Job Description

At CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely and our employees can focus on value-added tasks. You will be able to develop your skills and career in our close-knit, safety-focused culture working together as ONE TEAM. The careers we offer are meaningful because the work we do matters. Join us!

Job Summary

The purpose of this role is to evaluate SAP related solutions, configurations, and designs against security requirements, and define cybersecurity reference architectures and standards for all SAP environments at CN. This role will also be involved in the definition of Cloud Security practices as well as other Security practices within CN.

Main Responsibilities

SAP Security Architecture Practice

• Put in place the proper sets of SAP security architecture controls to manage safety and security risk while enabling the business for technology systems
• Ensure the SAP security architecture is maintainable, sustainable, and properly documented

\xc2\xb7 Be proficient and experienced with SOX Controls in SAP Global Risk and Compliance Application

• Design and assess SAP GRC Access Control suite of programs, including user provisioning, segregation of duty management, emergency access, and role management
• Maintain and build relevant, current, valid, and reliable team knowledge related to SAP security architecture to leverage existing cybersecurity infrastructure and process, where appropriate, and drive configuration standards while supporting digital transformation in the I&T environment
• Facilitate key decisions involving SAP security architecture and technologies
• Advance security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members
• Ensure the full documentation of security designs, as built architectures and operational processes through clear diagrams and well-written documents (positions, patterns, and requirements)

SAP Security Roadmap and Strategy

• Collaborate with the CISO, Sr. Mgr. Cloud Security & DevSecOps Architecture, cybersecurity team, portfolio managers, other architects, and I&T leadership to understand the business direction and consequent impact on the security posture
• Define the proper course of action and investment strategy by building business cases and security roadmaps
• Engage the SAP ecosystem to understand capabilities and limitations to drive improvements in the security posture of current products, and assist in the selection of the right partners
• Engage the cybersecurity vendor ecosystem to understand capabilities, options for compensating controls and risk mitigations to facilitate the selection of partners that integrate with the overall architecture
• Continuously monitor and evaluate the environment through self-assessments and independent security reviews. Enable management to identify deficiencies and inefficiencies and to initiate improvement actions though security roadmap and strategies
• Working knowledge of segregation of duties within an SAP environment and able to design and build SAP roles accordingly

Working Conditions

Occasional business travel (Canada and US) in accordance with CN policy

Requirements

Experience

• Minimum 12 years overall work experience
• Minimum 8 years I&T experience
• Minimum 5 years experience in SAP security architecture
• Experience in SAP identity solutions implementation (SAP IDM, SAP cloud/BTP IAS, IPS)
• Experience in SAP Security reengineering to assess, simplify & reimplement security
• Proven experience in applying a structured approach to problem resolution in large, geographically dispersed organizations with 24/7 operations
• Experience in mapping Security for complex organizational needs for customers in authorization roles that represent the different end users job duties, titles/HR positions
• Multi-cloud experience including AWS, Azure, and Google Cloud Platform, an asset
• Railroad, transportation, or Global industrial experience is a significant asset

Education/Certification/Designation

• Bachelor\'s degree in Computer Science, Computer Engineering, Electrical Engineering, System Analysis, or another relevant field
• At least one recognized SAP security certification: e.g., SAP Certified Technology Professional - System Security Architect, SAP Certified Technology Associate - SAP System Security and Authorizations, SAP Certified Application Associate - Solution Architect for Customer Experience, etc.
• Architecture related certifications (TOGAF, Zachman, CISSP-ISSAP, etc.) asset

Competencies

• Ability to define and organize an architecture security apparatus in reusable building blocks: patterns, services, components, capability models, etc.
• Demonstrated capability to understand the security implications of complex business operations and how they are linked to technological solutions that provide practical risk mitigation and business enablement
• Ability to derive security requirements from vaguely formulated business needs
• Ability to interact with a broad cross-section of personnel to explain and enforce security measures
• Excellent written and verbal communication skills
• Detail-oriented self-starter with a high level of commitment and personal motivation
• Knack for prioritizing tasks and working in a fast-paced environment

Technical Skills/Knowledge

• Strong knowledge of the processes, methodologies, tools, and techniques, used for building large information technology systems in private and public clouds
• Knowledge of standards, regulations and legislation governing Information Security, e.g., NIST, ISO 27001, OWASP
• Knowledge of general IT security architecture and technologies including: service-oriented-architectures, mobile technologies including Mobile Device Management (MDM), data-centric design, advanced analytics, AI, Identity and Access Management (IAM) lifecycles, Digital Forensics, End Point Protection, Encryption, Encryption Key Management, Database Security, Enterprise Directory Services, IDS, IPS, Next Generation Firewalls, Application Firewalls, Enterprise Password Vaults, Cloud SaaS /PaaS/IaaS Security, SIEM, etc., an asset
• Understanding of securing APIs, OpenID Connect, OAuth an asset
• Understanding networking including SD-networks and service meshes, an asset
• Knowledge of container security concerns, especially with Kubernetes, an asset

As a leading North American transportation and logistics company, CN is a true backbone of the economy. With a team of approximately 25,000 railroaders, our focus is on moving both our company and the economy forward. We transport US$200 billion worth of goods annually for a wide range of business sectors from resource to manufactured products to consumer goods, across a 20,000-mile network spanning Canada and mid-America. CN is the only Canadian company listed in the Transportation and Transportation Infrastructure sector of the Dow Jones Sustainability World Index (DJSI). Launched in 1999, the DJSI World represents the gold standard for corporate sustainability. At CN, we work as ONE TEAM, focused on safety, sustainability, and our customers, providing operational and supply chain excellence to deliver results.

For internal candidates, note that the grade level of the position will depend on the employee\'s experience.

CN requires that all employees be fully vaccinated against COVID-19 and provide proof thereof as a condition of employment. The Company\'s vaccination mandate extends to employees of our wholly owned subsidiaries as well as CN\'s contractors, consultants, agents and suppliers and anyone who accesses CN properties in Canada.

CN is an employment equity employer and we encourage all qualified candidates to apply. We thank all applicants for their interest, however, only candidates under consideration will be contacted. Please monitor your email on a regular basis, as communication is primarily made through email.

Canadian National Railway