Welch's
Senior Identity and Access Management (IAM) Analyst
Welch's, Waltham, Massachusetts, United States, 02254
Senior Identity and Access Management (IAM) Analyst
Join to apply for the
Senior Identity and Access Management (IAM) Analyst
role at
Welch's
Grow with Welch's! Welch’s is on a journey towards being the global‑leader of convenient, good for you fruit‑based food and beverages. To turn this goal into a reality we need you and other exceptionally talented, agile, and innovative individuals who are eager to contribute to something extraordinary!
Position Summary The
Senior Identity and Access Management (IAM) Analyst
is responsible for securing and managing digital identities across cloud and on‑premise environments in a global food and beverage manufacturing organization. This role focuses on implementing and maintaining identity governance, authentication, and access control solutions using Microsoft Azure Active Directory (Azure AD) and other cloud platforms. The IAM Analyst ensures employees, contractors, and partners have the right level of secure access to business systems, cloud applications, and production technologies—maintaining compliance with regulatory and food safety requirements while enabling operational efficiency across corporate and manufacturing sites.
Where You’ll Work / Hybrid Work Model This role will be based out of our Waltham, MA headquarters with Thursdays and Fridays being flexible remote days. On occasion, this cadence may shift based on business needs.
What You’ll Do
Administer and maintain user accounts, roles, and groups in Azure AD, Microsoft 365, and hybrid Active Directory environments
Manage access provisioning, de‑provisioning, and modification workflows for both cloud‑based and on‑prem systems
Implement role‑based access control (RBAC) and least privilege principles across enterprise and manufacturing systems
Ensure consistent access management across SaaS, IaaS, and PaaS platforms, including Azure, AWS, or other connected cloud environments
Configure and support Single Sign‑On (SSO), Multi‑Factor Authentication (MFA), and Conditional Access policies in Azure AD
Manage federated identities between Azure AD and external partners, cloud providers, or production technology systems
Troubleshoot authentication and authorization issues in hybrid identity environments (on‑prem AD + Azure AD)
Integrate identity services with manufacturing systems, ERP (e.g., SAP, Dynamics), and MES platforms
Collaborate with Cloud and Infrastructure teams to design and maintain secure cloud access controls
Participate in the implementation of cloud identity governance and Privileged Access Management (PAM) solutions
Monitor and assess cloud IAM configurations for compliance with security baselines and best practices (e.g., CIS benchmarks, NIST)
Review and manage privileged accounts and access to cloud resources, including Azure subscriptions and virtual machines
Conduct and document periodic access reviews and user certification campaigns across cloud and on‑prem systems
Support compliance efforts related to SOX, FDA, GDPR and internal audit requirements
Prepare IAM‑related reports and documentation for internal and external audits
Maintain and update IAM policies and standards in line with company guidelines
Automate identity lifecycle and reporting processes using PowerShell, Graph API, or other scripting tools
Identify gaps in IAM processes and propose security and efficiency improvements
Stay current on IAM trends, Zero Trust security models, and cloud security technologies
Support strategic IAM initiatives as part of broader cloud transformation and cybersecurity programs
Who You Are
Ability to create and own policy, process, documentation and governance for your domain
Exceptional technical, analytical, problem‑solving, multitasking, and time‑management skills with consistent attention to detail
Excellent communication skills, with the ability to translate technical issues and processes for business and plant audiences
Ability to balance security rigor with operational uptime in a fast‑paced manufacturing environment
Proactive approach to identifying and mitigating risks
Collaborative mindset across IT, cybersecurity, and plant operations teams
What You’ll Need
Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field
3–5 years of experience in Identity and Access Management, Cloud Security, or IT Infrastructure roles
