Evidence Action Jobs in Quebec (NOW HIRING)

Specialist, Identity & Access Management - Audit and ComplianceJob Summary

The Specialist, Identity & Access Management (IAM) - Audit & Compliance is a subject matter expert responsible for the execution, validation, and continuous improvement of IAM SOX and audit-related controls. This individual contributor role focuses on ensuring the effectiveness, accuracy, and sustainability of access management controls through hands-on execution, second-line validation activities, and direct participation in internal and external audits. The Specialist acts as a trusted authority on assigned controls and processes, providing audit evidence, explaining control design and operation, and supporting risk mitigation initiatives. The role works closely with IAM peers, Governance, Risk & Compliance (GRC), and auditors to ensure compliance with regulatory requirements while strengthening the organization's overall security posture.

Main Responsibilities 

       Execute Identity & Access Management SOX controls in accordance with documented procedures and regulatory requirements.

       Own assigned IAM controls, ensuring consistent, accurate, and timely execution throughout the audit cycle.

       Prepare, validate, and maintain audit evidence to support internal and external audits.

       Explain control design, operating effectiveness, and supporting evidence to auditors and stakeholders.

       Identify control weaknesses, execution gaps, or documentation issues and escalate risks appropriately 

       Perform independent cross-validation of IAM colleagues' work to ensure completeness, accuracy, and compliance (second line of defense). 

       Support continuous improvement by identifying recurring issues and recommending process or control enhancements. 

       Serve as a subject matter expert during audit walkthroughs, testing, and issue remediation discussions.

       Collaborate with GRC, Internal Audit, External Audit, and IAM stakeholders to address audit requests and findings.

       Contribute to management action plans for control deficiencies and support remediation tracking. 

       Participate in projects by providing feedback and subjectmatter expertise, and support testing for new application integrations and IAM tool upgrades as required. 

       Maintain up-to-date process documentation, control narratives, and evidence standards for assigned IAM controls.

       Contribute to the refinement of IAM compliance procedures, templates, and validation checklists.

       Support knowledge sharing within the IAM team to strengthen audit readiness and control maturity.

Working Conditions

The role has standard working conditions in an office environment with a regular workweek from Monday to Friday. Due to the nature of the role, the incumbent must be able to meet tight deadlines, , manage competing priorities, and work effectively under pressure. The role requires minimal travel (up to 10%) within Canada.

Requirements

       Minimum 5-7 years of experience in Identity & Access Management, IT controls, audit, or compliance-focused roles.

       Demonstrated hands-on experience executing and supporting SOX or IT General Controls (ITGC), preferably in access management.

       Experience working directly with internal and/or external auditors, including evidence preparation and walkthroughs.

       Experience performing quality reviews or independent validation activities is a strong asset.

       Strong skills in evidence management, documentation quality, and audit traceability.

       Understanding of IAM processes, including user lifecycle management, access provisioning, deprovisioning, and recertification.

Education

       Bachelor's Degree in Computer Science, Information Systems or equivalent degree or work experience

       Certifications such as CISSP, CISA, CompTIA Security+, CIAM*

*Any designation for these above would be considered as an asset

Competencies

       Communicates with impact

       Collaborates with others and shares information

       Applies critical thinking

       Demonstrates accountability and ownership of deliverables

       Demonstrates sound judgment in risk identification and escalation

Technical Skills/Knowledge

       Deep understanding of SOX requirements, ITGC frameworks, and audit methodologies for access management controls.

       Ability to assess control design and operating effectiveness.

       Strong skills in evidence management, documentation quality, and audit traceability.

       Understanding of IAM processes, including user lifecycle management, access provisioning, deprovisioning, and recertification.

       Familiarity with IAM tools, enterprise systems, and access governance concepts.

       Fluently bilingual both written and verbal (English, French) *

*Any knowledge for any of the above would be considered as an asset

About CN 
CN is a world-class transportation leader and trade-enabler. Essential to the economy, to the customers, and to the communities it serves, CN safely transports more than 300 million tons of natural resources, manufactured products, and finished goods throughout North America every year. As the only railroad connecting Canada's Eastern and Western coasts with the Southern tip of the U.S. through a 19,500 mile rail network,CN and its affiliates have been contributing to community prosperity and sustainable trade since 1919. CN is committed to programs supporting social responsibility and environmental stewardship. At CN, we work as ONE TEAM, focused on safety, sustainability and our customers, providing operational and supply chain excellence to deliver results.