IAM Specialist – Identity & Access Management (Part-Time) (M/F/X)

Biggie is a global marketing agency for strategy and activation agency, part of Biggie group, an independent international group of integrated marketing solutions.
 
Biggie's motto is "Partners in growth", and its ambition is to be a partner in the growth of brands, by putting strategic and operational excellence at the service of their performance, and by offering them tailor-made support (marketing strategy, strategic planning, data & analysis, media, digital performance, content creation and adaptation, and business consulting) to meet their business challenges.
 
The agency has 300 experts, including 150 in France, present in 7 countries through 9 international offices (Paris, Marseille, Brussels, Milan, Geneva, Zurich, Prague, Dubai and Sao Paulo).
 
For further information:  www.biggie.co
 

The IAM Specialist is responsible for governing identity and access across the organization’s entire digital ecosystem, including Google Workspace, Microsoft 365, and a portfolio of 100+ SaaS applications.

Beyond access governance, this role encompasses SaaS contract and license management (renewals, supplier negotiations, compliance audits), as well as active cybersecurity responsibilities: DLP policy enforcement, security log monitoring across Microsoft and Google platforms, and ensuring regulatory compliance across all managed applications.

 

🗒️ Missions

 

Access & Rights Management

  • Administer user identities and access rights across Google Workspace, Microsoft 365, and 100+ SaaS applications (ERP, CRM, HRIS, collaboration tools, productivity platforms, etc.)
  • Define and enforce role-based access control (RBAC) profiles and the principle of least privilege across the entire application portfolio
  • Manage access provisioning and deprovisioning in coordination with HR for onboarding, offboarding, and role changes across all 100+ applications
  • Manage privileged accounts, service accounts, and admin credentials with appropriate controls (PAM, MFA enforcement, credential vaulting)
  • Maintain a real-time access registry mapping users to application roles, document all provisioning and change decisions with full audit trail
  • Lead periodic access certification campaigns and user rights reviews across all platforms; detect, document, and remediate access anomalies

 

Access Revocation & Deletion

  • Disable and/or delete accounts promptly upon employee departure or role changes across all 100+ SaaS applications, Google Workspace, and Microsoft 365
  • Build and maintain automated deprovisioning workflows triggered by HR system events, ensuring zero-delay revocation of access rights
  • Ensure full traceability of deletions for audit and compliance purposes
  • Archive user data in accordance with data retention policies and GDPR requirements

 

Application Maintenance & Administration

  • Maintain an up-to-date inventory of all 100+ SaaS applications: owner, business purpose, user count, license tier, contract expiry, and security classification
  • Manage the full SaaS contract lifecycle: negotiate renewals, track contract terms and SLAs, coordinate with suppliers, and ensure timely renewals to avoid service interruptions
  • Optimize license allocation across all applications: track actual usage vs. purchased seats, eliminate unused licenses, and rightsize subscriptions to reduce costs
  • Conduct supplier compliance audits and vendor due diligence (data processing agreements, GDPR compliance, security certifications) for all SaaS vendors
  • Evaluate and onboard new SaaS applications: security review, SSO/SCIM integration, access model design, and documentation before go-live
  • Maintain complete technical documentation for all managed applications: access models, integration maps, contract terms, and security controls

 

Google Workspace & Microsoft 365 Administration

  • Administer Google Workspace (user accounts, groups, organizational units, Drive sharing policies, OAuth app control, Admin Console) and Microsoft 365 (Entra ID, Exchange, Teams, SharePoint)
  • Configure and maintain SSO (Single Sign-On) and SCIM provisioning integrations between identity providers (Google) and SaaS applications to automate the user lifecycle

 

User Support & Stakeholder Relations

  • Handle all access requests escalated via the helpdesk: validate with line managers, provision or deny in accordance with security policies, and log every decision
  • Produce regular reporting on access activity, license utilization, contract renewals, and compliance status for IT management and stakeholders
  • Act as the primary point of contact for business units regarding application access, vendor relations, and SaaS tool governance
  • Collaborate with business teams and IT management to assess new SaaS tool requests, define access governance requirements, and prioritize integration work

