Specialist Identity and Access Management (SAP)

  • Full Time
  • Toronto

Canadian National Railway

At CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion.

From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely and our employees can focus on value-added tasks. You will be able to develop your skills and career in our close-knit, safety-focused culture working together as ONE TEAM.

The careers we offer are meaningful because the work we do matters. Join us!

Job Summary

The Specialist Identity and Access Management acts as a subject matter expert and provides guidelines on integration of new solutions into the IAM practice and tools.

The Specialist IAM will review existing processes and identify opportunities for improvement. This person will coordinate initiatives and projects for the team, working with internal and external partners.

Main Responsibilities

Process Management and Subject Expertise

· Provide subject matter expertise in the IAM domain.

· Organize committee meetings with stakeholders within the domain.

· Ensure IAM policies, standards and procedures are followed.

· Produce measures/metrics for the function.

· Ensure that auditing procedures and audit reports are executed on time.

· Review and assess operational processes to identify opportunities for improvement related to provisioning/de-provisioning, privileged access management, authentication/authorization, etc.

· Develop, review and maintain strategic and tactical IAM initiatives to reduce risk, increase usability and operational effectiveness.

· Lead and provide guidance in implementing complex IAM projects and overall ensure successful on-time implementations and deployments.

· Transition projects to core operations.

· Handle all core, projects and change requests within the domain; prioritize, analyze requests and engage required teams.

SAP Practice

· Design, build, test and deploy SAP roles with associated entitlements, translating functional requirements into technical design.

· Process SAP access requests and ensure appropriate approvals have been granted.

Assign roles to permit access to secured IT environments.

· Project integration involving SAP, AD, portal, cloud apps, connecting them to our IGA tool (Saviynt).

· Work with stakeholders to gather requirements needed for new SAP systems or applications integration within the IAM tools and processes.

· Support the implementation of SAP security for new implementations and upgrades.

· Provide technical assistance for issues related to SAP authorizations.

· Apply, and ensure compliance with all appropriate CN IT standards (e.g. Security, Architecture, Project Delivery Methodology, SOX etc.)

· Create and maintain accurate process documentation.

Organizational Impact

Decision Making & Impacts

The Specialist Identity and Access Management is a key player within I&T, controlling the quality of technology and services delivered into production.

The Specialist Identity and Access Management make recommendations to the business and I&T team members to assist in decision making (including during projects).

Level of Interaction/Influence

The Specialist interfaces directly with many key stakeholders of the organization such as: Change Management, Release Management, Build and Operations Teams, Business and End User, Process Managers and Analysts, Application Support teams, Information Security, Internal Audit and Human Resources.

Employees Supervised/Org.


· Individual Contributor



· Bachelor’s degree in Computer Science, Information Systems or other related field, or equivalent work experience

General Skills and Competencies

· Results oriented individual with an ability to deliver quality product in a timely manner.

· Ability to handle multiple and moderately sized assignments simultaneously.

· Competent at problem-solving through ingenuity and creativity.

· Detail oriented

· Good time management skills.

· Ability to prioritize between many important requests.

· Ability to organize.

· Ability to think and act under pressure.

· Strong teamwork and collaboration skills. Can adapt to the audience.

· Excellent verbal and written communication skills in both English and French.

Technical Skills/Knowledge

· Work experience within the IAM domain using an Identity and Governance application such as IBM Security Identity Manager (ISIM), Saviynt, SailPoint, etc.

· Good understanding of Identity & Access Management concepts and best practices with hands-on experience (ex: Access Certification, Provisioning/De-Provisioning, SSO, Privileged Access Management, Segregation of Duties)

· Experience with SAP authorization in environments such as ECC, Solution Manager, BW, Hana, GRC, Fiori.

More specifically:

· SAP ABAP & Fiori

o User Management, including SNC (SU01, SU10, EWZ5)

o Security roles (PFCG), Master/Derived and authorizations

o Fiori Catalogs, Fiori Groups and their management within security roles

o Management of security roles using transports (Solution Manager ChaRM)

· Cloud applications (BTP, IBP, SAC, Datasphere, Workzone, ABAP on Cloud, Cloud ALM, Signavio, EnableNow, Vertex)

o User management

o Security access/privileges (Role, Role Collections, Groups, etc.)

o User and access management in BTP Cloud Foundry, Space and SAP HANA Cloud

· Cloud Identity Services

o Understanding of the Authentication and provisioning mechanisms of connected applications

o User Management

o User Groups

· HANA Database

o User Management

o Security roles (catalog, repository)


· Minimum 7 years of relevant work experience

o Minimum 5 years experience in Identity and Access Management

· Work experience within the SAP Security domain


· Experience with SAP HR authorizations security

· eCATT scripts

Working Conditions

This role will require off-hour support on a rotational basis.

About CN
CN is a world-class transportation leader and trade-enabler. Essential to the economy, to the customers, and to the communities it serves, CN safely transports more than 300 million tons of natural resources, manufactured products, and finished goods throughout North America every year.

As the only railroad connecting Canada’s Eastern and Western coasts with the Southern tip of the U.S. through a 19,500 mile rail network, CN and its affiliates have been contributing to community prosperity and sustainable trade since 1919. CN is committed to programs supporting social responsibility and environmental stewardship.

At CN, we work as ONE TEAM, focused on safety, sustainability and our customers, providing operational and supply chain excellence to deliver results.

For internal candidates, note that the grade level of the position will depend on the employee’s experience.

CN is an employment equity employer and we encourage all qualified candidates to apply. We thank all applicants for their interest, however, only candidates under consideration will be contacted.

Please monitor your email on a regular basis, as communication is primarily made through email.