Programmatic Analyst - Alternance (H/F/X)
biggie
Apprenticeship
IAM Specialist – Identity & Access Management (Part-Time) (M/F/X)
biggie· IT
About this role
Biggie is a global marketing agency for strategy and activation agency, part of Biggie group, an independent international group of integrated marketing solutions.
Biggie's motto is "Partners in growth", and its ambition is to be a partner in the growth of brands, by putting strategic and operational excellence at the service of their performance, and by offering them tailor-made support (marketing strategy, strategic planning, data & analysis, media, digital performance, content creation and adaptation, and business consulting) to meet their business challenges.
The agency has 300 experts, including 150 in France, present in 7 countries through 9 international offices (Paris, Marseille, Brussels, Milan, Geneva, Zurich, Prague, Dubai and Sao Paulo).
For further information: www.biggie.co
The IAM Specialist is responsible for governing identity and access across the organization’s entire digital ecosystem, including Google Workspace, Microsoft 365, and a portfolio of 100+ SaaS applications.
Beyond access governance, this role encompasses SaaS contract and license management (renewals, supplier negotiations, compliance audits), as well as active cybersecurity responsibilities: DLP policy enforcement, security log monitoring across Microsoft and Google platforms, and ensuring regulatory compliance across all managed applications.
🗒️ Missions
Access & Rights Management
Administer user identities and access rights across Google Workspace, Microsoft 365, and 100+ SaaS applications (ERP, CRM, HRIS, collaboration tools, productivity platforms, etc.)
Define and enforce role-based access control (RBAC) profiles and the principle of least privilege across the entire application portfolio
Manage access provisioning and deprovisioning in coordination with HR for onboarding, offboarding, and role changes across all 100+ applications
Manage privileged accounts, service accounts, and admin credentials with appropriate controls (PAM, MFA enforcement, credential vaulting)
Maintain a real-time access registry mapping users to application roles, document all provisioning and change decisions with full audit trail
Lead periodic access certification campaigns and user rights reviews across all platforms; detect, document, and remediate access anomalies
Access Revocation & Deletion
Disable and/or delete accounts promptly upon employee departure or role changes across all 100+ SaaS applications, Google Workspace, and Microsoft 365
Build and maintain automated deprovisioning workflows triggered by HR system events, ensuring zero-delay revocation of access rights
Ensure full traceability of deletions for audit and compliance purposes
Archive user data in accordance with data retention policies and GDPR requirements
Application Maintenance & Administration
Maintain an up-to-date inventory of all 100+ SaaS applications: owner, business purpose, user count, license tier, contract expiry, and security classification
Manage the full SaaS contract lifecycle: negotiate renewals, track contract terms and SLAs, coordinate with suppliers, and ensure timely renewals to avoid service interruptions
Optimize license allocation across all applications: track actual usage vs. purchased seats, eliminate unused licenses, and rightsize subscriptions to reduce costs
Conduct supplier compliance audits and vendor due diligence (data processing agreements, GDPR compliance, security certifications) for all SaaS vendors
Evaluate and onboard new SaaS applications: security review, SSO/SCIM integration, access model design, and documentation before go-live
Maintain complete technical documentation for all managed applications: access models, integration maps, contract terms, and security controls
Google Workspace & Microsoft 365 Administration
Administer Google Workspace (user accounts, groups, organizational units, Drive sharing policies, OAuth app control, Admin Console) and Microsoft 365 (Entra ID, Exchange, Teams, SharePoint)
Configure and maintain SSO (Single Sign-On) and SCIM provisioning integrations between identity providers (Google) and SaaS applications to automate the user lifecycle
User Support & Stakeholder Relations
Handle all access requests escalated via the helpdesk: validate with line managers, provision or deny in accordance with security policies, and log every decision
Produce regular reporting on access activity, license utilization, contract renewals, and compliance status for IT management and stakeholders
Act as the primary point of contact for business units regarding application access, vendor relations, and SaaS tool governance
Collaborate with business teams and IT management to assess new SaaS tool requests, define access governance requirements, and prioritize integration work
Security & Compliance
Define, implement, and enforce IT security policies for all managed applications: MFA requirements, conditional access policies, data classification, and access control standards
Configure and operate Data Loss Prevention (DLP) policies within Microsoft Purview and Google Workspace to prevent unauthorized data exfiltration across SaaS platforms
Ensure GDPR compliance across all managed applications: data processing agreements with suppliers, data subject rights procedures, and data retention enforcement
