Lead Information Security Engineering - IGA Solutions

Ready to help us transform healthcare? Bring your true colors to blue. 

Position Summary:

We are seeking a highly skilled Senior Information Security Engineering Lead with expert-level knowledge of SailPoint to provide production support and drive the architecture and implementation of our identity governance solutions. Develop the SailPoint engineering plaform for managing the lifecycle events of all BCBSMA associates and contractors, including account creation, suspension, and access to critical applications. As we expand SailPoint’s role to manage more auditable application access, this position will play a key role in ensuring the platform’s stability, scalability, and alignment with business needs.

The ideal candidate will possess deep technical expertise in SailPoint, strong leadership capabilities, and the ability to collaborate across teams to enhance the company’s security posture while enabling business operations.

• Collaborate with the IAM team and key stakeholders to understand technical requirements and translate business requirements into technical specifications for IdentityNow or Identity Security Cloud
• Deliver high-quality, secure SailPoint solutions including enhancements, upgrades, and optimizations to meet evolving business and security needs
• Technical hands-on engineering experience with IGA capabilities including application onboarding, RBAC, access request configuration, access reviews and lifecycle events
• Perform hands-on configuration and customization of the SailPoint IdentityNow or Identity Security Cloud platform to meet specific needs
• Configure and integrate SailPoint IdentityNow or Identity Security Cloud with other applications, directories, and systems as required
• Document the design, configuration, and customizations made to the SailPoint IdentityNow or Identity Security Cloud platform
• Work closely with the IAM Architect, implementation partner and other team members to ensure seamless delivery of the IAM solution
• Define and enforce access control policies, including role-based access control (RBAC), least privilege principle, and segregation of duties (SoD).
• Monitor, troubleshoot and resolve incidents related to SailPoint within SLA timelines
• Prepare root cause analysis documentation for critical incidents and permanently fix recurring issues
• Communicate and coordinate with internal teams to ensure efficient incident escalation and resolution
• Monitor system performance and optimize configurations
• Work with application and security teams to troubleshoot provisioning, authentication and access-related issues
• Ensure compliance with security policies, audit requirements and industry standards
• Support audits by providing documentation, logs or reporting as needed
• Assist in resolving identity synchronization issues and data discrepancies

Technical Expertise:

• In-depth knowledge of SailPoint features and functionality
• Understanding of IAM concepts like RBAC, SOD, and attribute-based access control
• Knowledge of data integration tools and connectors used with SailPoint
• Experience with ITSM tools such as ServiceNow and JIRA

• Strong knowledge of SailPoint architecture, configurations, capabilities and workflows
• Experience with Identity Access Management and Identity Governance Administration best practices and industry standards

Qualifications

• SailPoint Certified Engineer (IdentityNow or Identity Security Cloud)
• 3+ years of direct experience within Identity Access Management (IAM)
• 3+ years of hands-on technical IAM engineering experience
• 2+ years of SailPoint Identity Security Cloud / IdentityNow engineering experience
• 3+ years of experience with one or more of the following: JAVA, PowerShell, REST API integration, BeanShell & Database Technologies

Key Accountabilities:

SailPoint Platform Management

• Provide expert-level production support for SailPoint Identity Governance solutions, ensuring high availability and performance
• Oversee the lifecycle management of identities, including account provisioning, de-provisioning, and access governance for associates and contractors
• Manage critical application access through SailPoint and lead efforts to onboard additional auditable applications into the platform

Architecture & Implementation

• Serve as the architect for SailPoint solutions, designing scalable and secure integrations with enterprise systems
• Lead the implementation of new features and functionalities within SailPoint to meet evolving business requirements
• Ensure adherence to best practices for identity governance, including compliance with industry standards

Cross-Functional Collaboration

• Partner with ET, application teams, compliance, audit, and business teams to align SailPoint capabilities with organizational goals
• Act as a subject matter expert (SME) for identity governance solutions during audits or security reviews
• Collaborate on initiatives to unify decentralized identity management processes into a centralized governance model

Risk Management & Compliance

• Identify and mitigate risks related to identity governance and access management
• Ensure that all processes comply with regulatory requirements (e.g., HIPAA) and internal security policies

Automation & Optimization

• Leverage SailPoint’s advanced features (e.g., AI-driven automation) to streamline identity processes and reduce manual workloads
• Optimize workflows for provisioning, de-provisioning, and access certifications to improve efficiency and reduce errors

Monitoring & Reporting

• Develop metrics and dashboards to monitor the health of the SailPoint platform and report on key performance indicators (KPIs).
• Conduct root cause analysis for incidents related to identity governance and implement corrective actions

Key Competencies

Adaptability & Growth

• Actively seeks information and instructs others to understand changes
• Adapts leadership work style to fit environment
• Capable of leading others to follow through on cross-functional tasks.

Analyzing Needs & Proposing Solutions

• Owns problems and solutions.  Empowers teams to make decisions and own solutions to problems instead of constant escalation.
• Draws upon diverse sources for ideas and inspiration in creative problem-solving activities
• Considers the implications of the recommended solution in light of the culture and context of BCBSMA

Fostering Teamwork & Collaboration

• Seeks and develops suggestions from others, drives partnering relationships
• Uses appropriate influencing techniques to gain genuine agreement.
• Persists by using different approaches

Building Trust

• Understands and represents multiple perspectives so that others understand positions and policies
• Champions the perspectives of different partners even in the face of resistance
• Serves as a role model for others.

Communicating Effectively

• Creates plans for communicating information to business partners
• Employs diverse media to summarize and convey results depending on the audience
• Recognized as business unit expert in external communication, serves as a role model for others.

Influencing & Negotiating

• Provides counseling and guidance to others in developing convincing rationale based on the business case
• Anticipates and handles objections
• Able to advocate for effective solutions while acknowledging diverse viewpoints.

Acting with Urgency

• Regularly takes actions that go beyond requirements to achieve objectives
• Provides leadership and direction for project execution
• Provides expertise to identify potential problems and executes adjustments to project timelines, tasks and resources allocation as required.

Leadership Responsibilities

• Works cross functionally to facilitate and organize actions to meet division and corporate goals
• Assumes a lead role in collaborating to influence actions and decisions to positively impact business and financial results.
• Supports development and implementation of sound business initiatives across the division and BCBSMA.
• Champions process improvements fostering ownership and empowerment across the project teams, IT and the organization.
• As assigned, management of day to day work for Vendor/Outsource Analysts on the project team, and performance feedback.

Background and Experience

• Bachelor’ degree in Computer Science, Cybersecurity, or a related field (Master’s preferred)
• Minimum of 8+ years of experience in information security engineering or identity governance roles, with at least 5 years focused on SailPoint solutions
• Expert-level knowledge of SailPoint IdentityIQ or IdentityNow platforms, including architecture design, configuration, deployment, and support
• Deep understanding of identity lifecycle management, access request workflows, provisioning/de-provisioning processes, and role-based access control (RBAC)
• Familiarity with integrating SailPoint with enterprise applications such as Active Directory, HR systems (e.g., Workday), cloud platforms (AWS/Azure), and other SaaS tools
• Excellent written and verbal communication skills
• Influencing/negotiation skills
• Interpersonal/relationship management skills.

#LI-Hybrid

Minimum Education Requirements:

High school degree or equivalent required unless otherwise noted above

Location

Boston

Time Type

Full time

Salary Range: $160,290.00 - $195,910.00

The job posting range is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting.  We may ultimately pay more or less than the posted range, and the range may be modified in the future.  An employee’s pay position within the salary range will be based on several factors including, but limited to, relevant education, qualifications, certifications, experience, skills, performance, shift, travel requirements, sales or revenue-based metrics, and business or organizational needs and affordability.

This job is also eligible for variable pay.

We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance, 401(k), and a suite of well-being benefits to eligible employees.

Note:  No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.

WHY Blue Cross Blue Shield of MA?

We understand that the confidence gap and imposter syndrome can  prevent  amazing candidates coming our way, so please don’t hesitate to apply. We’d love to hear from you. You might be just what we need for this role or possibly another one at Blue Cross Blue Shield of MA. The more voices we have represented and amplified in our business, the more we will all thrive, contribute, and be brilliant. We encourage you to bring us your true colors, , your perspectives, and your experiences. It’s in our differences that we will remain relentless in our pursuit to transform healthcare for ALL.

As an employer, we are committed to investing in your development and providing the necessary resources to enable your success. Learn how we are dedicated to creating an inclusive and rewarding workplace that promotes excellence and provides opportunities for employees to forge their unique career path by visiting our Company Culture page. If this sounds like something you’d like to be a part of, we’d love to hear from you. You can also join our Talent Community to stay “in the know” on all things Blue.

At Blue Cross Blue Shield of Massachusetts, we believe in wellness and that work/life balance is a key part of associate wellbeing. For more information on how we work and support that work/life balance visit our "How We Work" Page.