Job Description
Some of what you will do:
The Senior Director, Cybersecurity & Risk Management is responsible for designing, governing, and executing the enterprise-wide security and risk strategy that protects company assets, data, customers, and brand across business-to-business and business-to-customer lines of business. Operating as a senior leader within the Office of the Chief Information Officer, this role serves as the most senior security position in the enterprise, this role leads cyber defense, regulatory and standards compliance, risk management, privacy alignment, vendor audits, Payment Card Industry compliance, and business resilience, ensuring that security practices enable growth, support innovation, and meet contractual, regulatory, and customer expectations. The Senior Director partners closely with Technology, Legal/Privacy, Product, and Go-to-Market teams to embed “security-by-design” and “risk-aware” decision-making across the organization.
Specifically, You Will
- Define and execute a multi-year cybersecurity and risk strategy aligned with business goals and regulatory requirements.
- Lead the enterprise risk program, including identification, assessment, and continuous monitoring of technology risks.
- Manage third-party/vendor risk through due diligence, contractual requirements, and ongoing oversight.
- Oversee audits, certifications, and compliance with regulatory obligations, including Payment Card Industry
- Direct security operations for threat monitoring, detection, and response.
- Coordinate incident response plans and act as executive lead during major events.
- Advance Development, Security, and Operations practices and enforce secure software development life cycle requirements.
- Deliver on cyber security and risk plans by actively driving initiatives with urgency and accountability; this role is more than building policies and frameworks
Some Of What You Need
- Bachelor’s degree in Computer Science, Information Security, Engineering, or related field; Master’s degree preferred in Business Administration, Information Security
- Relevant certifications strongly preferred, such as Certified Information Systems Security Professional, Certified Information Security Manager, Certified Chief Information Security Officer, Certified Information Systems Auditor, Risk and Information Systems Control, or equivalent
- 10–12 years of progressive experience in cybersecurity, technology risk, or related fields; 5–7 years leading multi-disciplinary security teams.
- Proven track record establishing/maturing security programs and achieving external certifications/attestations.
- Experience supporting enterprise business-to-business consumer/ business-to-customer environments.
- Expertise in relevant cyber security standards (National Institute of Standard Technology) and applicable Canadian and Retail regulations (such as Payment Card Industry Data Security Standard, Personal Information Protection and Electronic Documents, Service Organization Control 2, International Organization for Standardization standards, Privacy legislation)
- Experience with Microsoft Active Directory and Identity and Access Management is a strong asset.
- Previously demonstrated experience in leading cybersecurity and risk management.
Physical Demands/working Conditions
Office environment – Hybrid, 4 days a week in the Richmond Hill office, Monday to Thursday
Some Of What You Will Get
- Associate discount
- Health and Dental benefits
- RRSP/DPSP
- Performance bonuses
- Learning & Development programs
- And more…
About Us
We value transparency in our hiring processes. Please note, artificial intelligence may be used in certain stages to screen, assess, or select applicants, however, a human reviewer makes all final decisions. This posting is for an existing vacancy.
About The Team
About the Team
At Staples Canada we are dynamic, inspiring partners to our customers and the communities in which we live. As The Working and Learning Company, we inspire people to work smarter, learn more and grow every day. We’re looking for curious, approachable, and passionate individuals who love finding solutions. If that’s you, let’s work, learn, and grow together.
We are building an inclusive and diverse team
Staples Canada is continuously working towards creating an inclusive and diverse work environment. We welcome, value and thrive on perspectives and contributions from backgrounds that vary by race, gender, sexual orientation, gender identity or expression, lifestyle, age, educational background, national origin, religion or physical ability. If you have a disability or special need that requires accommodation, please let us know.
