Cloud IAM Techinicaian/Engineer

Job Title: Cloud IAM Technician Google Cloud Platform
Duration of project: 3 months Location: Flexible Remote
About the Role
We are seeking a skilled Google Cloud Platform (Google Cloud Platform) and Google Workspace (GWS) technical resource, with specialized experience in managing groups within GWS, as well as applying IAM policy for groups in Google Cloud Platform. You will build and maintain these IAM group structures, support related ticket workflows, and ensure precise access control matching business needs and company policies.
Key Responsibilities:
User Access Group (UAG) Management:

• Design, create, and maintain Google Cloud Platform IAM User Access Groups for granular control over user permissions.
• Use IAM roles, conditional policies, and nested group structures to streamline personnel onboarding, role changes, and offboarding.
• Work with ServiceNow ticketing system to process UAG membership change requests, conduct approval flows, and document resolutions.

Data Access Group (DAG) Management:

• Define and manage Data Access Groups associated with data products (e.g., BigQuery datasets, Google Cloud Storage (GCS) buckets, etc.).
• Assign DAGs proper IAM roles (e.g. BigQuery Data Viewer, Cloud Storage User, etc.)
• Process tickets requesting addition/removal from DAGs, ensuring data access reflects current business requirements and compliance needs.

Ticket Handling and Operational Workflow:

• Respond to and resolve tickets related to UAG/DAG creation, access review, and IAM-related Tasks.
• Perform root-cause analysis, remediate access misconfigurations, and escalate as needed.
• Maintain meticulous logs of ticket resolution steps, audit evidence, and stakeholder communications.

Required Qualifications:

• 3 5+ years in cloud IAM, identity management, or cloud operations.
• Hands-on experience designing and managing Groups in GWS, as well as applying IAM policy for the groups within Google Cloud Platform.
• Practical experience creating and managing GWS Groups tied to datasets, entry groups, or tagged resources; including tag-based IAM Conditions
• Familiarity with IAM roles such as `bigquery.dataEditor` and role-based access control patterns.
• Proficiency with Service now ticketing system and documented workflows.
• Scripting or IaC skills: Python, Terraform, gcloud, or equivalent tools.

Preferred:

• Google Cloud certifications (Professional IAM, Cloud Architect, or Professional Data Engineer).
• Experience with IAM Conditions and tag-based policies for attribute-driven access control.
• Familiarity with group nesting for owner-level UAG structures.
• Experience producing dashboards or reports for access governance and audits.

Additional Skills:

• Need minimum 3 years experience in an Identity and Access Management (IAM) role with Google Cloud.
• Google Cloud Platform IAM, 3-5 years
• Google Cloud certifications (Professional IAM, Cloud Architect, or Professional Data Engineer).
• Experience with IAM Conditions and tag-based policies for attribute-driven access control.
• Familiarity with group nesting for owner-level UAG structures.
• Experience producing dashboards or reports for access governance and audits.