 

Security & Compliance

  • Define, implement, and enforce IT security policies for all managed applications: MFA requirements, conditional access policies, data classification, and access control standards
  • Configure and operate Data Loss Prevention (DLP) policies within Microsoft Purview and Google Workspace to prevent unauthorized data exfiltration across SaaS platforms
  • Ensure GDPR compliance across all managed applications: data processing agreements with suppliers, data subject rights procedures, and data retention enforcement
  • Contribute to security audit recommendations and ensure remediation actions are tracked, implemented, and evidenced for internal and external auditors

 

Cybersecurity Operations & DLP

  • Validate the cybersecurity posture of all new SaaS applications prior to onboarding (SSO, MFA, data residency, DPA) and ensure secure offboarding (data deletion, credential revocation, audit evidence)
  • Run quarterly access recertification campaigns across all 100+ applications; engage application owners and managers to confirm, modify, or revoke access rights, and document remediation outcomes
  • Monitor and analyze Microsoft 365 security logs on a daily basis: Entra ID sign-in risk, conditional access failures, MFA anomalies, Microsoft Defender for Endpoint/Identity alerts, and Microsoft Purview DLP incidents
  • Monitor Google Workspace security logs: Admin Console audit trail, Alert Center events, login anomalies, Drive external sharing violations, OAuth token activity, and DLP rule triggers
  • Investigate and respond to security alerts across all monitored platforms; triage incidents, contain threats, and escalate confirmed security events to the IT Manager with full documentation
  • Administer endpoint security tools (WithSecure, HarfangLab EDR): review alerts, manage policy profiles, investigate suspicious detections, and ensure endpoint compliance across the device fleet
  • Produce monthly security reports covering log review findings, DLP incidents, open alerts, access anomalies, and remediation actions; maintain a security event register for audit purposes
  • Produce monthly or on-demand security reports summarizing log review findings, open alerts, access anomalies, and remediation actions taken; maintain a security event register

 

Reporting & Continuous Improvement

  • Maintain a consolidated SaaS application register and IAM dashboard; provide visibility to management on access posture, compliance status, and license spend
  • Identify and lead continuous improvement initiatives: automate repetitive IAM tasks, improve provisioning workflows, and reduce mean time to access provisioning and deprovisioning
  • Stay current on IAM, SaaS governance, and cybersecurity trends; propose adoption of tools and practices that improve the organization’s identity security posture
 

👉 Your Profile

Education

  • Bachelor’s to Master’s degree in Computer Science, Information Systems, Cybersecurity, or Network & Security
  • Equivalent qualifications accepted: IT Engineering degree, specialized IAM/cybersecurity training, or significant professional experience

Experience

  • Proven experience managing access across a large SaaS portfolio (50+ applications) in a multi-platform environment (Google Workspace, Microsoft 365, SaaS) is required
  • Solid knowledge of Active Directory, Azure AD / Entra ID, Google Workspace Admin, SSO (SAML, OIDC), SCIM provisioning, and IAM governance principles is required
  • Experience with SaaS contract management, supplier negotiations, and license lifecycle management (renewals, audits, cost optimization) is strongly preferred
  • Experience with cybersecurity operations: security log monitoring (M365, Google Workspace), DLP configuration, and incident response is strongly preferred
  • IAM or security certifications are an asset: Microsoft SC-300 (Identity & Access Administrator), SC-900, Google Workspace Administrator, CompTIA Security+, or equivalent
 

🎁 Our benefits : 
 
• An international group present throughout the world
• Multidisciplinary entities that are experts in their field: programmatic, influence, 360°, content creation, etc.
• Different career paths adapted to your professional aspirations
• On-going training sessions with a Digital AcademyAccess.
• Employee meal allowance
 
Biggie Group offers employment opportunities without distinction of origin, sex, morals, sexual orientation, gender identity, age, marital status, physical appearance, disability, religion, of political opinion…Biggie Group complies with regulations combating discrimination in business. This policy applies throughout the employer process: recruitment, hiring, internal promotion, leave, remuneration and training.