Contribute to security audit recommendations and ensure remediation actions are tracked, implemented, and evidenced for internal and external auditors
Cybersecurity Operations & DLP
Validate the cybersecurity posture of all new SaaS applications prior to onboarding (SSO, MFA, data residency, DPA) and ensure secure offboarding (data deletion, credential revocation, audit evidence)
Run quarterly access recertification campaigns across all 100+ applications; engage application owners and managers to confirm, modify, or revoke access rights, and document remediation outcomes
Monitor and analyze Microsoft 365 security logs on a daily basis: Entra ID sign-in risk, conditional access failures, MFA anomalies, Microsoft Defender for Endpoint/Identity alerts, and Microsoft Purview DLP incidents
Monitor Google Workspace security logs: Admin Console audit trail, Alert Center events, login anomalies, Drive external sharing violations, OAuth token activity, and DLP rule triggers
Investigate and respond to security alerts across all monitored platforms; triage incidents, contain threats, and escalate confirmed security events to the IT Manager with full documentation
Administer endpoint security tools (WithSecure, HarfangLab EDR): review alerts, manage policy profiles, investigate suspicious detections, and ensure endpoint compliance across the device fleet
Produce monthly security reports covering log review findings, DLP incidents, open alerts, access anomalies, and remediation actions; maintain a security event register for audit purposes
Produce monthly or on-demand security reports summarizing log review findings, open alerts, access anomalies, and remediation actions taken; maintain a security event register
Reporting & Continuous Improvement
Maintain a consolidated SaaS application register and IAM dashboard; provide visibility to management on access posture, compliance status, and license spend
Identify and lead continuous improvement initiatives: automate repetitive IAM tasks, improve provisioning workflows, and reduce mean time to access provisioning and deprovisioning
Stay current on IAM, SaaS governance, and cybersecurity trends; propose adoption of tools and practices that improve the organization’s identity security posture
👉 Your Profile
Education
Bachelor’s to Master’s degree in Computer Science, Information Systems, Cybersecurity, or Network & Security
Equivalent qualifications accepted: IT Engineering degree, specialized IAM/cybersecurity training, or significant professional experience
Experience
Proven experience managing access across a large SaaS portfolio (50+ applications) in a multi-platform environment (Google Workspace, Microsoft 365, SaaS) is required
Solid knowledge of Active Directory, Azure AD / Entra ID, Google Workspace Admin, SSO (SAML, OIDC), SCIM provisioning, and IAM governance principles is required
Experience with SaaS contract management, supplier negotiations, and license lifecycle management (renewals, audits, cost optimization) is strongly preferred
Experience with cybersecurity operations: security log monitoring (M365, Google Workspace), DLP configuration, and incident response is strongly preferred
IAM or security certifications are an asset: Microsoft SC-300 (Identity & Access Administrator), SC-900, Google Workspace Administrator, CompTIA Security+, or equivalent
Frequently Asked Questions
Is the salary disclosed for the IAM Specialist – Identity & Access Management (Part-Time) (M/F/X) position at biggie?
The salary for this IAM Specialist – Identity & Access Management (Part-Time) (M/F/X) role at biggie is not publicly listed. Click "Apply Now" to learn more about the compensation package on their official careers page.
Where is the IAM Specialist – Identity & Access Management (Part-Time) (M/F/X) position at biggie located?
This IAM Specialist – Identity & Access Management (Part-Time) (M/F/X) role at biggie is based in Prague. The position is listed as on-site or hybrid. Check the full job description or apply directly to confirm the work arrangement.
Is the IAM Specialist – Identity & Access Management (Part-Time) (M/F/X) role at biggie full-time or part-time?
This is listed as a Part Time position. It is posted as a IAM Specialist – Identity & Access Management (Part-Time) (M/F/X) role in the IT department at biggie.
Which team or department does the IAM Specialist – Identity & Access Management (Part-Time) (M/F/X) at biggie belong to?
This IAM Specialist – Identity & Access Management (Part-Time) (M/F/X) position is part of the IT department at biggie. See the full job description for more information about the team structure and responsibilities.
How do I apply for the IAM Specialist – Identity & Access Management (Part-Time) (M/F/X) position at biggie?
Click the "Apply Now" button on this page. You will be redirected to biggie's official application portal hosted on lever where you can submit your application directly.
When was the IAM Specialist – Identity & Access Management (Part-Time) (M/F/X) job at biggie posted?
This IAM Specialist – Identity & Access Management (Part-Time) (M/F/X) position at biggie was posted on Apr 2, 2026. Apply as soon as possible — early applications are often reviewed first.
IAM Specialist – Identity & Access Management (Part-Time) (M/F/X)
biggie
You'll be redirected to biggie's official application page on Lever.