IAM Architect – OT & Enterprise
BH-324730
Posted: 04/02/2026
- Good
- Denmark Gentofte
- Contract
-
Alternative & Renewable Energy
-
Offshore Wind
Senior IAM Architect – 6 Months contract – Gentofte, Denmark
Hybrid – 2 days on site 3 days remote
IAM Architect – OT & Enterprise
Description:
Privilege Access Management (PAM)
Identity Governance and Administration (IGA)
Requirements:
IAM & IGA fundamentals (Must-have): Strong foundational understanding of Identity and Access Management, including IAM processes, access governance concepts, and enterprise IAM application architectures.
IGA platform experience (Must-have): Hands-on experience delivering at least one enterprise-grade Identity Governance & Administration (IGA) deployment, including configuration, customization, and rollout; preference for SailPoint IdentityIQ. Exposure to PAM solutions such as ManageEngine PAM360 is an advantage.
IGA engineering & operations: Proven experience in technical maintenance, development, and troubleshooting across one or more IAM technologies, ensuring stability, scalability, and security of IGA platforms.
Application integration & configuration: Experience configuring and integrating applications into standard enterprise systems, applying best practices for connectors, entitlement modeling, access certification, and lifecycle workflows.
Software engineering & DevOps: Experience with professional software development practices, including unit testing, CI/CD pipelines (e.g., Azure DevOps), and DevOps ways of working supporting IAM/IGA platforms.
Cloud & platform exposure: Practical experience working with cloud environments and services, including storage, messaging/queues, serverless functions, event-driven architectures, and containers, in support of IAM/IGA solutions.
Security & compliance: Solid understanding of IT security and data protection principles, with the ability to embed security controls and compliance requirements into IGA designs and operations; knowledge of energy sector regulations is a plus.
With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.
Hybrid – 2 days on site 3 days remote
IAM Architect – OT & Enterprise
Description:
- Own and govern the end-to-end IAM architecture across Identity Governance & Administration (IGA) and Privileged Access Management (PAM), ensuring secure, compliant, scalable, and fit-for-purpose solutions across IT and OT environments.
- Lead the design and evolution of IAM architecture for the OT domain, engaging with business units, global IT, and OT stakeholders to translate regulatory, partner, and client security requirements into target-state architectures and architectural standards.
- Define and drive the OT IAM architectural roadmap, guiding the phased rollout of IGA and PAM capabilities, onboarding OT identities, assets, and privileged access use cases, and supporting delivery against goals
- Establish, maintain, and enforce Ørsted IAM architectural principles, reference architectures, design patterns, and blueprints, ensuring alignment with enterprise architecture, Zero Trust, least privilege, and OT-specific constraints such as safety, availability, and resilience.
- Provide architectural governance across IAM initiatives, reviewing solution designs, managing technical risks and dependencies, and ensuring consistency across teams, platforms, and delivery increments.
- Act as a trusted IAM Architect and security advisor, guiding stakeholders and delivery teams in embedding IGA and PAM capabilities into IT and OT architectures, operational processes, and access models in a scalable and future-proof manner.
Privilege Access Management (PAM)
- Responsible for low level design and support implementation of PAM solution including requirement analysis
- Responsible for automating PAM processes
- Conduct Proof of Concept
- Troubleshoot incident and provide fix
- Track application life cycle and address security vulnerabilities
- Perform code reviews, provide recommendation on best practices on the PAM solution following security, regulatory and compliance requirements.
Identity Governance and Administration (IGA)
- Responsible for ensuring that the low level design is aligned with High Level design and requirements
- Responsible for ensuring that low level design is resilient and scalable
- Ensure configurations are not hardcoded within workflows, follows IGA application best practices
- Ensure implementation partner's delivered artefacts are accurate and up to date by reviewing them thoroughly
- Challenges suggested design to ensure better quality and outcomes
- Ensure performance, error handling, reusability and maintainability of the IGA solution
- Design, Develop and test IGA use cases
- Perform code reviews, provide recommendation on best practices on the IGA solution following security, regulatory and compliance requirements
- Conduct Proof of Concept
- Application onboarding design pattern definition and review
Requirements:
IAM & IGA fundamentals (Must-have): Strong foundational understanding of Identity and Access Management, including IAM processes, access governance concepts, and enterprise IAM application architectures.
IGA platform experience (Must-have): Hands-on experience delivering at least one enterprise-grade Identity Governance & Administration (IGA) deployment, including configuration, customization, and rollout; preference for SailPoint IdentityIQ. Exposure to PAM solutions such as ManageEngine PAM360 is an advantage.
IGA engineering & operations: Proven experience in technical maintenance, development, and troubleshooting across one or more IAM technologies, ensuring stability, scalability, and security of IGA platforms.
Application integration & configuration: Experience configuring and integrating applications into standard enterprise systems, applying best practices for connectors, entitlement modeling, access certification, and lifecycle workflows.
Software engineering & DevOps: Experience with professional software development practices, including unit testing, CI/CD pipelines (e.g., Azure DevOps), and DevOps ways of working supporting IAM/IGA platforms.
Cloud & platform exposure: Practical experience working with cloud environments and services, including storage, messaging/queues, serverless functions, event-driven architectures, and containers, in support of IAM/IGA solutions.
Security & compliance: Solid understanding of IT security and data protection principles, with the ability to embed security controls and compliance requirements into IGA designs and operations; knowledge of energy sector regulations is a plus.
With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.