IAM Architect - Full Time

Role: IAM Architect
Location: Chaska MN (100% onsite)
Hire type: FTE

Preferred Qualifications

• Experience with supplier/vendor IAM federation in complex semiconductor supply chains.
• Background in IT/OT convergence security for smart factories and Industry 4.0 initiatives.
• Knowledge of chip design workflows, engineering collaboration platforms, and secure IP vaults.
• Relevant certifications: CISSP, CCSP, Microsoft Identity & Access, Okta Certified, ISA/IEC 62443
• Cybersecurity Expert.

Required Skills & Experience

• 8+ years of IAM experience, with at least 3 years in a strategic architecture role for a manufacturing or semiconductor enterprise.
• Proven ability to secure both IT and OT environments in global industrial operations.
• Expertise in IAM platforms (Okta, SailPoint, Ping, ForgeRock), PAM solutions (CyberArk, Beyond Trust), directory services & federation (LDAP, SAML, OAuth2, OpenID Connect, SCIM), Zero Trust IAM architecture for hybrid cloud & on-premises.
• Deep understanding of semiconductor industry workflows, including EDA tools and IP lifecycle management.
• Familiarity with industrial control system (ICS) security, OT protocols, and factory automation networks.
• Strong knowledge of export control regulations (ITAR/EAR), IP protection strategies, and global data privacy compliance.

Key Responsibilities

1. Semiconductor IP Protection

• Implement least privilege access to safeguard sensitive chip design files, EDA tools, and proprietary engineering data.
• Architect IAM for engineering design workflows, integrating with EDA tools (Cadence, Synopsys, Mentor Graphics).
• Ensure strict segregation of duties and data residency controls to comply with export controls (ITAR/EAR) and regional IP protection laws.
• Develop federated identity and access models for secure collaboration with external R&D partners, foundries, and design houses.

1. Factory OT Security & Operational Continuity

• Design IAM solutions for Operational Technology (OT) environments, including MES, SCADA/PLC systems, and factory automation equipment.
• Extend Zero Trust principles to the shop floor, securing remote vendor access for equipment maintenance without compromising uptime.
• Integrate IAM with Industrial Control Systems (ICS), considering legacy equipment with limited native authentication capabilities.
• Work with OT security teams to segment access between IT and OT networks, minimizing lateral movement risks in factories.

1. Global IAM Strategy & Governance

• Define the enterprise IAM roadmap for all global sites, aligning with manufacturing, R&D, and supply chain security requirements.
• Standardize access provisioning workflows across factories, design centers, suppliers, and regional offices.
• Develop role-based (RBAC) and attribute-based (ABAC) access models that address the needs of factory operators, R&D engineers, external contractors and vendors, and supply chain partners.

1. Cloud & Hybrid IAM

• Architect secure access to cloud-hosted semiconductor design environments and collaboration tools.
• Integrate IAM for multi-cloud environments (Azure, AWS, Google Cloud Platform) supporting global engineering teams.
• Enable secure identity federation for supply chain and ecosystem partners.

1. Risk Management & Compliance

• Ensure IAM policies meet semiconductor industry compliance standards, including NIST 800-53, IEC 62443 (OT security), ISO 27001, and export control regulations (ITAR/EAR).
• Lead access certification campaigns and automate identity lifecycle management for employees, contractors, and vendors worldwide.
• Provide IAM audit readiness for IP protection, export compliance, and global data privacy regulations (GDPR, local DPAs

1. Technology Enablement & Integration

• Lead the evaluation, deployment, and integration of enterprise IAM platforms (SailPoint, ForgeRock, Okta Ping Identity) and Privileged Access Management (PAM) solutions (CyberArk, Beyond Trust).
• Automate joiner-mover-leaver (JML) processes across IT, OT, and cloud environments.
• Work closely with IT, OT, and cybersecurity teams to ensure high availability and minimal disruption in production environments