All jobs

Managing Director, Identity & Access Management - Evernorth Health Services (Hybrid)

Cigna6h ago
United StatesHybridFull-timeDirector Level12+ yrs exp
H-1B sponsor

Top focus

Identity EngineerManagement Consultant

Role Summary Identity sits at the core of every digital interaction. As Managing Director of Identity and Access Management, this role defines how millions of identities securely access critical systems, data, and services across the enterprise.

The leader is accountable for the strategy, engineering, and operation of enterprise-wide IAM platforms that support employees, contractors, customers, and an expanding set of non-human identities at global scale. This includes end-to-end ownership of the platform lifecycle—architecture, delivery, operations, and continuous improvement—ensuring identity services are secure, resilient, and scalable to enable business growth, regulatory compliance, and accelerating AI adoption.

This role leads the IAM engineering function responsible for building and operating platforms that serve ~70,000 employees, 50,000 contractors, over 10 million customers, and a rapidly growing population of non-human identities, including 10,000+ bots.

The Managing Director owns the full engineering lifecycle across core IAM domains, spanning design, delivery, runtime operations, and continuous optimization. Scope and Reporting Reports to the VP of Global Experience and Identity. Leads four platform engineering teams: Customer Identity and Access Management (approx. 17 engineers) Identity Governance Platform (approx. 46 engineers) IAM Authorization (approx. 74 engineers) IAM Architecture and Data Lake (approx. 4 engineers) What You Will Do Shape the Future of Enterprise Identity · Define and drive the multi-year IAM vision, strategy, roadmap, and investment priorities aligned to business and security objectives · Champion IAM as a strategic business enabler · Lead modernization efforts Engineering Delivery and Platform Operations Own and drive delivery against the IAM engineering roadmap in partnership with architecture and security leadership Hold accountability for platform availability, authentication latency, and provisioning SLAs and SLOs Lead the engineering lifecycle for core IAM platforms including Okta, Savyint, CyberArk, AD, Entra ID, and Other IAM systems.

Ensure platforms produce audit-ready evidence by design, reducing manual compliance effort Drive deployment frequency, reduce change failure rates, and improve mean time to recovery across all platform teams AI Agent Identity Engineering Build and operate the identity infrastructure for non-human identities including AI agents, bots, service accounts, and machine identities Develop credentialing, authentication, and delegation models for ephemeral and autonomous workloads Implement self-attenuating authorization patterns and decoupled identity models for agent-based systems Establish observability and inspection capabilities for AI agent identity activity Automation and Developer Experience Drive automation of provisioning, deprovisioning, access certification, and entitlement management Build and maintain SDKs, documentation, and sandbox environments that allow application teams to adopt centralized identity patterns without friction Champion shift-left identity practices, embedding opinionated identity patterns into application design decisions early in the development lifecycle including skilling AI development tooling Track and improve adoption KPIs including percentage of automated provisioning, percentage of applications on centralized authentication, and non-human identity coverage Lead a High Performing Organization Run each platform team with a product-aligned model: clear backlogs, defined ownership, and lifecycle accountability Build, inspire, and develop a diverse team of IAM leaders.

Build and retain engineering talent with deep protocol-level skills in OAuth 2.0, OIDC, SAML, LDAP, and SCIM Develop team capability to operate effectively as the identity function shifts from traditional administration toward automation, scripting, and AI-ready infrastructure Establish strong succession planning and talent development strategies for critical IAM capabilities and talent Required Qualifications 12 or more years of experience in identity and access management, cybersecurity, or related engineering disciplines 5 or more years leading engineering teams, with demonstrated ability to grow and develop technical talent Hands-on experience with enterprise IAM platforms including Okta, Savyint, Cyberark and AD Working knowledge of core identity protocols: OAuth 2.0, OIDC, SAML, LDAP, and SCIM Experience designing and operating identity solutions at large enterprise scale (tens of thousands of identities minimum) Proven track record delivering complex platform engineering programs on time and within scope Strong grasp of modern engineering practices including CI/CD, infrastructure as code, and observability Preferred Qualifications Experience building identity infrastructure for non-human identities, AI agents, or machine identity programs Familiarity with delegation models, self-attenuating authorization, and agent-based authentication patterns Background in regulated industries with audit, compliance, or data residency requirements Experience leading through a shift from legacy identity administration to automation-first engineering models What Good Looks Like Platform availability and authentication latency consistently meet or exceed defined SLOs Provisioning is automated for the substantial majority of standard access patterns Nearly all applications rely on centralized authentication rather than custom or siloed solutions Non-human identity coverage is tracked, governed, and growing in line with AI adoption Engineering teams ship frequently with low change failure rates and fast recovery times A talent developer who builds exceptional teams Developers across the enterprise view the IAM team as an enabler, not a gatekeeper If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.

For this position, we anticipate offering an annual salary of 209,600 - 349,300 USD / yearly, depending on relevant factors, including experience and geographic location. This role is also anticipated to be eligible to participate in an annual bonus and long term incentive plan.

At The Cigna Group, you’ll enjoy a comprehensive range of benefits, with a focus on supporting your whole health. Starting on day one of your employment, you’ll be offered several health-related benefits including medical, vision, dental, and well-being and behavioral health programs.

We also offer 401(k), company paid life insurance, tuition reimbursement, a minimum of 18 days of paid time off per year, paid holidays, and leaves of absence. For more details on our employee benefits programs, click here . About The Cigna Group Doing something meaningful starts with a simple decision, a commitment to changing lives.

At The Cigna Group, we’re dedicated to improving the health and vitality of those we serve. Through our divisions Cigna Healthcare and Evernorth Health Services, we are committed to enhancing the lives of our clients, customers and patients.

Join us in driving growth and improving lives. Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you need a reasonable accommodation to complete the online application process, please email seeyourself@thecignagroup.com for assistance. Please note that this email inbox is dedicated to accommodation requests only and cannot provide application updates or accept resumes.

The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment.

These states include: Alabama, Alaska, Arizona, Arkansas, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Maryland, Massachusetts, Michigan, Nebraska, Ohio, Pennsylvania, Texas, Utah, Vermont, and Washington State. Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.

Required skills

OktaSavyintCyberArkADOAuth 2.0OIDCSAMLLDAPSCIMCI/CDinfrastructure as codeobservability
Posted on JobRush — the end-to-end AI job-search platform.