Security Analyst - Security & Governance Compliance

Staples

Some of what you will do

The Security Analyst, Security Risk & Compliance will support the management and continuous improvement of Staples Canada’s PCI compliance program and broader cybersecurity risk activities. This role will work closely with cybersecurity, technology, audit, and business stakeholders to coordinate PCI compliance tasks, gather evidence, track remediation activities, support security projects, and help business teams understand PCI and cyber-risk requirements.

Governance & Policy Management

  • Support the development, review, approval, communication, and refresh of information security and risk management policies.

  • Maintain policy repositories and assist with governance reporting, metrics, and committee materials.

Risk Management

  • Participate in enterprise and IT risk assessments, including risk identification, scoring, documentation, and mitigation tracking.

  • Support risk workshops, maintain risk registers, and follow up on remediation activities with business and technology teams.

Compliance & Assurance

  • Support compliance programs aligned to frameworks such as SOC 1/SOC 2, ISO/IEC 27001, PCI DSS, NIST CSF, and NIST 800-53.

  • Assist with audits, evidence collection, control testing, issue tracking, and security/compliance inquiries.

Third-Party Risk Management

  • Support vendor risk assessments, evidence reviews, issue tracking, and coordination with procurement, legal, and security teams.

  • Identify opportunities to improve GRC processes, documentation, tooling, and support GRC platform maintenance.

Physical Environment/Working Conditions

  • Office environment.

  • May require limited travel.
    • May require evening and weekend work based on business requirements

Some of what you need

  • Diploma or degree in cybersecurity, IT, computer science, risk management, or a related field; equivalent experience may be considered.

  • 2–4 years of experience in cybersecurity, IT risk, compliance, audit, or technology.

  • Experience supporting assessments, audits, control testing, compliance activities, and evidence collection.

  • Basic understanding of cybersecurity risk, compliance, and frameworks such as PCI DSS, NIST CSF, ISO 27001, SOC 2, or CIS Controls.

  • Strong documentation, analytical, communication, and stakeholder coordination skills.

  • Ability to track risks, issues, action items, remediation plans, and compliance evidence.

  • Experience with tools such as Microsoft Office, SharePoint, Teams, ServiceNow, Jira, or Confluence; retail, payment, PCI, or relevant certifications are assets.

Some of what you will get

  • Associate discount

  • Health and Dental benefits

  • RRSP/DPSP

  • Performance bonuses

  • Learning & Development programs

  • And more…

#MakeAnImpact

We value transparency in our hiring processes. Please note, artificial intelligence may be used in certain stages to screen, assess, or select applicants, however, a human reviewer makes all final decisions. This posting is for an existing vacancy.

Apply Now Apply Now Post a Resume

See more jobs in Richmond Hill, ON, jobs in Canada