IT Security Administrator (Google Workspace) Implement 2FA, Industry-Standard Protections

What you'll do Google Workspace hardening (first 30 days) Enforce mandatory 2-Step Verification (MFA) across every account, standardizing on an authenticator app (TOTP) or hardware security keys (FIDO2) and phasing out SMS-based codes. Configure enforced enrollment so no user can access company data without MFA active. Build out least-privilege access: audit who has admin, who has access to what, and right-size every role using Organizational Units and custom admin roles. Implement password policy: minimum length/complexity, scheduled rotation (e.g. monthly), and reuse prevention. Set up Context-Aware Access / login challenges, session length limits, and geographic / device restrictions where appropriate. Lock down third-party app access and OAuth scopes (control which apps can connect to our Workspace data). Configure data loss prevention (DLP), email security (SPF, DKIM, DMARC), and external sharing controls for Drive. Ongoing security operations Monitor admin and login audit logs; set up alerts for suspicious activity. Manage the full employee lifecycle: secure onboarding (provisioning with correct permissions) and immediate, complete offboarding (revoking access everywhere). Maintain an inventory of connected SaaS accounts and apply the same MFA + least-privilege standards across them. Manage shared credentials and secrets safely (deploy and administer a password manager / vault for the team). Document policies and write simple guides so non-technical staff can follow security practices. Run periodic access reviews and a recurring security checkup. Must-have qualifications Hands-on experience administering Google Workspace as a Super Admin (Admin Console, OUs, admin roles, security settings). Proven track record enforcing MFA/2FA rollouts and least-privilege access models. Strong understanding of identity and access management (IAM), OAuth scopes, and SSO concepts. Familiarity with email authentication (SPF, DKIM, DMARC) and Drive sharing/DLP controls. Ability to translate security requirements into clear policies and train non-technical users. Nice to have Experience securing a multi-SaaS environment (Slack, Airtable, financial tools, etc.). Password manager / secrets vault administration (1Password, Bitwarden, etc.). Familiarity with security frameworks (NIST, CIS benchmarks, SOC 2 readiness). Scripting for automation (Google Apps Script, GAM, or similar) to manage users and audits at scale. Experience with endpoint / device management (MDM). How to apply Send a short note describing a Google Workspace environment you've secured: what state it was in, what you changed, and the result. Include your availability and rate.