Biggie

IAM Specialist – Identity & Access Management (Part-Time) (M/F/X)

Biggie
CZ Prague
Onsite 2026-06-16
Estimated salary · Prague
~ 352,677 - 587,811
Low
CZK 458K
Median
CZK 587K
High
CZK 734K
Market in Prague · Eurostat SES 2025

Job description

Biggie is a global marketing agency for strategy and activation agency, part of Biggie group, an independent international group of integrated marketing solutions.   Biggie's motto is "Partners in growth", and its ambition is to be a partner in the growth of brands, by putting strategic and operational excellence at the service of their performance, and by offering them tailor-made support (marketing strategy, strategic planning, data & analysis, media, digital performance, content creation and adaptation, and business consulting) to meet their business challenges.   The agency has 300 experts, including 150 in France, present in 7 countries through 9 international offices (Paris, Marseille, Brussels, Milan, Geneva, Zurich, Prague, Dubai and Sao Paulo).   For further information: www.biggie.co   The IAM Specialist is responsible for governing identity and access across the organization’s entire digital ecosystem, including Google Workspace, Microsoft 365, and a portfolio of 100+ SaaS applications. Beyond access governance, this role encompasses SaaS contract and license management (renewals, supplier negotiations, compliance audits), as well as active cybersecurity responsibilities: DLP policy enforcement, security log monitoring across Microsoft and Google platforms, and ensuring regulatory compliance across all managed applications.   🗒️ Missions   Access & Rights Management Administer user identities and access rights across Google Workspace, Microsoft 365, and 100+ SaaS applications (ERP, CRM, HRIS, collaboration tools, productivity platforms, etc.) Define and enforce role-based access control (RBAC) profiles and the principle of least privilege across the entire application portfolio Manage access provisioning and deprovisioning in coordination with HR for onboarding, offboarding, and role changes across all 100+ applications Manage privileged accounts, service accounts, and admin credentials with appropriate controls (PAM, MFA enforcement, credential vaulting) Maintain a real-time access registry mapping users to application roles, document all provisioning and change decisions with full audit trail Lead periodic access certification campaigns and user rights reviews across all platforms; detect, document, and remediate access anomalies   Access Revocation & Deletion Disable and/or delete accounts promptly upon employee departure or role changes across all 100+ SaaS applications, Google Workspace, and Microsoft 365 Build and maintain automated deprovisioning workflows triggered by HR system events, ensuring zero-delay revocation of access rights Ensure full traceability of deletions for audit and compliance purposes Archive user data in accordance with data retention policies and GDPR requirements   Application Maintenance & Administration Maintain an up-to-date inventory of all 100+ SaaS applications: owner, business purpose, user count, license tier, contract expiry, and security classification Manage the full SaaS contract lifecycle: negotiate renewals, track contract terms and SLAs, coordinate with suppliers, and ensure timely renewals to avoid service interruptions Optimize license allocation across all applications: track actual usage vs. purchased seats, eliminate unused licenses, and rightsize subscriptions to reduce costs Conduct supplier compliance audits and vendor due diligence (data processing agreements, GDPR compliance, security certifications) for all SaaS vendors Evaluate and onboard new SaaS applications: security review, SSO/SCIM integration, access model design, and documentation before go-live Maintain complete technical documentation for all managed applications: access models, integration maps, contract terms, and security controls   Google Workspace & Microsoft 365 Administration Administer Google Workspace (user accounts, groups, organizational units, Drive sharing policies, OAuth app control, Admin Console) and Microsoft 365 (Entra ID, Exchange, Teams, SharePoint) Configure and maintain SSO (Single Sign-On) and SCIM provisioning integrations between identity providers (Google) and SaaS applications to automate the user lifecycle   User Support & Stakeholder Relations Handle all access requests escalated via the helpdesk: validate with line managers, provision or deny in accordance with security policies, and log every decision Produce regular reporting on access activity, license utilization, contract renewals, and compliance status for IT management and stakeholders Act as the primary point of contact for business units regarding application access, vendor relations, and SaaS tool governance Collaborate with business teams and IT management to assess new SaaS tool requests, define access governance requirements, and prioritize integration work   Security & Compliance Define, implement, and enforce IT security policies for all managed applications: MFA requirements, conditional access policies, data classification, and access control standards Configure and operate Data Loss Prevention (DLP) policies within Microsoft Purview and Google Workspace to prevent unauthorized data exfiltration across SaaS platforms Ensure GDPR compliance across all managed applications: data processing agreements with suppliers, data subject rights procedures, and data retention enforcement Contribute to security audit recommendations and ensure remediation actions are tracked, implemented, and evidenced for internal and external auditors   Cybersecurity Operations & DLP Validate the cybersecurity posture of all new SaaS applications prior to onboarding (SSO, MFA, data residency, DPA) and ensure secure offboarding (data deletion, credential revocation, audit evidence) Run quarterly access recertification campaigns across all 100+ applications; engage application owners and managers to confirm, modify, or revoke access rights, and document remediation outcomes Monitor and analyze Microsoft 365 security logs on a daily basis: Entra ID sign-in risk, conditional access failures, MFA anomalies, Microsoft Defender for Endpoint/Identity alerts, and Microsoft Purview DLP incidents Monitor Google Workspace security logs: Admin Console audit trail, Alert Center events, login anomalies, Drive external sharing violations, OAuth token activity, and DLP rule triggers Investigate and respond to security alerts across all monitored platforms; triage incidents, contain threats, and escalate confirmed security events to the IT Manager with full documentation Administer endpoint security tools (WithSecure, HarfangLab EDR): review alerts, manage policy profiles, investigate suspicious detections, and ensure endpoint compliance across the device fleet Produce monthly security reports covering log review findings, DLP incidents, open alerts, access anomalies, and remediation actions; maintain a security event register for audit purposes Produce monthly or on-demand security reports summarizing log review findings, open alerts, access anomalies, and remediation actions taken; maintain a security event register   Reporting & Continuous Improvement Maintain a consolidated SaaS application register and IAM dashboard; provide visibility to management on access posture, compliance status, and license spend Identify and lead continuous improvement initiatives: automate repetitive IAM tasks, improve provisioning workflows, and reduce mean time to access provisioning and deprovisioning Stay current on IAM, SaaS governance, and cybersecurity trends; propose adoption of tools and practices that improve the organization’s identity security posture   👉 Your Profile Education Bachelor’s to Master’s degree in Computer Science, Information Systems, Cybersecurity, or Network & Security Equivalent qualifications accepted: IT Engineering degree, specialized IAM/cybersecurity training, or significant professional experience Experience Proven experience managing access across a large SaaS portfolio (50+ applications) in a multi-platform environment (Google Workspace, Microsoft 365, SaaS) is required Solid knowledge of Active Directory, Azure AD / Entra ID, Google Workspace Admin, SSO (SAML, OIDC), SCIM provisioning, and IAM governance principles is required Experience with SaaS contract management, supplier negotiations, and license lifecycle management (renewals, audits, cost optimization) is strongly preferred Experience with cybersecurity operations: security log monitoring (M365, Google Workspace), DLP configuration, and incident response is strongly preferred IAM or security certifications are an asset: Microsoft SC-300 (Identity & Access Administrator), SC-900, Google Workspace Administrator, CompTIA Security+, or equivalent

← See all Nurse · Prague