Staff IAM Engineer - Executive Support
Top focus
We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do.
Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time. Position Summary The Staff IAM Engineer - Executive Operations plays a critical role in ensuring the reliability, security, and effectiveness of the organization's identity and access management services.
This position is responsible for supporting and improving core IAM operations across Active Directory, Entra ID, cloud IAM platforms, and privileged access solutions, helping ensure users have the access they need while maintaining strong security controls and compliance with regulatory requirements.
Through operational excellence, process improvement, and technical expertise, the role helps strengthen the organization's identity security posture and advance the maturity of the IAM program. In addition to supporting enterprise IAM operations, this role provides specialized support for executive leadership and other high-profile users, requiring a high degree of professionalism, discretion, and responsiveness.
Acting as a trusted partner to executives and senior stakeholders, the Staff IAM Engineer helps resolve complex access issues, navigate sensitive situations, and deliver a high-touch service experience in a 24x7 environment. Role Responsibilities: Development & Enforcement Support execution of enterprise IAM strategy across cloud and hybrid identity platforms.
Implement and maintain cloud-first identity patterns leveraging Entra ID while supporting and modernizing on-premises Active Directory. Enforce IAM best practices, including least privilege, group-based access controls, and time-bound privileged access.
Support Active Directory security hardening, baseline configurations, and enterprise control requirements. Contribute to Privileged Access Management (PAM) solutions for human and service identities. Collaboration & Expertise Partner with Security, Infrastructure, GRC, and Application teams to implement and enhance IAM controls and services.
Serve as a senior technical escalation point for complex identity and access management issues. Provide guidance on IAM risks, access decisions, and security design tradeoffs. Support audit, regulatory, and compliance activities, including HIPAA and SOX requirements.
Analysis & Configuration Design and maintain Active Directory organizational structures, Group Policy configurations, and access management models. Develop and maintain permission structures that reduce privilege creep and support least-privilege access.
Analyze identity and access data to support security investigations, audits, and compliance reviews.Participate in access certification reviews and remediation efforts for excessive or inactive access. Support secure IAM architecture patterns across cloud and hybrid environments.
Operational Support Monitor and improve IAM service health, availability, and operational performance. Lead troubleshooting and root cause analysis for complex identity-related incidents and service disruptions. Support identity lifecycle processes including provisioning, deprovisioning, and access modifications.
Maintain operational procedures, runbooks, and technical documentation. Participate in on-call rotations and incident response activities. Support disaster recovery and business continuity planning for IAM platforms. Identify recurring operational issues and drive long-term remediation and service improvements.
Executive Support & Escalation Management Provide dedicated support for executive leadership and other high-priority users requiring expedited identity and access services. Manage sensitive access requests, escalations, and incidents with professionalism, discretion, and urgency.
Build trusted relationships with executive stakeholders while ensuring adherence to security policies and access governance standards. Deliver a high-touch support experience while balancing business needs, risk, and security requirements. Mentorship & Training Mentor engineers and promote IAM best practices, operational excellence, and reusable design patterns.
Develop documentation, training materials, and knowledge-sharing resources to improve team effectiveness and consistency. Support onboarding and development of team members and contingent resources. Innovation & Continuous Improvement Drive improvements to identity lifecycle management, access provisioning, and operational workflows.
Contribute to automation initiatives that improve service reliability, efficiency, and compliance. Evaluate emerging IAM and PAM technologies to support evolving business and security needs. Identify opportunities to enhance the user experience, strengthen security controls, and increase operational scalability.
Strategic Planning Support execution of the IAM roadmap and organizational priorities. Contribute to ongoing improvements in identity governance, access management, and operational maturity. Help balance security, usability, and compliance when implementing IAM solutions.
Support the transition of new IAM capabilities and services into sustainable operational processes. Required Qualifications 7+ years of experience in Identity & Access Management or related security domains 3+ years of hands-on experience with Active Directory, Entra ID, and cloud IAM platforms (e.g., GCP IAM) 3+ years of experience implementing IAM solutions in enterprise or regulated environments 3+ years of experience supporting audit and compliance requirements (e.g., HIPAA, SOX) Preferred Qualifications Experience with infrastructure-as-code or policy-based IAM (e.g., GCP Config Connector) Familiarity with cloud security tools and IAM risk insights platforms (e.g., Security Command Center) Experience with PAM tools such as CyberArk, HashiCorp Vault, or similar solutions Understanding of Privileged Access Management concepts and tools Strong problem-solving and systems design skills Industry certifications such as CISSP, CISM, or cloud security certifications Experience in healthcare or other highly regulated industries Education Bachelor’s degree from an accredited college or university, or equivalent combination of education and relevant work experience (High School Diploma/GED plus 4 years of related experience) Pay Range The typical pay range for this role is: $142,140.00 - $284,280.00 This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.
The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.
This position also includes an award target in the company’s equity award program. Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.
Great benefits for great people We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families. This full‑time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their families.
The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility. Additional details about available benefits are provided during the application process and on Benefits Moments .
We anticipate the application window for this opening will close on: 07/31/2026 Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.