Key skills
Identity & Access ManagementHIPAA complianceSSOMFACloud-native environmentsIAM best practicesZero Trust principlesIAM automationInfrastructure-as-codeRelevant certificationsTeam leadershipcommunicationCollaboration skillsAWSAzureGCPIAMSaaSLeadershipMentoringCommunicationZero Trust
About this role
OpenLoop is a company focused on bringing care anywhere through telehealth support solutions. They are seeking a Staff IAM Engineer to lead and evolve their Identity & Access Management program, combining technical expertise with leadership to ensure secure access controls and compliance with healthcare regulations.
Responsibilities:
- Lead, mentor, and develop a small team of IAM analysts; serve as a hands-on technical leader
- Define and execute IAM strategy aligned with business growth and regulatory requirements
- Establish and maintain IAM governance, policies, standards, and procedures
- Partner with Security, Compliance, Engineering, IT, and Product teams to ensure secure access controls across platforms
- Design, implement, and manage IAM solutions across cloud and SaaS environments
- Oversee identity lifecycle management (joiner/mover/leaver processes)
- Implement RBAC/ABAC models aligned with least privilege principles
- Manage SSO, MFA, PAM, and directory services integrations
- Conduct access reviews and certifications to meet compliance requirements
- Support audit readiness (HIPAA, SOC 2, HITRUST, etc.)
- Monitor IAM metrics and continuously improve automation and controls
- Ensure IAM controls align with HIPAA requirements and PHI protection standards
- Maintain documentation and evidence for audits and regulatory reviews
- Partner with Compliance and Legal to interpret regulatory requirements, towards identifying and remediating access-related risks and vulnerabilities
Requirements:
- 7+ years of experience in Identity & Access Management, with 2+ years in a senior or lead capacity
- Experience leading or mentoring a small team
- Strong experience with SSO, MFA, identity lifecycle management, and privileged access management
- Deep knowledge of IAM best practices in regulated healthcare environments
- Strong understanding of HIPAA, PHI safeguards, and related healthcare security standards
- Experience in cloud-native environments (AWS, Azure, or GCP)
- Ability to thrive in a fast-paced startup environment with evolving priorities
- Excellent communication skills and a collaborative, positive mindset
- Experience supporting SOC 2, HITRUST, or similar compliance frameworks
- Familiarity with Zero Trust principles
- Relevant certifications (CISSP, CISM, CIAM, Azure/AWS Security certs, etc.)
- Experience with IAM automation and infrastructure-as-code practices