Senior IT Audit Advisor, Information and Technology

at  Canadian National Railway

At CN, everyday brings new and exciting challenges. You can expect an interesting environment where you’re part of making sure our business is running optimally and safely―helping keep the economy on track. We provide the kind of paid training and opportunities that long-term careers are built on and we recognize hard workers who strive to make a difference. You will be able to thrive in our close-knit, safety-focused culture working together as ONE TEAM. The careers we offer are meaningful because the work we do matters. Join us!
Job Summary
The Senior Audit Advisor, Information and Technology (I&T)is responsible for assisting the Internal Audit team in accomplishing its objectives by bringing a systematic and focused approach to evaluate and improve the effectiveness of CN’s governance, risk management, and internal control.

Main Responsibilities

• Lead I&T and special audit projects to mitigate the company’s information, cyber and operational technology risks
• Plan and develop audit programs and perform audit projects based on a risk assessment approach
• Evaluate system risks, controls, and residual exposure for existing systems and processes
• Identify opportunities for improvement designed to add value and improve the organization’s operations
• Provide accurate, timely, clear, and concise audit results to Management
• Develop action plans with Management that remedy the risks in an acceptable time frame
• Follow-up and report progress on achieving strategic goals defined in the Management Action Plan
• Improve the audit process through innovation
• Keep abreast of new auditing techniques and technologies
• Perform testing of key I&T controls over financial reporting

Working Conditions
The role has standard working conditions in an office environment with a regular workweek from Monday to Friday. Due to the nature of the role, the incumbent must be able to meet tight deadlines, handle pressure, and stress.
Requirements
Experience

Internal Audit

• Between 3 to 5 years of experience in internal audit in a medium to large-sized organization
• Minimum 5 years of experience in Information or Operational Technology Security

o Experience working with the established cybersecurity standards and frameworks
o Experience leading and managing compliance and advisory audit projects
o Experience with data analytics and data visualization tools*
*Any experience for these above would be considered as an asset

Education/Certification/Designation

• Master’s in Business Administration or a Bachelor’s Degree in Computer Sciences, Information Systems, or equivalent
• Possess at least one of the following security certifications: Certified Information System Security Professional (CISSP), Certified Information System Auditor (CISA), Certified Information Security Manager (CISM), or Certified in Risk and Information System Control (CRISC)

Competencies

• Identifies potential safety and security risks
• Collaborates with others and shares information
• Sets direction and inspires others
• Communicates with impact
• Demonstrates agility and drives change
• Knows the business and stays current on industry needs
• Applies critical thinking
• Solves problems to create value

Technical Skills/Knowledge

• Knowledge of auditing procedures and risk assessment
• Excellent knowledge of I&T best practices and frameworks (e.g., Control Objectives for Information Technologies (COBIT) and Information Technology Infrastructure Library (ITIL))
• Knowledge of Committee of Sponsoring Organizations of the Treadway Commission (COSO)
• Knowledge of Sarbanes Oxley (SOX)*
• Fluently bilingual both written and verbal (English, French)*

*Any knowledge for any of the above would be considered as an asset
About CN
CN is a world-class transportation leader and trade-enabler. Essential to the economy, to the customers, and to the communities it serves, CN safely transports more than 300 million tons of natural resources, manufactured products, and finished goods throughout North America every year. As the only railroad connecting Canada’s Eastern and Western coasts with the Southern tip of the U.S. through a 19,500 mile rail network, CN and its affiliates have been contributing to community prosperity and sustainable trade since 1919. CN is committed to programs supporting social responsibility and environmental stewardship. At CN, we work as ONE TEAM, focused on safety, sustainability and our customers, providing operational and supply chain excellence to deliver results.
At CN, we are dedicated to building North America’s safest, most inclusive and sustainable railroad, which includes reflecting the communities in which we operate. Research shows that candidates from underrepresented groups often don’t apply unless they feel they fit the job posting at 100%. Even if you don’t see yourself in every job requirement listed in a posting, we still encourage you to apply. If you require an accommodation for the recruitment process (including alternate formats of materials, accessible meeting rooms or other accommodations), please reach out to our team at cnrecruitment@cn.ca.
As an equal employment opportunity employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, and other protected status as required by applicable law. We thank all applicants for their interest, however, only candidates under consideration will be contacted. Please monitor your email on a regular basis, as communication is primarily made through email.

• Lead I&T and special audit projects to mitigate the company’s information, cyber and operational technology risks
• Plan and develop audit programs and perform audit projects based on a risk assessment approach
• Evaluate system risks, controls, and residual exposure for existing systems and processes
• Identify opportunities for improvement designed to add value and improve the organization’s operations
• Provide accurate, timely, clear, and concise audit results to Management
• Develop action plans with Management that remedy the risks in an acceptable time frame
• Follow-up and report progress on achieving strategic goals defined in the Management Action Plan
• Improve the audit process through innovation
• Keep abreast of new auditing techniques and technologies
• Perform testing of key I&T controls over financial reportin