IAM Specialist – Identity & Access Management (Part-Time) (M/F/X) in Prague, Oklahoma at Biggie Group

The IAM Specialist is responsible for governing identity and access across the organization’s entire digital ecosystem, including Google Workspace, Microsoft 365, and a portfolio of 100+ SaaS applications.

Beyond access governance, this role encompasses SaaS contract and license management (renewals, supplier negotiations, compliance audits), as well as active cybersecurity responsibilities: DLP policy enforcement, security log monitoring across Microsoft and Google platforms, and ensuring regulatory compliance across all managed applications.

Access & Rights Management

• Administer user identities and access rights across Google Workspace, Microsoft 365, and 100+ SaaS applications (ERP, CRM, HRIS, collaboration tools, productivity platforms, etc.)
• Define and enforce role-based access control (RBAC) profiles and the principle of least privilege across the entire application portfolio
• Manage access provisioning and deprovisioning in coordination with HR for onboarding, offboarding, and role changes across all 100+ applications
• Manage privileged accounts, service accounts, and admin credentials with appropriate controls (PAM, MFA enforcement, credential vaulting)
• Maintain a real-time access registry mapping users to application roles, document all provisioning and change decisions with full audit trail
• Lead periodic access certification campaigns and user rights reviews across all platforms; detect, document, and remediate access anomalies

Access Revocation & Deletion

• Disable and/or delete accounts promptly upon employee departure or role changes across all 100+ SaaS applications, Google Workspace, and Microsoft 365
• Build and maintain automated deprovisioning workflows triggered by HR system events, ensuring zero-delay revocation of access rights
• Ensure full traceability of deletions for audit and compliance purposes
• Archive user data in accordance with data retention policies and GDPR requirements

Application Maintenance & Administration

• Maintain an up-to-date inventory of all 100+ SaaS applications: owner, business purpose, user count, license tier, contract expiry, and security classification
• Manage the full SaaS contract lifecycle: negotiate renewals, track contract terms and SLAs, coordinate with suppliers, and ensure timely renewals to avoid service interruptions
• Optimize license allocation across all applications: track actual usage vs. purchased seats, eliminate unused licenses, and rightsize subscriptions to reduce costs
• Conduct supplier compliance audits and vendor due diligence (data processing agreements, GDPR compliance, security certifications) for all SaaS vendors
• Evaluate and onboard new SaaS applications: security review, SSO/SCIM integration, access model design, and documentation before go-live
• Maintain complete technical documentation for all managed applications: access models, integration maps, contract terms, and security controls

Google Workspace & Microsoft 365 Administration

• Administer Google Workspace (user accounts, groups, organizational units, Drive sharing policies, OAuth app control, Admin Console) and Microsoft 365 (Entra ID, Exchange, Teams, SharePoint)
• Configure and maintain SSO (Single Sign-On) and SCIM provisioning integrations between identity providers (Google) and SaaS applications to automate the user lifecycle

User Support & Stakeholder Relations

• Handle all access requests escalated via the helpdesk: validate with line managers, provision or deny in accordance with security policies, and log every decision
• Produce regular reporting on access activity, license utilization, contract renewals, and compliance status for IT management and stakeholders
• Act as the primary point of contact for business units regarding application access, vendor relations, and SaaS tool governance
• Collaborate with business teams and IT management to assess new SaaS tool requests, define access governance requirements, and prioritize integration work

Security & Compliance

• Define, implement, and enforce IT security policies for all managed applications: MFA requirements, conditional access policies, data classification, and access control standards
• Configure and operate Data Loss Prevention (DLP) policies within Microsoft Purview and Google Workspace to prevent unauthorized data exfiltration across SaaS platforms
• Ensure GDPR compliance across all managed applications: data processing agreements with suppliers, data subject rights procedures, and data retention enforcement
• Contribute to security audit recommendations and ensure remediation actions are tracked, implemented, and evidenced for internal and external auditors

Cybersecurity Operations & DLP

• Validate the cybersecurity posture of all new SaaS applications prior to onboarding (SSO, MFA, data residency, DPA) and ensure secure offboarding (data deletion, credential revocation, audit evidence)
• Run quarterly access recertification campaigns across all 100+ applications; engage application owners and managers to confirm, modify, or revoke access rights, and document remediation outcomes
• Monitor and analyze Microsoft 365 security logs on a daily basis: Entra ID sign-in risk, conditional access failures, MFA anomalies, Microsoft Defender for Endpoint/Identity alerts, and Microsoft Purview DLP incidents
• Monitor Google Workspace security logs: Admin Console audit trail, Alert Center events, login anomalies, Drive external sharing violations, OAuth token activity, and DLP rule triggers
• Investigate and respond to security alerts across all monitored platforms; triage incidents, contain threats, and escalate confirmed security events to the IT Manager with full documentation
• Administer endpoint security tools (WithSecure, HarfangLab EDR): review alerts, manage policy profiles, investigate suspicious detections, and ensure endpoint compliance across the device fleet
• Produce monthly security reports covering log review findings, DLP incidents, open alerts, access anomalies, and remediation actions; maintain a security event register for audit purposes
• Produce monthly or on-demand security reports summarizing log review findings, open alerts, access anomalies, and remediation actions taken; maintain a security event register

Reporting & Continuous Improvement

• Maintain a consolidated SaaS application register and IAM dashboard; provide visibility to management on access posture, compliance status, and license spend
• Identify and lead continuous improvement initiatives: automate repetitive IAM tasks, improve provisioning workflows, and reduce mean time to access provisioning and deprovisioning
• Stay current on IAM, SaaS governance, and cybersecurity trends; propose adoption of tools and practices that improve the organization’s identity security posture