IAM Architect - full time job in Chaska MN (100% onsite)

Role : IAM Architect

Location : Chaska MN (100% onsite)

Hire type : FTE

\

Preferred Qualifications

- Experience with supplier/vendor IAM federation in complex semiconductor supply chains.

- Background in IT/OT convergence security for smart factories and Industry 4.0 initiatives.

- Knowledge of chip design workflows, engineering collaboration platforms, and secure IP vaults.

- Relevant certifications: CISSP, CCSP, Microsoft Identity & Access, Okta Certified, ISA/IEC 62443

Cybersecurity Expert.

Required Skills & Experience

8+ years of IAM experience, with at least 3 years in a strategic architecture role for a manufacturing or

semiconductor enterprise.

Proven ability to secure both IT and OT environments in global industrial operations.

Expertise in IAM platforms (Okta, SailPoint, Ping, ForgeRock), PAM solutions (CyberArk, BeyondTrust),

directory services & federation (LDAP, SAML, OAuth2, OpenID Connect, SCIM), Zero Trust IAM architecture

for hybrid cloud & on-premises.

Deep understanding of semiconductor industry workflows, including EDA tools and IP lifecycle

management.

Familiarity with industrial control system (ICS) security, OT protocols, and factory automation networks.

Strong knowledge of export control regulations (ITAR/EAR), IP protection strategies, and global data privacy

compliance.

Key Responsibilities

1. Semiconductor IP Protection

Implement least privilege access to safeguard sensitive chip design files, EDA tools, and proprietary

engineering data.

Architect IAM for engineering design workflows, integrating with EDA tools (Cadence, Synopsys, Mentor

Graphics).

Ensure strict segregation of duties and data residency controls to comply with export controls (ITAR/EAR)

and regional IP protection laws.

Develop federated identity and access models for secure collaboration with external R&D partners,

foundries, and design houses.

1. Factory OT Security & Operational Continuity

Design IAM solutions for Operational Technology (OT) environments, including MES, SCADA/PLC systems,

and factory automation equipment.

Extend Zero Trust principles to the shop floor, securing remote vendor access for equipment maintenance

without compromising uptime.

Integrate IAM with Industrial Control Systems (ICS), considering legacy equipment with limited native

authentication capabilities.

Work with OT security teams to segment access between IT and OT networks, minimizing lateral movement

risks in factories.

1. Global IAM Strategy & Governance

Define the enterprise IAM roadmap for all global sites, aligning with manufacturing, R&D, and supply chain

security requirements.

Standardize access provisioning workflows across factories, design centers, suppliers, and regional offices.

Develop role-based (RBAC) and attribute-based (ABAC) access models that address the needs of factory

operators, R&D engineers, external contractors and vendors, and supply chain partners.

1. Cloud & Hybrid IAM

Architect secure access to cloud-hosted semiconductor design environments and collaboration tools.

Integrate IAM for multi-cloud environments (Azure, AWS, Google Cloud Platform) supporting global engineering teams.

Enable secure identity federation for supply chain and ecosystem partners.

1. Risk Management & Compliance

Ensure IAM policies meet semiconductor industry compliance standards, including NIST 800-53, IEC 62443

(OT security), ISO 27001, and export control regulations (ITAR/EAR).

Lead access certification campaigns and automate identity lifecycle management for employees,

contractors, and vendors worldwide.

Provide IAM audit readiness for IP protection, export compliance, and global data privacy regulations

(GDPR, local DPAs

1. Technology Enablement & Integration - Lead the evaluation, deployment, and integration of enterprise IAM platforms (SailPoint, ForgeRock, Okta

Ping Identity) and Privileged Access Management (PAM) solutions (CyberArk, BeyondTrust).

Automate joiner-mover-leaver (JML) processes across IT, OT, and cloud environments.

Work closely with IT, OT, and cybersecurity teams to ensure high availability and minimal disruption in

production environments