Google Workspace Security Architect

About The Position

Requirements

• Hands-on experience securing and administering Google Workspace environments, including security hardening and policy implementation.
• Strong background in identity and access management (IAM), privileged access reviews, MFA implementation, access governance, and user lifecycle management.
• Experience conducting cybersecurity assessments and creating remediation plans, risk registers, audit evidence packages, and security documentation.
• Familiarity with endpoint security controls, device management, and endpoint governance best practices.
• Excellent documentation, reporting, and communication skills with the ability to produce client-ready deliverables.
• Professional-level English communication skills with the ability to interact directly with stakeholders.

Nice To Haves

• Experience with Google Endpoint Management.
• Experience evaluating or working with Microsoft Intune, CrowdStrike, SentinelOne, and Microsoft Defender for Endpoint.
• Experience supporting cybersecurity compliance, audit preparation, or security gap remediation initiatives.
• Consulting or client-facing cybersecurity experience.
• Security certifications such as CISSP, CISM, Security+, Google Cloud Security, or related credentials.
• Experience working in professional services, advisory, or managed security environments.

Responsibilities

• Assess and harden Google Workspace security configurations, including MFA enforcement, administrator privilege reviews, security policies, sharing controls, audit logging, and third-party OAuth/application access.
• Conduct identity and access governance reviews, including user/group/admin access validation, privileged access reviews, MFA coverage assessments, OAuth/SSO application inventory reviews, and joiner/mover/leaver process evaluations.
• Develop and maintain cybersecurity documentation, including remediation plans, governance procedures, exception registers, evidence packages, quarterly access review templates, and executive-ready reports.
• Build and analyze endpoint inventories and assess security controls such as device encryption, patch management, local administrator rights, screen-lock policies, device enrollment, and offboarding/wipe procedures.
• Provide decision support and recommendations regarding endpoint management and security solutions, including Google Endpoint Management, Microsoft Intune, CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, and MSP/MSSP-managed models (decision support only; no tooling implementation required).
• Collaborate with project stakeholders while adhering to established documentation standards, confidentiality requirements, and quality review processes.