Information Systems Audit Manager

Join CPKC, North America’s first transnational railroad connecting U.S., Canada, and Mexico, where your career drives progress and safety is paramount. We connect communities, fuel economic growth, and provide meaningful work in a culture that values diversity, accountability, and pride. With opportunities for training, development, and advancement, you’re not just building a career—you’re part of something bigger. Together, we move goods, connect people, and create lasting change. Your future starts here.

As the IS Audit Manager, you’ll play a critical role in safeguarding CPKC’s technology landscape by leading complex audits that span cybersecurity, IT governance, cloud security, and industrial control systems. You’ll shape and enhance our IS audit program, delivering insights and recommendations that strengthen controls, mitigate risks, and support the modernization of our internal audit function. This is a high-impact leadership opportunity where your expertise will influence strategic decisions, protect critical infrastructure, and ensure resilience across a rapidly evolving digital environment.

• Support the development and implementation of a risk-based IS audit plan to provide CPKC Management and the Board of Directors with an independent, objective assessment of the design and operating effectiveness of information system controls
• Conduct risk-based planning, fieldwork, reporting, and supervision of IS audit and advisory engagements
• Complete engagements effectively within scope and budget, in accordance with established standards and IT frameworks
• Perform root cause analysis for non-compliance and other audit observations, and provide value-added recommendations and management insights
• Present audit reports to management at various levels and obtain clear action plans that address identified business risks
• Communicate results through strong presentation, negotiation, and report‑writing skills, and support an effective follow‑up program to ensure timely corrective action on risk exposures
• Follow up with management on action plans to ensure they adequately address risks; participate in developing the annual audit plan and maintaining the IS audit universe
• Maintain objectivity and independence while fostering positive, professional relationships with management

• University degree in Computer Science, Information Systems, or another relevant field required
• Minimum of 8 years in Technology and 5 years in Audit/Risk experience
• Proven experience leading large IS audits and projects in the specialized IS areas noted above, with strong results delivered
• CISA certification is required; CISSP, CISM, and CIA certifications are considered an added advantage.
• Experience using NIST 800-53, NIST Cybersecurity Framework, Center for Internet Security (CIS), ISO 27001/2, COBIT, ITIL, and CMMI for various audits
• Expert knowledge of IT Risk Management practices and strong business acumen, including applying advanced analytics aligned with modernized audit principles and techniques
• Understanding of the rail industry would be considered an asset

• Flexible and competitive benefits package
• Competitive company pension and/or retirement plans
• Employee share purchase plan
• Performance incentive plan
• Annual fitness subsidy

• Criminal history check
• Education verification
• Professional references

As an employee with a North American presence, the possibility does exist that the location of your position may be changed based on organizational requirements.

Becoming a qualified conductor or locomotive engineer is the single best way for a management employee to learn the business at CPKC. You may be required to obtain a certification or to maintain your current certification/qualification as a conductor or locomotive engineer.

For our U.S. applicants, CPKC is an equal opportunity/affirmative action employer, inclusive of protected veterans and individuals with disabilities. For Canadian applicants CPKC is an employment equity employer committed to the principles of employment equity and inclusion. We encourage all qualified candidates to apply including: women, Black, Indigenous, People of Color (BIPOC), members of the LGBTQ+ community and people with disabilities. Accommodations for the job application process can be provided, as appropriate, upon request. All applicant information will be managed in accordance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA).