Information Security IAM Architect
Requisition ID
545321
Category
Information Technology
Location
United States - NY, New York
Location: Hybrid
Medidata follows a hybrid office policy in which employees who are hired for an in-person position are expected to work on site a certain number of days per week in accordance with Company policy.
About our Company:
Medidata is powering smarter treatments and healthier people through digital solutions to support clinical trials. Celebrating 25 years of ground-breaking technological innovation across more than 36,000 trials and 11 million patients, Medidata offers industry-leading expertise, analytics-powered insights, and one of the largest clinical trial data sets in the industry. More than 1 million users trust Medidata's seamless, end-to-end platform to improve patient experiences, accelerate clinical breakthroughs, and bring therapies to market faster. Discover more at www.medidata.com.
About the Team:
The IAM Architect is responsible for the design, automation, and governance of enterprise-wide identity and access management solutions. This role ensures secure, scalable, and compliant access to systems and data by integrating modern IAM platforms with automated identity workflows, lifecycle management, and zero trust security principles.This role will be reporting to Senior Director, Information Security.
Responsibilities:
- Lead the architecture and automation of scalable IAM solutions across cloud and on-premise environments., including provisioning, de-provisioning, and access certification workflows.
- Contribute to the development and maintenance of IAM policies, standards, and automation frameworks aligned with industry best practices (e.g., NIST, ISO 27001).Support audits, regulatory compliance (e.g., SOX, HIPAA, GDPR), and risk assessments related to IAM.
- Design and implement automated solutions for identity lifecycle management, role-based access control (RBAC), and entitlement reviews.
- Collaborate with management of InfoSec, Operations and Engineering teams, to identify organizational roles, and the appropriate access requirements to enable completion of relevant responsibilities within Medidata’s environments and tools.
- Integrate IAM with HR systems, cloud platforms, DevOps tools, and enterprise applications via APIs and connectors.
- Architect solutions for Single Sign-On (SSO), Multi-Factor Authentication (MFA), Federated Identity, and Privileged Access Management (PAM).
- Architect and oversee identity lifecycle processes: provisioning, de-provisioning, authentication, authorization, and access governance.
- Select and Implement, and Utilize tools such as SailPoint, Okta, CyberArk, Delinea, and scripting languages (e.g., PowerShell, Python) to drive automation and efficiency.
- Collaborate with stakeholders across Security, IT, HR, and Compliance to align IAM automation with business and regulatory requirements.
- Collaborate with Security, IT, DevOps, and business units to align identity strategies with enterprise objectives.
- Establish guardrails and monitoring for IAM processes using event-driven architectures, SIEM, and IAM analytics.
- Support Zero Trust and least privilege strategies through dynamic policy enforcement and adaptive access controls.
- Serve as a subject matter expert for IAM incident response and remediation activities.
- Lead integrations with HR systems, directories (LDAP/AD), and application access workflows.
Qualifications:
- Bachelor's degree in Computer Science, Information Security, or related field (Master’s preferred).
- 5–10 years of experience in IAM architecture, engineering, or equivalent cybersecurity role.
- Deep understanding of IAM protocols: SAML, OAuth 2.0, OIDC, LDAP, SCIM, Kerberos.
- Experience with IGA tools (e.g., SailPoint, Saviynt) and PAM solutions (e.g., CyberArk, BeyondTrust).
- Strong knowledge of zero trust architecture, identity federation, and role-based access control (RBAC).
- Proven experience with cloud IAM (Azure, AWS, GCP).
- Strong documentation, communication, and stakeholder management skills.
Preferred Certifications:
CISSP, CIAM, Azure Security Engineer, Certified Identity Professional (CIP), GIAC (GCIH, GCIA, etc.)
Success Measures:
- Secure, automated, and compliant access controls across all business units
- Reduction in identity-related incidents and audit findings
- Successful IAM project delivery within scope and budget
As with all roles, Medidata sets ranges based on a number of factors including function, level, candidate expertise and experience, and geographic location.
The salary range for positions that will be physically based in the NYC Metro Area is $114,750-153,000.
The salary range for positions that will be physically based in the California Bay Area is $121,500-162,000.
The salary range for positions that will be physically based in the Boston Metro Area is $113,250-151,000.
The salary range for positions that will be physically based in Texas or Ohio is $101,250-135,000.
The salary range for positions that will be physically based in all other locations within the United States is $102,750-137,000.
Base pay is one part of the Total Rewards that Medidata provides to compensate and recognize employees for their work. Most sales positions are eligible for a commission on the terms of applicable plan documents, and many of Medidata's non-sales positions are eligible for annual bonuses. Medidata believes that benefits should connect you to the support you need when it matters most and provides best-in-class benefits, including medical, dental, life and disability insurance; 401(k) matching; flexible paid time off; and 10 paid holidays per year.
Equal Employment Opportunity:
In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Medidata are based on merit, qualifications and abilities. Medidata is committed to a policy of non-discrimination and equal opportunity for all employees and qualified applicants without regard to race, color, religion, gender, sex (including pregnancy, childbirth or medical or common conditions related to pregnancy or childbirth), sexual orientation, gender identity, gender expression, marital status, familial status, national origin, ancestry, age, disability, veteran status, military service, application for military service, genetic information, receipt of free medical care, or any other characteristic protected under applicable law. Medidata will make reasonable accommodations for qualified individuals with known disabilities, in accordance with applicable law.
Applications will be accepted on an ongoing basis until the position is filled.
#LI-EM1
#LI-Hybrid
Note: Please be on the lookout for job scams. Medidata recruiters will never ask applicants for monetary compensation, credit card, or banking details.