IAM Specialist – Identity & Access Management (Part-Time) (M/F/X)

The IAM Specialist is responsible for governing identity and access across the organization’s entire digital ecosystem, including Google Workspace, Microsoft 365, and a portfolio of 100+ SaaS applications.

Beyond access governance, this role encompasses SaaS contract and license management (renewals, supplier negotiations, compliance audits), as well as active cybersecurity responsibilities: DLP policy enforcement, security log monitoring across Microsoft and Google platforms, and ensuring regulatory compliance across all managed applications.

• Administer user identities and access rights across Google Workspace, Microsoft 365, and 100+ SaaS applications (ERP, CRM, HRIS, collaboration tools, productivity platforms, etc.)
• Define and enforce role-based access control (RBAC) profiles and the principle of least privilege across the entire application portfolio
• Manage access provisioning and deprovisioning in coordination with HR for onboarding, offboarding, and role changes across all 100+ applications
• Manage privileged accounts, service accounts, and admin credentials with appropriate controls (PAM, MFA enforcement, credential vaulting)
• Maintain a real-time access registry mapping users to application roles, document all provisioning and change decisions with full audit trail
• Lead periodic access certification campaigns and user rights reviews across all platforms; detect, document, and remediate access anomalies

• Disable and/or delete accounts promptly upon employee departure or role changes across all 100+ SaaS applications, Google Workspace, and Microsoft 365
• Build and maintain automated deprovisioning workflows triggered by HR system events, ensuring zero-delay revocation of access rights
• Ensure full traceability of deletions for audit and compliance purposes
• Archive user data in accordance with data retention policies and GDPR requirements

• Maintain an up-to-date inventory of all 100+ SaaS applications: owner, business purpose, user count, license tier, contract expiry, and security classification
• Manage the full SaaS contract lifecycle: negotiate renewals, track contract terms and SLAs, coordinate with suppliers, and ensure timely renewals to avoid service interruptions
• Optimize license allocation across all applications: track actual usage vs. purchased seats, eliminate unused licenses, and rightsize subscriptions to reduce costs
• Conduct supplier compliance audits and vendor due diligence (data processing agreements, GDPR compliance, security certifications) for all SaaS vendors
• Evaluate and onboard new SaaS applications: security review, SSO/SCIM integration, access model design, and documentation before go-live
• Maintain complete technical documentation for all managed applications: access models, integration maps, contract terms, and security controls

• Administer Google Workspace (user accounts, groups, organizational units, Drive sharing policies, OAuth app control, Admin Console) and Microsoft 365 (Entra ID, Exchange, Teams, SharePoint)
• Configure and maintain SSO (Single Sign-On) and SCIM provisioning integrations between identity providers (Google) and SaaS applications to automate the user lifecycle

• Handle all access requests escalated via the helpdesk: validate with line managers, provision or deny in accordance with security policies, and log every decision
• Produce regular reporting on access activity, license utilization, contract renewals, and compliance status for IT management and stakeholders
• Act as the primary point of contact for business units regarding application access, vendor relations, and SaaS tool governance
• Collaborate with business teams and IT management to assess new SaaS tool requests, define access governance requirements, and prioritize integration work

• Define, implement, and enforce IT security policies for all managed applications: MFA requirements, conditional access policies, data classification, and access control standards
• Configure and operate Data Loss Prevention (DLP) policies within Microsoft Purview and Google Workspace to prevent unauthorized data exfiltration across SaaS platforms
• Ensure GDPR compliance across all managed applications: data processing agreements with suppliers, data subject rights procedures, and data retention enforcement
• Contribute to security audit recommendations and ensure remediation actions are tracked, implemented, and evidenced for internal and external auditors

• Validate the cybersecurity posture of all new SaaS applications prior to onboarding (SSO, MFA, data residency, DPA) and ensure secure offboarding (data deletion, credential revocation, audit evidence)
• Run quarterly access recertification campaigns across all 100+ applications; engage application owners and managers to confirm, modify, or revoke access rights, and document remediation outcomes
• Monitor and analyze Microsoft 365 security logs on a daily basis: Entra ID sign-in risk, conditional access failures, MFA anomalies, Microsoft Defender for Endpoint/Identity alerts, and Microsoft Purview DLP incidents
• Monitor Google Workspace security logs: Admin Console audit trail, Alert Center events, login anomalies, Drive external sharing violations, OAuth token activity, and DLP rule triggers
• Investigate and respond to security alerts across all monitored platforms; triage incidents, contain threats, and escalate confirmed security events to the IT Manager with full documentation
• Administer endpoint security tools (WithSecure, HarfangLab EDR): review alerts, manage policy profiles, investigate suspicious detections, and ensure endpoint compliance across the device fleet
• Produce monthly security reports covering log review findings, DLP incidents, open alerts, access anomalies, and remediation actions; maintain a security event register for audit purposes
• Produce monthly or on-demand security reports summarizing log review findings, open alerts, access anomalies, and remediation actions taken; maintain a security event register

• Maintain a consolidated SaaS application register and IAM dashboard; provide visibility to management on access posture, compliance status, and license spend
• Identify and lead continuous improvement initiatives: automate repetitive IAM tasks, improve provisioning workflows, and reduce mean time to access provisioning and deprovisioning
• Stay current on IAM, SaaS governance, and cybersecurity trends; propose adoption of tools and practices that improve the organization’s identity security posture

• Bachelor’s to Master’s degree in Computer Science, Information Systems, Cybersecurity, or Network & Security
• Equivalent qualifications accepted: IT Engineering degree, specialized IAM/cybersecurity training, or significant professional experience

• Proven experience managing access across a large SaaS portfolio (50+ applications) in a multi-platform environment (Google Workspace, Microsoft 365, SaaS) is required
• Solid knowledge of Active Directory, Azure AD / Entra ID, Google Workspace Admin, SSO (SAML, OIDC), SCIM provisioning, and IAM governance principles is required
• Experience with SaaS contract management, supplier negotiations, and license lifecycle management (renewals, audits, cost optimization) is strongly preferred
• Experience with cybersecurity operations: security log monitoring (M365, Google Workspace), DLP configuration, and incident response is strongly preferred
• IAM or security certifications are an asset: Microsoft SC-300 (Identity & Access Administrator), SC-900, Google Workspace Administrator, CompTIA Security+, or equivalent