Senior Identity and Access Management (IAM) Analyst

Job Description

Job Description

Grow with Welch's!

Welch's is on a journey towards our bold ambition of being the global-leader of convenient, good for you fruit-based food and beverages. To turn this goal into a reality we need you and other exceptionally talented, agile, and innovative individuals who are eager to contribute to something extraordinary!

At Welch's, we're not just offering a job; we're inviting you to be a part of a vibrant, authentic, and inclusive culture where you not only belong, but also have the opportunity to unleash the best, most authentic version of you.

POSITION SUMMARY:

The Senior Identity and Access Management (IAM) Analyst is responsible for securing and managing digital identities across cloud and on-premise environments in a global food and beverage manufacturing organization. This role focuses on implementing and maintaining identity governance, authentication, and access control solutions using Microsoft Azure Active Directory (Azure AD) and other cloud platforms.

The IAM Analyst ensures employees, contractors, and partners have the right level of secure access to business systems, cloud applications, and production technologies — maintaining compliance with regulatory and food safety requirements while enabling operational efficiency across corporate and manufacturing sites.

WHERE YOU'LL WORK / HYBRID WORK MODEL:

This role will be based out of our Waltham, MA headquarters with Thursdays and Fridays being flexible remote days. On occasion, this cadence may shift based on business needs.

WHAT YOU'LL DO:

• Administer and maintain user accounts, roles, and groups in Azure AD, Microsoft 365, and hybrid Active Directory environments
• Manage access provisioning, de-provisioning, and modification workflows for both cloud-based and on-prem systems
• Implement role-based access control (RBAC) and least privilege principles across enterprise and manufacturing systems
• Ensure consistent access management across SaaS, IaaS, and PaaS platforms, including Azure, AWS, or other connected cloud environments
• Configure and support Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Conditional Access policies in Azure AD
• Manage federated identities between Azure AD and external partners, cloud providers, or production technology systems
• Troubleshoot authentication and authorization issues in hybrid identity environments (on-prem AD + Azure AD)
• Integrate identity services with manufacturing systems, ERP (e.g., SAP, Dynamics), and MES platforms
• Collaborate with Cloud and Infrastructure teams to design and maintain secure cloud access controls
• Participate in the implementation of cloud identity governance and Privileged Access Management (PAM) solutions
• Monitor and assess cloud IAM configurations for compliance with security baselines and best practices (e.g., CIS benchmarks, NIST)
• Review and manage privileged accounts and access to cloud resources, including Azure subscriptions and virtual machines
• Conduct and document periodic access reviews and user certification campaigns across cloud and on-prem systems
• Support compliance efforts related to SOX, FDA, GDPR and internal audit requirements
• Prepare IAM-related reports and documentation for internal and external audits.
• Maintain and update IAM policies and standards in line with company guidelines
• Automate identity lifecycle and reporting processes using PowerShell, Graph API, or other scripting tools
• Identify gaps in IAM processes and propose security and efficiency improvements
• Stay current on IAM trends, Zero Trust security models, and cloud security technologies
• Support strategic IAM initiatives as part of broader cloud transformation and cybersecurity programs

WHO YOU ARE:

• Ability to create and own policy, process, documentation and governance for your domain
• Exceptional technical, analytical, problem solving, multitasking, and time management skills with consistent attention to detail
• Excellent communication skills, with the ability to translate technical issues and processes for business and plant audiences
• Ability to balance security rigor with operational uptime in a fast-paced manufacturing environment
• Proactive approach to identifying and mitigating risks
• Collaborative mindset across IT, cybersecurity, and plant operations teams

WHAT YOU'LL NEED:

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or related field
• 3–5 years of experience inIdentity and Access Management, Cloud Security, orIT Infrastructureroles
• Experience with Azure Active Directory, Microsoft 365 Security & Compliance Center, andon-prem Active Directory
• Hands-on experience managing identity and access in cloud environments
• Background in manufacturing or industrial operations preferred
• Strong understanding of Azure AD, Conditional Access, MFA, SSO, PIM, andIdentity Governance
• Experience with cloud security controls, service principles, andmanaged identities
• Familiarity with IAM automation, PowerShell scripting, andAzure CLI
• Working knowledge of network security, endpoint protection, andZero Trust frameworks
• Understanding of identity protocols (SAML, OAuth 2.0, OpenID Connect, LDAP, Kerberos)
• Certifications (SC-300, AZ-500, SC-200) a plus

What You'll Enjoy:

• Organization with a bold, clear purpose & vision for the future
• Inclusive Culture: Be a part of an inclusive workplace where you not only belong but also have the opportunity to be the best version of yourself
• Passionate Community: You are encouraged to have a voice, share your opinions, and have individual impact on the success of the business
• Hybrid Work Model: Flexible & collaborative work environment to maximize well-being & success
• Paid Time Off and Holidays: Enjoy time away from the office to rest and recharge
• Paid Volunteer Time Off: 40 hours of paid volunteer time for all non-union employees
• Development & Advancement: Access to LinkedIn Learning as well as both formal and informal opportunities to develop and grow your career
• Compensation Package Consisting of Competitive Base Salary and Annual Incentive Plan (Bonus)
• 401K plan with Generous Company Match
• Flexible Benefits from your first day: Choose the benefits that meet your needs and preferences
  • Health, Dental & Vision Insurance
  • Health Savings Accounts
  • Life and accident insurance
  • Employee Assistance Programs
  • Tuition reimbursement program
  • Additional benefits available through Perks at Work
  • Paid parental (and adoption) leave – Available after 12 months of employment

The anticipated hiring base salary range for this position is $100,000K to $110,000K annually for US-based employees. This range reflects the minimum and maximum for the position across all US locations, is based on a full-time work schedule, and is Welch's good faith estimate as of the date of this posting. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. In addition to base salary, this role is eligible for participation in a bonus plan.

#LI-Hybrid

Welch's is an Equal Employment Opportunity Employer. We are committed to the prevention of employment discrimination based on race, religion, color, sex, gender identity, national origin, age, marital status, disability and/or military or veteran status, sexual orientation or any other action covered by federal or applicable state/local laws.

Welch's offers more than just a job - it's an opportunity to grow, innovate, and make a global impact with a passionate community.