Cloud IAM Specialist GCP

Hi, we are Vodeno. We are innovators in the Banking-as-a-Service space. Our technology is cloud-native , and our teams work in the cloud like fish in water. Supported by a leading global equity firm and the ecosystem of nearly 90 partners, our Platform opens new opportunities for businesses across Europe to integrate financial products and services into their solutions. As part of the UniCredit Group, Aion Bank and Vodeno will accelerate their digital banking offer in strategic markets and will act as a sandbox for innovation for the wider UniCredit Group. Based on financial sector know-how and expertise in cloud technology, we provide a set-up of customer-facing and daily banking services which include: digital onboarding, accounts, cards, payments, and lending with a white-label mobile app channel access. We are defined by the following values: Client at the centre - we deliver value to our clients Curiosity - we want to know more Accountability - we deliver on our promises Collaboration - we can achieve more with others We are currently looking for Cloud IAM Specialist (GCP) ready to join our adventure. What you will be doing Role Summary The Cloud IAM Specialist ensures secure and compliant access management across all cloud environments in the bank. The role is essential for safeguarding workloads in GCP, managing service accounts, automating access workflows, and ensuring compliance with regulatory and internal security standards. Role Purpose The Cloud IAM Specialist is responsible for managing access rights within Google Cloud Platform (GCP) and Google Workspace, ensuring compliance with the principle of least privilege , internal security policies, and regulatory requirements (DORA, EBA, KNF).This role is critical for protecting banking systems in the cloud, controlling service accounts, and automating access provisioning and deprovisioning. Key Responsibilities 1. IAM Management in GCP and Google Workspace Maintain and enforce the least privilege principle across all environments. Design, implement, and review GCP IAM roles (predefined roles, custom roles). Perform regular access reviews and recertifications (users, groups, service accounts). Review and manage service account permissions, keys, and their rotation. Monitor IAM policy changes via Audit Logs and Cloud Asset Inventory. 2. Automation of Access Provisioning & Deprovisioning Build automation tools to support: granting and removing access, mass permission updates, compliance reporting, API-driven IAM workflows (Cloud Functions, Workflows, IAM API). Develop scripts to validate and enforce IAM policies at scale. 3. Security Monitoring and Control Identify permission risks, overprivileged accounts, and misconfigurations. Use tools such as IAM Recommender, Policy Analyzer, SCC. Support incident investigations related to access violations. Ensure compliance with: SSO SAML OAuth 2.0 JWT Zero Trust access 4. Audit and Compliance Support Provide access reports and evidence for internal and external audits (DORA, KNF, internal audit). Document IAM processes, controls, and exceptions. Participate in architecture and risk assessments related to cloud security. 5. Collaboration with Technical Teams Work closely with DevOps, Data, Platform Engineering, Workspace Admin, and Security Operations. Advise teams on IAM best practices for new services and migrations. Support secure design of access models for GCP workloads and Google Workspace integrations. Skills you should have Mandatory: Strong hands-on experience with GCP IAM (roles, permissions, service accounts, bindings). Proven experience managing access controls in cloud environments. Programming skills in Python, Shell and Google Apps Script . Working experience with Git and repository platforms (GitHub, GitLab, Bitbucket). Experience in Infrastructure as Code (IaC) Working experience with JIRA & Confluence Good understanding of Google Workspace Admin (groups, OUs, directory, policies). Knowledge of identity and authentication standards: SSO , SAML , OAuth 2.0 , JWT . Solid understanding of least privilege, zero trust, and cloud security best practices. Be familiar with GitOps Approach Nice to Have: Experience with Cloud Identity or GCP Identity Platform. Experience with automation IAM Processes Certifications such as: Google Cloud Security Engineer Google Cloud Professional Engineer GIAC Cloud Security CompTIA Security Experience working in financial or regulated environments. Soft Skills High attention to detail and analytical mindset. Strong sense of ownership and accountability. Strong prioritization & troubleshooting skills Ability to work in a regulated environment with audit exposure. Effective communication with technical and non-technical stakeholders. Problem-solving approach and willingness to challenge poor access practices. What we offer You will get an opportunity to work in an innovative, digital bank applying state of the art approaches and technologies.You will be provided an Individual Development Budget , dedicated to enhancing your professional skills.If your role permits, we also offer flexible work location .You and your closest family will be covered with VIP-level private medical care which includes dental treatment and a hospitalisation package . We care for our colleagues' well being, therefore we cover psychological consultations if you ever feel you need such support. Aion bank account without fee. We co-sponsor your Multisport card and cover 50% of its cost. You will work on computer equipment that delivers the best user experience — Apple MacBook . Our office in Warsaw offers healthy snacks throughout the day. Our process We keep our recruiting process simple. Step 1: Talk with one of our Recruiters about your experience and ambitionsStep 2: Meet with your future team manager for a technical interview Step 3: Meet with Line Manager to discuss how we fit each other Our note to you Diverse teams really are the best teams. Research shows that some candidates may hesitate to apply for a job unless they meet every requirement. If you are excited about working with us, we encourage you to apply - even if you're not 100% sure. We are interested in getting to know you and learning about what you bring to the table.Please note that we may close a job posting early if we receive a large number of exceptional applications.Good luck Contact information You can contact us at recruiting@vodeno.com and we will be more than happy to help.