Senior Director, Cybersecurity & Risk Management

Job Overview

Senior Director, Cybersecurity & Risk Management is responsible for designing, governing, and executing the enterprise‑wide security and risk strategy that protects company assets, data, customers, and brand across business‑to‑business and business‑to‑customer lines of business. Operating as a senior leader within the Office of the Chief Information Officer, this role serves as the most senior security position in the enterprise, leading cyber defense, regulatory and standards compliance, risk management, privacy alignment, vendor audits, Payment Card Industry compliance, and business resilience.

The director partners closely with Technology, Legal/Privacy, Product, and Go‑to‑Market teams to embed “security‑by‑design” and “risk‑aware” decision‑making across the organization.

• Define and execute a multi‑year cybersecurity and risk strategy aligned with business goals and regulatory requirements.
• Lead the enterprise risk program, including identification, assessment, and continuous monitoring of technology risks.
• Manage third‑party/vendor risk through due diligence, contractual requirements, and ongoing oversight.
• Oversee audits, certifications, and compliance with regulatory obligations, including Payment Card Industry.
• Direct security operations for threat monitoring, detection, and response.
• Coordinate incident response plans and act as executive lead during major events.
• Advance Development, Security, and Operations practices and enforce secure software development lifecycle requirements.
• Deliver on cyber security and risk plans by actively driving initiatives with urgency and accountability; this role is more than building policies and frameworks.

• Bachelor’s degree in Computer Science, Information Security, Engineering, or related field;
  Master’s degree preferred in Business Administration or Information Security.
• Relevant certifications strongly preferred, such as CISSP, CISM, CCSO, CISA, LCSA, or equivalent.
• 10–12 years of progressive experience in cybersecurity, technology risk, or related fields; 5–7 years leading multi‑disciplinary security teams.
• Proven track record establishing or maturing security programs and achieving external certifications/attestations.
• Experience supporting enterprise business‑to‑business consumer/business‑to‑customer environments.
• Expertise in relevant cyber security standards (e.g., NIST, PCI‑DSS, PIPEDA, SOC 2, ISO’s, privacy legislation).
• Experience with Microsoft Active Directory and Identity and Access Management is a strong asset.
• Previously demonstrated experience in leading cybersecurity and risk management.

Office environment – Hybrid, 4 days a week in the Richmond Hill office, Monday to Thursday.

• Associate discount
• Health and Dental benefits
• RRSP/DPSP
• Performance bonuses
• Learning & Development programs
• And more…

We value transparency in our hiring processes. Please note, artificial intelligence may be used in certain stages to screen, assess, or select applicants; however, a human reviewer makes all final decisions. This posting is for an existing vacancy.

At Staples Canada we are dynamic, inspiring partners to our customers and the communities in which we live. As The Working and Learning Company, we inspire people to work smarter, learn more and grow every day. We’re looking for curious, approachable, and passionate individuals who love finding solutions. If that’s you, let’s work, learn, and grow together.

Staples Canada is continuously working towards creating an inclusive and diverse work environment. We welcome, value and thrive on perspectives and contributions from backgrounds that vary by race, gender, sexual orientation, gender identity or expression, lifestyle, age, educational background, national origin, religion or physical ability. If you have a disability or special need that requires accommodation, please let us know.