WELCOME TO BASF

In the Coatings division, we focus on developing, producing, and marketing innovative coating solutions – from applied surface technologies to automotive paints. We drive innovation, design, and new applications to meet the needs of our partners worldwide in globally connected teams. This portfolio is complemented by “Beyond Paint Solutions,” enabling new surfaces and advanced materials

WHAT YOU CAN EXPECT

As an IAM Architect, you are responsible for designing, evolving, and ensuring the effective implementation of our global Identity & Access Management (IAM) landscape. You combine strategic architecture ownership with hands-on expertise, acting as the IT-Infrastructure key interface between internal teams (esp. Cybersecurity, SAP, Applications, business units) and Managed Service Providers (MSP). In cooperation with the MSP, you ensure that IAM solutions are secure, scalable, and aligned with business and compliance requirements. You will take ownership across the following IAM domains: Entra ID / Azure AD, Access Governance, SSO, MFA, PIM/PAM, Joiner–Leaver–Mover Integration, Password Management Vault, PKI & Key Management. Your key responsibilities include:

• Define and evolve the global IAM strategy together with security and infrastructure experts
• Design end-to-end IAM architecture across all identity lifecycle processes (Joiner–Mover–Leaver)
• Act as professional counterpart towards MSPs: steer and govern external service delivery
• Ensure stable, secure, and compliant IAM operations as well as integration with enterprise architecture (I&O Platform, applications, cloud)
• Provide hands-on expertise in solution design, integrations, and complex troubleshooting scenarios
• Support and advise projects and business stakeholders on IAM-related topics

WHAT YOU OFFER

• Degree in computer science, business informatics, or comparable qualification
• Several years of practical experience in IAM, ideally in an international industrial environment with strong SAP footprint
• Broad expertise as an IAM generalist across multiple domains
• Hands-on experience across core IAM domains, leveraging solutions such as Entra ID, SailPoint, CyberArk, SuccessFactors & ServiceNow, Keeper and DigiCert
• Strong expertise in:
  • Microsoft Entra ID / Azure AD
  • Identity Governance solutions (e.g., SailPoint, One Identity)
  • Authentication protocols (SAML, OAuth, OpenID Connect)
  • Directory services (LDAP, Active Directory)
  • Cloud platforms (Azure, & AWS)
• Experience working with and steering Managed Service Providers
• Solid understanding of IT infrastructure and hybrid cloud environments
• Strong collaboration mindset with willingness to work closely with international teams and travel to sites esp. headquarter Münster, Germany
• Ability to translate business requirements into pragmatic, scalable solutions
• Structured, self-driven, and solution-oriented working style
• Strong communication skills and experience working in global teams
• Fluent in English

WHAT WE OFFER

• Continuous learning and career development through our internal job opportunities.
• A safe work environment where we actively promote your health and well-being.
• Subsidized canteen on site.Free company shuttle service between Alcalá and Marchamalo.
• Competitive compensation package including a fixed salary and performance-based variable pay.
• Opportunities to connect outside the office and stay active through company sports groups.
• Flexible benefits package, which can be allocated voluntarily to transportation, training, childcare, and more.
• Financial support for schooling and additional benefits for families.

HOW TO REACH US

Diversity is our greatest strength!

Become a part of our winning formula for success and develop the future with us - in a global team that embraces inclusion and equal opportunities irrespective of gender, age, origin, sexual orientation, disability or belief.