IAM Architect - Full Time
Role: IAM Architect
Location: Chaska MN (100% onsite)
Hire type: FTE
Preferred Qualifications
Experience with supplier/vendor IAM federation in complex semiconductor supply chains.
Background in IT/OT convergence security for smart factories and Industry 4.0 initiatives.
Knowledge of chip design workflows, engineering collaboration platforms, and secure IP vaults.
Relevant certifications: CISSP, CCSP, Microsoft Identity & Access, Okta Certified, ISA/IEC 62443
Cybersecurity Expert.
Required Skills & Experience
8+ years of IAM experience, with at least 3 years in a strategic architecture role for a manufacturing or semiconductor enterprise.
Proven ability to secure both IT and OT environments in global industrial operations.
Expertise in IAM platforms (Okta, SailPoint, Ping, ForgeRock), PAM solutions (CyberArk, Beyond Trust), directory services & federation (LDAP, SAML, OAuth2, OpenID Connect, SCIM), Zero Trust IAM architecture for hybrid cloud & on-premises.
Deep understanding of semiconductor industry workflows, including EDA tools and IP lifecycle management.
Familiarity with industrial control system (ICS) security, OT protocols, and factory automation networks.
Strong knowledge of export control regulations (ITAR/EAR), IP protection strategies, and global data privacy compliance.
Key Responsibilities
Semiconductor IP Protection
Implement least privilege access to safeguard sensitive chip design files, EDA tools, and proprietary engineering data.
Architect IAM for engineering design workflows, integrating with EDA tools (Cadence, Synopsys, Mentor Graphics).
Ensure strict segregation of duties and data residency controls to comply with export controls (ITAR/EAR) and regional IP protection laws.
Develop federated identity and access models for secure collaboration with external R D partners, foundries, and design houses.
Factory OT Security & Operational Continuity
Design IAM solutions for Operational Technology (OT) environments, including MES, SCADA/PLC systems, and factory automation equipment.
Extend Zero Trust principles to the shop floor, securing remote vendor access for equipment maintenance without compromising uptime.
Integrate IAM with Industrial Control Systems (ICS), considering legacy equipment with limited native authentication capabilities.
Work with OT security teams to segment access between IT and OT networks, minimizing lateral movement risks in factories.
Global IAM Strategy & Governance
Define the enterprise IAM roadmap for all global sites, aligning with manufacturing, R D, and supply chain security requirements.
Standardize access provisioning workflows across factories, design centers, suppliers, and regional offices.
Develop role-based (RBAC) and attribute-based (ABAC) access models that address the needs of factory operators, R D engineers, external contractors and vendors, and supply chain partners.
Cloud & Hybrid IAM
Architect secure access to cloud-hosted semiconductor design environments and collaboration tools.
Integrate IAM for multi-cloud environments (Azure, AWS, Google Cloud Platform) supporting global engineering teams.
Enable secure identity federation for supply chain and ecosystem partners.
Risk Management & Compliance
Ensure IAM policies meet semiconductor industry compliance standards, including NIST 800-53, IEC 62443 (OT security), ISO 27001, and export control regulations (ITAR/EAR).
Lead access certification campaigns and automate identity lifecycle management for employees, contractors, and vendors worldwide.
Provide IAM audit readiness for IP protection, export compliance, and global data privacy regulations (GDPR, local DPAs
Technology Enablement & Integration
Lead the evaluation, deployment, and integration of enterprise IAM platforms (SailPoint, ForgeRock, Okta Ping Identity) and Privileged Access Management (PAM) solutions (CyberArk, Beyond Trust).
Automate joiner-mover-leaver (JML) processes across IT, OT, and cloud environments.
Work closely with IT, OT, and cybersecurity teams to ensure high availability and minimal disruption in production environments
Employers have access to artificial intelligence language tools (AI) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job
Dice Id:
10118842
Position Id:
2025-612
Role: IAM Architect
Location: Chaska MN (100% onsite)
Hire type: FTE
Preferred Qualifications
Experience with supplier/vendor IAM federation in complex semiconductor supply chains.
