Specialist Identity & Access Management - SAP Security and Controls

o Support user lifecycle management processes, including joiner, mover, and leaver (JML) workflows and automation.
o Saviynt Risk and Compliance capabilities, including Segregation of Duties (SoD) analysis, Critical Action monitoring, access certifications, and audit evidence generation.
o Direct and participate in unit testing, and support end-to-end functional validation of integrations and automation workflows.

SAP Access Security
o Design, build, unit test, and deploy SAP roles, translating functional business requirements into security technical role designs.
o Demonstrate comprehensive knowledge of various SAP security role types and authorization concepts.
o Possess hands-on experience with SAP Fiori Spaces and Pages.
o Utilize SAP Change Request Management (ChaRM) to manage security transports across SAP landscapes.
o Support security role design, modification, and lifecycle maintenance across multiple SAP platforms, modules, and SaaS and PaaS applications, including:
o SAP Analytics Cloud
o SAP Business Technology Platform (BTP)
o SAP Cloud ALM
o SAP Cloud Identity Services
o SAP Datasphere
o SAP Enable Now
o SAP HANA Databases
o SAP Integrated Business Planning (IBP)
o SAP Signavio
o Vertex
o Demonstrate a strong understanding user provisioning process in multiple SAP platforms and SaaS and PaaS applications, perform manual user provisioning steps when automated solutions are unavailable.
o Ensure SAP roles are free of unmitigated segregation of duties conflicts or critical action risks and align with least-privilege principle.
o Troubleshoot access issues, analyze authorization failures, and resolve security conflicts.
o Provide application security support for both on-premises SAP environments and SAP RISE solutions.
o Participate in testing cycles to validate access changes, role updates, and remediation activities.
o Possess hands-on experience with SAP Cloud Identity Services, including user authentication and user provisioning for SaaS and PaaS applications.

Communications, Collaboration and Support
o Collaborate closely with technical, functional, data, risk, and control teams across SAP and IAM initiatives.
o Communicate effectively with both technical and non-technical stakeholders, clearly explaining security concepts, design decisions, and recommendations.
o Manage incoming requirements, competing priorities, and deadlines using strong organizational and planning skills.
o Provide regular status updates, identify risks and roadblocks, and propose mitigation strategies.
o Support end-user acceptance testing (UAT) and regression testing activities.
o Maintain current process documentation, control narratives, and audit evidence for assigned IAM controls.
o Contribute to the continuous improvement of IAM compliance procedures, templates, validation checklists, and operational standards.
o Promote knowledge sharing within the IAM team to strengthen audit readiness and control maturity.

Working Conditions

The role operates under standard office working conditions, with a regular 8 hour day (8.30am - 5pm EST), and workweek from Monday to Friday. Due to the nature of the responsibilities, the incumbent must be able to meet tight deadlines, manage competing priorities, engage with multiple stakeholders and leaders, and work effectively under pressure. Minimal travel may be required (up to 10%) within Canada. Holidays follow Quebec statutory standards.

Requirements

Experience

o Minimum 5 - 7 years of experience in Identity & Access Management, Application Security, IAM Integrations and SAP Cloud Identity Services
o Minimum 5 years of experience in SAP Application role design
o Experience with SAP Migrations (Greenfield and Brownfield) as well as RISE Migrations a plus

Education/Certification/Designation

o Bachelor's Degree in Computer Science, Information Systems, or an equivalent combination of education and relevant work experience.

Competencies

o Adapt to evolving requirements and unexpected challenges within a fast-paced SAP program environment.
o Communicates with impact across diverse audiences.
o Demonstrates accountability and ownership for deliverables.
o Exercises sound judgment in identifying, managing, and escalating risks.
o Results-oriented, with a strong focus on quality and timely delivery.
o Ability to manage multiple concurrent assignments of moderate complexity.
o Strong problem-solving skills, applying ingenuity and creativity.
o Detail-oriented with a strong quality mindset.
o Produces clear, concise documentation tailored to various audiences.
o Strong time management, prioritization, and organizational skills.
o Able to think and act decisively under pressure.
o Works effectively with limited supervision while demonstrating a sense of urgency.
o Capable of resolving complex security issues through research and technical investigation.
o Demonstrates strong teamwork and collaboration skills, adapting communication style as needed.

Technical Skills/Knowledge

o Application security knowledge across SAP ABAP and Fiori, SAP Cloud Applications, SAP Cloud Identity Services, SAP HANA, and SAP RISE environments.
Strong functional and integration knowledge of Saviynt.
o Integration experience with ServiceNow, Active Directory, enterprise portals, RPA solutions, MFA, and SSO platforms
o Experience integrating SAP systems with third-party applications.
o Solid understanding of SOX requirements, ITGC frameworks, and audit methodologies related to access management.
o Knowledge of IAM processes, including user lifecycle management, provisioning, deprovisioning, and recertification.
o Familiarity with IAM tools, enterprise systems, and access governance principles.
o Strong analytical skills to identify, assess, and mitigate security risks.

About CN
CN is a premium railroad that sustainably generates value for our customers, shareholders, employees, and stakeholders with an unwavering commitment to safety and service. Essential to the economy, to the customers, and to the communities it serves, CN safely transports more than 300 million tons of natural resources, manufactured products, and finished goods throughout North America every year. CN's network connects Canada's Eastern and Western coasts with the U.S. South through a 20,000-mile rail network. CN and its affiliates have been contributing to community prosperity and sustainable trade since 1919. CN powers the North American economy and is committed to programs supporting social responsibility and environmental stewardship.
At CN, we are dedicated to building North America's safest, most inclusive and sustainable railroad, which includes reflecting the communities in which we operate. Research shows that candidates often don't apply unless they feel they fit the job posting at 100%. To all potential applicants, even if you don't meet every job requirement listed in a posting, we still encourage you to apply. If you require an accommodation for the recruitment process (including alternate formats of materials, accessible meeting rooms or other accommodations), please get in touch with our team at cnrecruitment@cn.ca.
As an equal opportunity employer, qualified candidates will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, and other protected status as required by applicable law.
Please monitor your email on a regular basis as communication to applicants is done via email.

Client-provided location(s): Varennes, Canada

Job ID: CN-17016

Employment Type: OTHER

Posted: 2026-05-08T18:59:47