Experience with Azure Active Directory, Microsoft 365 Security & Compliance Center, and on‑prem Active Directory
Hands‑on experience managing identity and access in cloud environments
Background in manufacturing or industrial operations preferred
Strong understanding of Azure AD, Conditional Access, MFA, SSO, PIM, and Identity Governance
Experience with cloud security controls, service principles, and managed identities
Familiarity with IAM automation, PowerShell scripting, and Azure CLI
Working knowledge of network security, endpoint protection, and Zero Trust frameworks
Understanding of identity protocols (SAML, OAuth 2.0, OpenID Connect, LDAP, Kerberos)
Certifications (SC‑300, AZ‑500, SC‑200) a plus
What You’ll Enjoy
Organization with a bold, clear purpose & vision for the future
Inclusive Culture: Be a part of an inclusive workplace where you not only belong but also have the opportunity to be the best version of yourself
Passionate Community: You are encouraged to have a voice, share your opinions, and have individual impact on the success of the business
Hybrid Work Model: Flexible & collaborative work environment to maximize well‑being & success
Paid Time Off and Holidays: Enjoy time away from the office to rest and recharge
Paid Volunteer Time Off: 40 hours of paid volunteer time for all non‑union employees
Development & Advancement: Access to LinkedIn Learning as well as both formal and informal opportunities to develop and grow your career
Compensation Package Consisting of Competitive Base Salary and Annual Incentive Plan (Bonus)
401K plan with Generous Company Match
Flexible Benefits from your first day: Choose the benefits that meet your needs and preferences
Health, Dental & Vision Insurance
Health Savings Accounts
Life and accident insurance
Employee Assistance Programs
Tuition reimbursement program
Additional benefits available through Perks at Work
Paid parental (and adoption) leave – Available after 12 months of employment
The anticipated hiring base salary range for this position is $100,000 to $110,000 annually for US‑based employees. This range reflects the minimum and maximum for the position across all US locations, is based on a full‑time work schedule, and is Welch’s good faith estimate as of the date of this posting. Within the range, individual pay is determined by work location and additional factors, including job‑related skills, experience, and relevant education or training. In addition to base salary, this role is eligible for participation in a bonus plan.
Welch's is an Equal Employment Opportunity Employer. We are committed to the prevention of employment discrimination based on race, religion, color, sex, gender identity, national origin, age, marital status, disability and/or military or veteran status, sexual orientation or any other action covered by federal or applicable state/local laws.
Welch's offers more than just a job - it’s an opportunity to grow, innovate, and make a global impact with a passionate community.
#J-18808-Ljbffr
Senior Identity and Access Management (IAM) Analyst
role at
Welch's
Grow with Welch's! Welch’s is on a journey towards being the global‑leader of convenient, good for you fruit‑based food and beverages. To turn this goal into a reality we need you and other exceptionally talented, agile, and innovative individuals who are eager to contribute to something extraordinary!
Position Summary The
Senior Identity and Access Management (IAM) Analyst
is responsible for securing and managing digital identities across cloud and on‑premise environments in a global food and beverage manufacturing organization. This role focuses on implementing and maintaining identity governance, authentication, and access control solutions using Microsoft Azure Active Directory (Azure AD) and other cloud platforms. The IAM Analyst ensures employees, contractors, and partners have the right level of secure access to business systems, cloud applications, and production technologies—maintaining compliance with regulatory and food safety requirements while enabling operational efficiency across corporate and manufacturing sites.
Where You’ll Work / Hybrid Work Model This role will be based out of our Waltham, MA headquarters with Thursdays and Fridays being flexible remote days. On occasion, this cadence may shift based on business needs.