Background in IT/OT convergence security for smart factories and Industry 4.0 initiatives.
Knowledge of chip design workflows, engineering collaboration platforms, and secure IP vaults.
Relevant certifications: CISSP, CCSP, Microsoft Identity & Access, Okta Certified, ISA/IEC 62443
Cybersecurity Expert.
Required Skills & Experience
8+ years of IAM experience, with at least 3 years in a strategic architecture role for a manufacturing or semiconductor enterprise.
Proven ability to secure both IT and OT environments in global industrial operations.
Expertise in IAM platforms (Okta, SailPoint, Ping, ForgeRock), PAM solutions (CyberArk, Beyond Trust), directory services & federation (LDAP, SAML, OAuth2, OpenID Connect, SCIM), Zero Trust IAM architecture for hybrid cloud & on-premises.
Deep understanding of semiconductor industry workflows, including EDA tools and IP lifecycle management.
Familiarity with industrial control system (ICS) security, OT protocols, and factory automation networks.
Strong knowledge of export control regulations (ITAR/EAR), IP protection strategies, and global data privacy compliance.
Key Responsibilities
Semiconductor IP Protection
Implement least privilege access to safeguard sensitive chip design files, EDA tools, and proprietary engineering data.
Architect IAM for engineering design workflows, integrating with EDA tools (Cadence, Synopsys, Mentor Graphics).
Ensure strict segregation of duties and data residency controls to comply with export controls (ITAR/EAR) and regional IP protection laws.
Develop federated identity and access models for secure collaboration with external R D partners, foundries, and design houses.
Factory OT Security & Operational Continuity
Design IAM solutions for Operational Technology (OT) environments, including MES, SCADA/PLC systems, and factory automation equipment.
Extend Zero Trust principles to the shop floor, securing remote vendor access for equipment maintenance without compromising uptime.
Integrate IAM with Industrial Control Systems (ICS), considering legacy equipment with limited native authentication capabilities.
Work with OT security teams to segment access between IT and OT networks, minimizing lateral movement risks in factories.
Global IAM Strategy & Governance
Define the enterprise IAM roadmap for all global sites, aligning with manufacturing, R D, and supply chain security requirements.
Standardize access provisioning workflows across factories, design centers, suppliers, and regional offices.
Develop role-based (RBAC) and attribute-based (ABAC) access models that address the needs of factory operators, R D engineers, external contractors and vendors, and supply chain partners.
Cloud & Hybrid IAM
Architect secure access to cloud-hosted semiconductor design environments and collaboration tools.
Integrate IAM for multi-cloud environments (Azure, AWS, Google Cloud Platform) supporting global engineering teams.
Enable secure identity federation for supply chain and ecosystem partners.
Risk Management & Compliance
Ensure IAM policies meet semiconductor industry compliance standards, including NIST 800-53, IEC 62443 (OT security), ISO 27001, and export control regulations (ITAR/EAR).
Lead access certification campaigns and automate identity lifecycle management for employees, contractors, and vendors worldwide.
Provide IAM audit readiness for IP protection, export compliance, and global data privacy regulations (GDPR, local DPAs
Technology Enablement & Integration
Lead the evaluation, deployment, and integration of enterprise IAM platforms (SailPoint, ForgeRock, Okta Ping Identity) and Privileged Access Management (PAM) solutions (CyberArk, Beyond Trust).
Automate joiner-mover-leaver (JML) processes across IT, OT, and cloud environments.
Work closely with IT, OT, and cybersecurity teams to ensure high availability and minimal disruption in production environments
Employers have access to artificial intelligence language tools (AI) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job
Dice Id:
10118842
Position Id:
2025-612
Job ID: 487387384
Originally Posted on: 7/30/2025
Want to find more Construction opportunities?
Check out the 168,458 verified Construction jobs on iHireConstruction
Similar Jobs
Sign Up for Job Alerts
