Job DescriptionSome of what you will do:The Sr. Director, Cybersecurity & Risk Management is responsible for designing, governing, and executing the enterprise-wide security and risk strategy that protects company assets, data, customers, and brand across B2B and B2C lines of business. As the most senior security position in the enterprise, this role leads cyber defense, regulatory and standards compliance, risk management, privacy alignment, vendor audits, PCI compliance, and business resilience, ensuring that security practices enable growth, support innovation, and meet contractual, regulatory, and customer expectations. The Sr. Director partners closely with Technology, Legal/Privacy, Product, and Go-to-Market teams to embed "security-by-design" and "risk-aware" decision-making across the organization.
Specifically, You Will: - Define and execute a multi-year cybersecurity and risk strategy aligned with business goals and regulatory requirements.
- Lead the enterprise risk program, including identification, assessment, and continuous monitoring of technology risks.
- Manage third-party/vendor risk through due diligence, contractual requirements, and ongoing oversight.
- Oversee audits, certifications, and compliance with regulatory obligations, including PCI
- Direct security operations for threat monitoring, detection, and response.
- Coordinate incident response plans and act as executive lead during major events.
- Advance DevSecOps practices and enforce secure software development life cycle requirements.
- Deliver on cyber security and risk plans by actively driving initiatives with urgency and accountability; this role is more than building policies and frameworks
Some of what you need: - Bachelor's degree in Computer Science, Information Security, Engineering, or related field; Master's degree preferred (e.g., MBA, MS Information Security).
- Relevant certifications strongly preferred, such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CCISO (Certified Chief Information Security Officer), CISA (Certified Information Systems Auditor), CRISC (Risk and Information Systems Control), or equivalent
- 10-12 years of progressive experience in cybersecurity, technology risk, or related fields; 5-7 years leading multi-disciplinary security teams.
- Proven track record establishing/maturing security programs and achieving external certifications/attestations .
- Experience supporting enterprise B2B consumer/B2C environments.
- Expertise in relevant cyber security standards (NIST) and applicable Canadian and Retail regulations (such as PCI-DSS, PIPEDA, SOC 2, ISO standards, Privacy legislation)
- Previously demonstrated experience in leading cybersecurity and risk management.
Physical demands/working conditions: Office environment - Hybrid, 4 days a week in the Richmond Hill office, Monday to Thursday
Some of what you will get: - Associate discount
- Health and Dental benefits
- RRSP/DPSP
- Performance bonuses
- Learning & Development programs
- And more...
#BringyourpassionAbout UsWe value transparency in our hiring processes. Please note, artificial intelligence may be used in certain stages to screen, assess, or select applicants, however, a human reviewer makes all final decisions. This posting is for an existing vacancy.
About the TeamAbout the Team At Staples Canada we are dynamic, inspiring partners to our customers and the communities in which we live. As The Working and Learning Company, we inspire people to work smarter, learn more and grow every day. We're looking for curious, approachable, and passionate individuals who love finding solutions. If that's you, let's work, learn, and grow together.
We are building an inclusive and diverse team Staples Canada is continuously working towards creating an inclusive and diverse work environment. We welcome, value and thrive on perspectives and contributions from backgrounds that vary by race, gender, sexual orientation, gender identity or expression, lifestyle, age, educational background, national origin, religion or physical ability. If you have a disability or special need that requires accommodation, please let us know.
