Dir, Identity & Access Mgmt (IAM) in Des Moines, Iowa at MidAmerican Energy Company

Position Title: Dir, Identity & Access Mgmt (IAM)

Location: Des Moines, IA, United States

Description:
The Director of Identity & Access Management (IAM) is accountable for the delivery, effectiveness, and ongoing maturity of enterprise workforce identity, secrets, and certificate management platforms. This role ensures secure, reliable, and automated access to systems, applications, and collaboration tools across a hybrid cloud, multi affiliate environment.

Aligned to the Infrastructure & Operations Platform vision, this leader transforms legacy, fragmented and manual identity practices into standardized, policy driven, and automated enterprise services that reduce operational toil, improve resilience, and strengthen regulatory compliance. The role partners closely with Platform Engineering, Security, HR, and Application teams to ensure identity related capabilities are engineered as scalable, consumable, and reliable platforms.

This position drives both technical modernization and enterprise change, standardizing identity practices across historically decentralized affiliates while balancing local regulatory and operational needs.

Responsibilities:
1. Enterprise IAM Strategy & Transformation

• Define and execute a multiyear IAM modernization roadmap aligned with I&O Platform priorities for reliability, automation, toil reduction, and cost efficiency.
• Lead the transition from affiliatespecific identity practices to a standardized enterprise workforce identity platform.
• Drive organizational and cultural change required to adopt consistent identity standards across decentralized affiliates.
• Establish workforce identity, secrets, and certificate services as foundational shared capabilities supporting enterprise operations and modernization initiatives.

2. Workforce Identity, Secrets & Certificate Platform Ownership

• Accountable for enterprise workforce identity services, including:
  • Identity lifecycle management (Joiner / Mover / Leaver)
  • Directory services (e.g., Entra ID, Active Directory)
  • IAM services (Saviynt, SailPoint, MIM)
  • Single SignOn (SSO) and MultiFactor Authentication (MFA)
  • Privileged access management (PAM)
• Own enterprise secrets and certificate management platforms as they relate to workforce identity and shared enterprise services, including lifecycle management, rotation, availability, and monitoring.
• Establish enterprise standards and guardrails for secrets and certificate usage in partnership with Platform Engineering for workload and runtime use cases.
• Ensure HRdriven identity is the authoritative source for workforce provisioning and deprovisioning.
• Ensure platforms are engineered for high availability, disaster recovery, and operational continuity.

3. EngineeringFirst Identity & Automation

• Drive APIfirst and eventdriven identity architecture enabling integration with enterprise platforms and developer workflows.
• Promote infrastructureascode and policyascode approaches for identity, access, secrets, and certificates.
• Integrate IAM capabilities into CI/CD pipelines and application delivery processes where appropriate.
• Replace ticketdriven operations with automated, selfservice workflows.
• Define and track metrics such as timetoprovision, automation coverage, and reduction in manual access handling.

4. Governance, Risk & Control Effectiveness

• Design and operate scalable identity governance capabilities including access certifications, role governance, and segregationofduties controls.
• Ensure IAM capabilities support SOX, NERCCIP, and other regulatory requirements.
• Accountable for the design, effectiveness, and continuous improvement of workforce identity access controls.
• Partner with Security and Internal Audit on control testing, regulatory examinations, and remediation activities.

5. Platform Operating Model & Affiliate Alignment

• Establish a centralized IAM platform with federated execution across affiliates.
• Align affiliates to enterprise identity, secrets, and certificate standards through policies, patterns, and approved configurations.
• Serve as the primary IAM point of integration for leadership, HR, and application owners.

6. Partnership with Platform Engineering

• Partner with Platform Engineering on shared identity architecture principles and integration standards.
• Clearly define and maintain ownership boundaries:
  • IAM owns workforce identity and enterprise secrets/certificate platforms
  • Platform Engineering owns workload and runtime identity
• Coordinate roadmaps and architectural decisions to prevent fragmentation.

7. Operational Resilience & Incident Support

• Participate in major incident response when identityrelated failures impact critical systems or restoration activities.
• Ensure incidents result in rootcause analysis and durable platform improvements.

8. Team Leadership & Capability Development

• Lead and evolve an IAM organization currently consisting of engineers and administrators to support modern IAM and maturing platform capabilities.
• Shift team culture from operationscentric execution to platform ownership and engineering excellence.
• Build skills in automation, integration, and modern workforce identity practices.
• Own IAM vendor relationships, budgets, and investment planning.

Qualifications:
Experience

• Bachelor's degree in information systems, computer science or related technical field; or equivalent work experience.
• 10+ years in identity, security, or enterprise infrastructure
• 5+ years leading IAM, security, or platform teams in complex enterprises
• Proven success modernizing IAM in federated or multientity organizations
• Experience in regulated or criticalinfrastructure environments preferred

Technical & Domain Expertise

• Workforce identity lifecycle management
• Cloud and hybrid directory platforms
• SSO, MFA, PAM, and access governance
• Secrets and certificate management platforms
• Identity integration patterns (APIs, SCIM, eventdriven architectures)
• Infrastructureascode and automation concepts
• Working knowledge of Zero Trust principles

Experience with modern IAM and access platforms such as Entra ID, SailPoint, Saviynt, CyberArk, HashiCorp Vault, or similar is preferred.

What Success Looks Like

Workforce identity, secrets, and certificates are engineered as reliable enterprise platforms rather than operational bottlenecks. Access is automated, resilient, auditable, and easy to consume. Affiliates operate on shared standards while maintaining regulatory accountability. IAM quietly enables secure operations, modernization, and enterprise delivery at scale.

Work Authorization/Sponsorship

At this time, we're not considering applicants that need any type of immigration sponsorship (additional work authorization or permanent work authorization) now or in the future to work in the United States. This includes, but IS NOT LIMITED TO: F1-OPT, F1-CPT, H-1B, TN, L-1, J-1, etc. For additional information around work authorization needs please use the following links.

Nonimmigrant Workers and Green Card for Employment-Based Immigrants

About US:
MidAmerican Energy Company, a Midwest utility, provides regulated electric and natural gas service to more than 1.6 million customers in Illinois, Iowa, Nebraska and South Dakota. The company owns and operates a portfolio of power-generating assets, approximately 61% of which is wind generation.

About the Team:
MidAmerican Energy Company is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion or religious creed, age, national origin, ancestry, citizenship status (except as required by law), gender (including gender identity and expression), sex (including pregnancy), sexual orientation, genetic information, physical or mental disability, veteran or military status, familial or parental status, marital status or any other category protected by applicable local, state or U.S. federal law. Employees must be able to perform the essential functions of the position, with or without an accommodation.
JOB INFO

Job Identification: 10005055

Job Category: Information Technology

Posting Date: 2026-05-20
Job Schedule: Full time

Job Shift: Day

Locations: 1615 Locust St, Des Moines, IA, 50309, US
Business: MidAmerican Energy Company