Job Description
Some of what you will do:
The Security Analyst, Security Risk & Compliance will support the management and continuous improvement of Staples Canada’s PCI compliance program and broader cybersecurity risk activities. This role will work closely with cybersecurity, technology, audit, and business stakeholders to coordinate PCI compliance tasks, gather evidence, track remediation activities, support security projects, and help business teams understand PCI and cyber-risk requirements.
Specifically, You Will
Governance & Policy Management
- Support the development, review, approval, communication, and refresh of information security and risk management policies.
- Maintain policy repositories and assist with governance reporting, metrics, and committee materials.
Risk Management
- Participate in enterprise and IT risk assessments, including risk identification, scoring, documentation, and mitigation tracking.
- Support risk workshops, maintain risk registers, and follow up on remediation activities with business and technology teams.
Compliance & Assurance
- Support compliance programs aligned to frameworks such as SOC 1/SOC 2, ISO/IEC 27001, PCI DSS, NIST CSF, and NIST 800-53.
- Assist with audits, evidence collection, control testing, issue tracking, and security/compliance inquiries.
Third-Party Risk Management
- Support vendor risk assessments, evidence reviews, issue tracking, and coordination with procurement, legal, and security teams.
- Identify opportunities to improve GRC processes, documentation, tooling, and support GRC platform maintenance.
Physical Environment/Working Conditions
- Office environment.
- May require limited travel.
- May require evening and weekend work based on business requirements.
Some Of What You Need
- Diploma or degree in cybersecurity, IT, computer science, risk management, or a related field; equivalent experience may be considered.
- 2–4 years of experience in cybersecurity, IT risk, compliance, audit, or technology.
- Experience supporting assessments, audits, control testing, compliance activities, and evidence collection.
- Basic understanding of cybersecurity risk, compliance, and frameworks such as PCI DSS, NIST CSF, ISO 27001, SOC 2, or CIS Controls.
- Strong documentation, analytical, communication, and stakeholder coordination skills.
- Ability to track risks, issues, action items, remediation plans, and compliance evidence.
- Experience with tools such as Microsoft Office, SharePoint, Teams, ServiceNow, Jira, or Confluence; retail, payment, PCI, or relevant certifications are assets.
Some Of What You Will Get
- Associate discount
- Health and Dental benefits
- RRSP/DPSP
- Performance bonuses
- Learning & Development programs
- And more…
About Us
We value transparency in our hiring processes. Please note, artificial intelligence may be used in certain stages to screen, assess, or select applicants, however, a human reviewer makes all final decisions. This posting is for an existing vacancy.
About The Team
About the Team
At Staples Canada we are dynamic, inspiring partners to our customers and the communities in which we live. As The Working and Learning Company, we inspire people to work smarter, learn more and grow every day. We’re looking for curious, approachable, and passionate individuals who love finding solutions. If that’s you, let’s work, learn, and grow together.
We are building an inclusive and diverse team
Staples Canada is continuously working towards creating an inclusive and diverse work environment. We welcome, value and thrive on perspectives and contributions from backgrounds that vary by race, gender, sexual orientation, gender identity or expression, lifestyle, age, educational background, national origin, religion or physical ability. If you have a disability or special need that requires accommodation, please let us know.
