pay Range

The typical pay range for this role is:

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.  The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.  This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.  This position also includes an award target in the company’s equity award program. 
 

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.

Additional details about available benefits are provided during the application process and on Benefits Moments.

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.