Intern, Governance, Risk and Compliance

Canadian National Railway Company (CN) is looking for a highly motivated person to fulfill a full-time (40h/week) Intern, Governance, Risk and Compliance position in Montreal, QC from May- Aug 2025.

Job Summary

The Intern, Governance, Risk and Compliance (GRC) is responsible to execute the activities supporting the GRC framework and processes. The incumbent supports the GRC team in maintaining its security posture through governance, risk and compliance. The GRC team provides the Chief Information Security Office’s (CISO) primary leadership on maintaining, supporting, and operating the CN Information Security GRC framework, including information security classification, risk management processes, and security related policies. In addition, the GRC team communicates, oversees and supports security recommendations to meet business objectives, provides governance over control activities, and ensures adherence to regulatory and information security requirements.

Major Responsibilities Assist the GRC team to develop, maintain, and update security documentation such as policies, procedures, guidelines, standards, or requirements Process various security requests and intakes assigned to the GRC team Contribute to the documentation and follow-ups on issues related to security violations, policy and compliance exceptions, including recommendations for addressing any identifying control weaknesses Assist in the collection and processing of Cybersecurity metrics Requirements Follows safety procedures, information security instructions and Environmental, Social and Governance (ESG) principles to lead by example Inspires others with impactful communications and adapts to the audience Applies analytical thinking to make recommendations that pursue sustainable performance Knowledge of securing network technologies, client and server operating system and applications Knowledge of some Operational and Information Security Risk Management frameworks Knowledge of some industry cybersecurity frameworks Collaborates with key internal stakeholders to enable higher productivity Fluent in both written and verbal in English Fluent in both written and verbal in French* Education Working towards a Bachelor’s Degree in Information Security or Cybersecurity*

*Any experience/education/skills/knowledge for these above would be considered as an asset