Security Analyst - Security & Governance Compliance
Job in
Richmond Hill, Ontario, Canada
Listed on 2026-07-07
Listing for:
TVET College
Full Time
position Listed on 2026-07-07
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, Data Security, IT Business Analyst
Job Description & How to Apply Below
Trending
Job Description
Some of what you will do:
The Security Analyst, Security Risk & Compliance will support the management and continuous improvement of Staples Canada’s PCI compliance program and broader cybersecurity risk activities. This role will work closely with cybersecurity, technology, audit, and business stakeholders to coordinate PCI compliance tasks, gather evidence, track remediation activities, support security projects, and help business teams understand PCI and cyber-risk requirements.
Governance & Policy Management
Support the development, review, approval, communication, and refresh of information security and risk management policies.
Maintain policy repositories and assist with governance reporting, metrics, and committee materials.
Participate in enterprise and IT risk assessments, including risk identification, scoring, documentation, and mitigation tracking.
Support risk workshops, maintain risk registers, and follow up on remediation activities with business and technology teams.
Compliance & Assurance
Support compliance programs aligned to frameworks such as SOC 1/SOC 2, ISO/IEC 27001, PCI DSS, NIST CSF, and NIST 800-53.
Assist with audits, evidence collection, control testing, issue tracking, and security/compliance inquiries.
Third-Party Risk Management
Support vendor risk assessments, evidence reviews, issue tracking, and coordination with procurement, legal, and security teams.
Identify opportunities to improve GRC processes, documentation, tooling, and support GRC platform maintenance.
Physical Environment/
Working Conditions:
May require limited travel.
May require evening and weekend work based on business requirements.
Some of what you need:
Diploma or degree in cybersecurity, IT, computer science, risk management, or a related field; equivalent experience may be considered.
2–4 years of experience in cybersecurity, IT risk, compliance, audit, or technology.
Experience supporting assessments, audits, control testing, compliance activities, and evidence collection.
Basic understanding of cybersecurity risk, compliance, and frameworks such as PCI DSS, NIST CSF, ISO 27001, SOC 2, or CIS Controls.
Strong documentation, analytical, communication, and stakeholder coordination skills.
Ability to track risks, issues, action items, remediation plans, and compliance evidence.
Experience with tools such as Microsoft Office, SharePoint, Teams, Service Now, Jira, or Confluence; retail, payment, PCI, or relevant certifications are assets.
Some of what you will get:
Health and Dental benefits
RRSP/DPSP
Performance bonuses
#LI-Hybrid
Job Identification 70729
Job Category:
Technology, E-Commerce & Data Science
Locations: 6 Staples Ave, Richmond Hill, ON, L4B 4W3, CA
#J-18808-Ljbffr
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×