Security Analyst - Security & Governance Compliance
Listed on 2026-06-26
-
IT/Tech
Cybersecurity, Information Security, Data Security, IT Business Analyst
Some of what you will do:
The Security Analyst, Security Risk & Compliance will support the management and continuous improvement of Staples Canada’s PCI compliance program and broader cybersecurity risk activities. This role will work closely with cybersecurity, technology, audit, and business stakeholders to coordinate PCI compliance tasks, gather evidence, track remediation activities, support security projects, and help business teams understand PCI and cyber‑risk requirements.
- Support the development, review, approval, communication, and refresh of information security and risk management policies.
- Maintain policy repositories and assist with governance reporting, metrics, and committee materials.
- Participate in enterprise and IT risk assessments, including risk identification, scoring, documentation, and mitigation tracking.
- Support risk workshops, maintain risk registers, and follow up on remediation activities with business and technology teams.
- Support compliance programs aligned to frameworks such as SOC 1/SOC 2, ISO/IEC 27001, PCI DSS, NIST CSF, and NIST 800‑53.
- Assist with audits, evidence collection, control testing, issue tracking, and security/compliance inquiries.
- Support vendor risk assessments, evidence reviews, issue tracking, and coordination with procurement, legal, and security teams.
- Identify opportunities to improve GRC processes, documentation, tooling, and support GRC platform maintenance.
- Office environment.
- May require limited travel.
- May require evening and weekend work based on business requirements.
- Diploma or degree in cybersecurity, IT, computer science, risk management, or a related field; equivalent experience may be considered.
- 2–4 years of experience in cybersecurity, IT risk, compliance, audit, or technology.
- Experience supporting assessments, audits, control testing, compliance activities, and evidence collection.
- Basic understanding of cybersecurity risk, compliance, and frameworks such as PCI DSS, NIST CSF, ISO 27001, SOC 2, or CIS Controls.
- Strong documentation, analytical, communication, and stakeholder coordination skills.
- Ability to track risks, issues, action items, remediation plans, and compliance evidence.
- Experience with tools such as Microsoft Office, SharePoint, Teams, Service Now, Jira, or Confluence; retail, payment, PCI, or relevant certifications are assets.
- Associate discount
- Health and dental benefits
- RRSP/DPSP
- Performance bonuses
- Learning & development programs
- And more…
Staples Canada is continuously working towards creating an inclusive and diverse work environment. We welcome, value and thrive on perspectives and contributions from backgrounds that vary by race, gender, sexual orientation, gender identity or expression, lifestyle, age, educational background, national origin, religion or physical ability. If you have a disability or special need that requires accommodation, please let us know.
#J-18808-LjbffrTo Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: