Specialist Identity Access Management - SAP Security and Controls At CN, everyday brings new and exciting challenges. You can expect an interesting environment where you’re part of making sure our business is running optimally and safely, helping keep the economy on track. We provide the kind of paid training and opportunities that long-term careers are built on and we recognize hard workers who strive to make a difference. You will be able to thrive in our close-knit, safety-focused culture working together as ONE TEAM. The careers we offer are meaningful because the work we do matters. Join us! Job Summary This role requires a IAM specialist with strong expertise in Saviynt and SAP Security. The Specialist will contribute across two primary domains: Saviynt access automation , and SAP role-based access control (RBAC). Successful execution of this role requires close collaboration with business, project, and IT teams to deliver secure, compliant, and scalable access solutions. The Specialist acts as a trusted subject matter expert, leading hands-on design and execution activities, validating outcomes, supporting project delivery, and actively sharing knowledge with project and operational teams. Main Responsibilities Saviynt Access Automation Integrations o Serve as a trusted authority on Saviynt IGA functionality, configuration, and enterprise integrations, providing guidance to technical and business stakeholders. o Design and monitor high‑quality integrations between Saviynt and systems including ServiceNow, Active Directory, SaaS and PaaS applications, and on‑premise target systems. o Configure, maintain, and enhance identity integrations between SaaS/PaaS applications and SAP Cloud Identity Services, ensuring secure and reliable data flows. o Support user lifecycle management processes, including joiner, mover, and leaver (JML) workflows and automation. o Saviynt Risk and Compliance capabilities, including Segregation of Duties (SoD) analysis, Critical Action monitoring, access certifications, and audit evidence generation. o Direct and participate in unit testing, support end-to-end functional validation of integrations and automation workflows. SAP Security o Design, build, unit test, and deploy SAP roles, translating functional business requirements into security technical role designs. o Demonstrate comprehensive knowledge of various SAP security role types and authorization concepts, such as: o SAP Analytics Cloud o SAP Business Technology Platform (BTP) o SAP Cloud ALM o SAP Cloud Identity Services o SAP Datasphere o SAP HANA Databases o SAP Integrated Business Planning (IBP) o Demonstrate a strong understanding user provisioning process in multiple SAP platforms and SaaS and PaaS applications. o Troubleshoot access issues, analyze authorization failures, and resolve security conflicts. o Possess hands-on experience with SAP Cloud Identity Services, including user authentication and user provisioning for SaaS and PaaS applications. Communications, Collaboration and Support o Collaborate closely with technical, functional, data, risk, and control teams across SAP and IAM initiatives. o Communicate effectively with both technical and non‑technical stakeholders, clearly explaining security concepts, design decisions, and recommendations. o Manage incoming requirements, competing priorities, and deadlines using strong organizational and planning skills. o Maintain current process documentation. Experience o Minimum 4 years of experience in Identity Access Management, Application Security, IAM Integrations and SAP Cloud Identity Services o Minimum 5 years of experience in SAP Application role design o Experience with SAP Migrations (Brownfield) as well as RISE Migrations a plus Education/Certification/Designation o Bachelor’s Degree in Computer Science, Information Systems, or an equivalent combination of education and relevant work experience. Competencies o Adapt to evolving requirements and unexpected challenges within a fast‑paced SAP program environment. o Communicates with impact across diverse audiences. o Demonstrates accountability and ownership for deliverables. o Results‑oriented, with a strong focus on quality and timely delivery. o Ability to manage multiple concurrent assignments of moderate complexity. o Strong problem‑solving skills, applying ingenuity and creativity. o Detail‑oriented with a strong quality mindset. o Strong time management, prioritization, and organizational skills. o Works effectively with limited supervision while demonstrating a sense of urgency. o Demonstrates strong teamwork and collaboration skills, adapting communication style as needed. Technical Skills/Knowledge o Application security knowledge across SAP ABAP and Fiori, SAP Cloud Applications, SAP Cloud Identity Services, SAP HANA. Strong functional and integration knowledge of Saviynt. o Integration experience with ServiceNow, Active Directory and SSO platforms. o Experience integrating SAP systems with third‑party applications. o Strong understanding of SOX requirements. o Knowledge of IAM processes, including user lifecycle management, provisioning, deprovisioning, and recertification. o Familiarity with IAM tools , and access governance principles. About CN CN is a world-class transportation leader and trade-enabler. Essential to the economy, to the customers, and to the communities it serves, CN safely transports more than 300 million tons of natural resources, manufactured products, and finished goods throughout North America every year. As the only railroad connecting Canada’s Eastern and Western coasts with the Southern tip of the U.S. through a 19,500 miles rail network, CN and its affiliates have been contributing to community prosperity and sustainable trade since 1919. CN is committed to programs supporting social responsibility and environmental stewardship. At CN, we work as ONE TEAM, focused on safety, sustainability and our customers, providing operational and supply chain excellence to deliver results.