What You’ll Do
Administer and maintain user accounts, roles, and groups in Azure AD, Microsoft 365, and hybrid Active Directory environments
Manage access provisioning, de‑provisioning, and modification workflows for both cloud‑based and on‑prem systems
Implement role‑based access control (RBAC) and least privilege principles across enterprise and manufacturing systems
Ensure consistent access management across SaaS, IaaS, and PaaS platforms, including Azure, AWS, or other connected cloud environments
Configure and support Single Sign‑On (SSO), Multi‑Factor Authentication (MFA), and Conditional Access policies in Azure AD
Manage federated identities between Azure AD and external partners, cloud providers, or production technology systems
Troubleshoot authentication and authorization issues in hybrid identity environments (on‑prem AD + Azure AD)
Integrate identity services with manufacturing systems, ERP (e.g., SAP, Dynamics), and MES platforms
Collaborate with Cloud and Infrastructure teams to design and maintain secure cloud access controls
Participate in the implementation of cloud identity governance and Privileged Access Management (PAM) solutions
Monitor and assess cloud IAM configurations for compliance with security baselines and best practices (e.g., CIS benchmarks, NIST)
Review and manage privileged accounts and access to cloud resources, including Azure subscriptions and virtual machines
Conduct and document periodic access reviews and user certification campaigns across cloud and on‑prem systems
Support compliance efforts related to SOX, FDA, GDPR and internal audit requirements
Prepare IAM‑related reports and documentation for internal and external audits
Maintain and update IAM policies and standards in line with company guidelines
Automate identity lifecycle and reporting processes using PowerShell, Graph API, or other scripting tools
Identify gaps in IAM processes and propose security and efficiency improvements
Stay current on IAM trends, Zero Trust security models, and cloud security technologies
Support strategic IAM initiatives as part of broader cloud transformation and cybersecurity programs
Who You Are
Ability to create and own policy, process, documentation and governance for your domain
Exceptional technical, analytical, problem‑solving, multitasking, and time‑management skills with consistent attention to detail
Excellent communication skills, with the ability to translate technical issues and processes for business and plant audiences
Ability to balance security rigor with operational uptime in a fast‑paced manufacturing environment
Proactive approach to identifying and mitigating risks
Collaborative mindset across IT, cybersecurity, and plant operations teams
What You’ll Need
Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field
3–5 years of experience in Identity and Access Management, Cloud Security, or IT Infrastructure roles
Experience with Azure Active Directory, Microsoft 365 Security & Compliance Center, and on‑prem Active Directory
Hands‑on experience managing identity and access in cloud environments
Background in manufacturing or industrial operations preferred
Strong understanding of Azure AD, Conditional Access, MFA, SSO, PIM, and Identity Governance
Experience with cloud security controls, service principles, and managed identities
Familiarity with IAM automation, PowerShell scripting, and Azure CLI
Working knowledge of network security, endpoint protection, and Zero Trust frameworks
Understanding of identity protocols (SAML, OAuth 2.0, OpenID Connect, LDAP, Kerberos)
Certifications (SC‑300, AZ‑500, SC‑200) a plus
What You’ll Enjoy
Organization with a bold, clear purpose & vision for the future
Inclusive Culture: Be a part of an inclusive workplace where you not only belong but also have the opportunity to be the best version of yourself
Passionate Community: You are encouraged to have a voice, share your opinions, and have individual impact on the success of the business
Hybrid Work Model: Flexible & collaborative work environment to maximize well‑being & success
Paid Time Off and Holidays: Enjoy time away from the office to rest and recharge
Paid Volunteer Time Off: 40 hours of paid volunteer time for all non‑union employees
Development & Advancement: Access to LinkedIn Learning as well as both formal and informal opportunities to develop and grow your career
Compensation Package Consisting of Competitive Base Salary and Annual Incentive Plan (Bonus)
401K plan with Generous Company Match
Flexible Benefits from your first day: Choose the benefits that meet your needs and preferences
Health, Dental & Vision Insurance
Health Savings Accounts
Life and accident insurance
Employee Assistance Programs
Tuition reimbursement program
Additional benefits available through Perks at Work
Paid parental (and adoption) leave – Available after 12 months of employment
The anticipated hiring base salary range for this position is $100,000 to $110,000 annually for US‑based employees. This range reflects the minimum and maximum for the position across all US locations, is based on a full‑time work schedule, and is Welch’s good faith estimate as of the date of this posting. Within the range, individual pay is determined by work location and additional factors, including job‑related skills, experience, and relevant education or training. In addition to base salary, this role is eligible for participation in a bonus plan.
Welch's is an Equal Employment Opportunity Employer. We are committed to the prevention of employment discrimination based on race, religion, color, sex, gender identity, national origin, age, marital status, disability and/or military or veteran status, sexual orientation or any other action covered by federal or applicable state/local laws.
Welch's offers more than just a job - it’s an opportunity to grow, innovate, and make a global impact with a passionate community.
#J-18808-Ljbffr