Cyber Security Analyst II

Staples is business to business. You're what binds us together.

Our digital solutions team is more than a traditional IT organization. We are a team of passionate, collaborative, agile, inventive, customer-centric, results-oriented problem solvers. We are intellectually curious, love advancements in technology and seek to adapt technologies to drive Staples forward. We anticipate the needs of our customers and business partners and deliver reliable, customer-centric technology services.

What you'll be doing:

• Perform supplier due diligence using our risk assessment processes and tools.

• Conduct research and collaborate with internal subject matter experts to understand and document risks identified during risk evaluations and due diligence.

• Support and develop third party risk reporting and key risk metrics and assist with coordinating and communicating results to stakeholders to inform business decisions.

• Identify and communicate third-party risks to business owners and other stakeholders. Escalate issues or risks internally when appropriate.

• Partner with internal stakeholders, and other subject matter experts, to support the ongoing improvement of our third-party risk assessment processes.

• Assist in developing and updating relevant policies, standards, and procedures and effectively communicate changes to the broader stakeholder community.

What you bring to the table:

• Strong analytical, critical thinking, and problem-solving skills with attention to detail.

• Basic project management and documentation skills to manage multiple parallel priorities.

• Excellent written and verbal communication skills.

• Ability to build strong and trusted relationships in a collaborative way.

• Possess strong decision-making skills and be highly self-disciplined.

• Self-starter who enjoys working independently, creating, and implementing new initiatives, and works efficiently as part of a team.

• Capable of thriving in a dynamic, results-driven, and rapidly changing work environment.

• Understanding of PCI DSS and NIST CSF.

What's needed- Basic Qualifications:

• High School diploma

• 1+ year of prior related work experience is more important that a 4-year degree

• 3+ years of experience in a Third-Party Risk/Vendor Risk or similar role

• Foundational knowledge of Cybersecurity equivalent to the content covered in the SANS SEC275 or CompTIA Security+ certifications.

What's needed- Preferred Qualifications:

• CTPRP preferred

• Familiarity with third party risk management tools, such as LogicGate, is beneficial

We Offer:

• Inclusive culture with associate-led Business Resource Groups

• Flexible PTO (22 days) and Holiday Schedule

• Online and Retail Discounts, Company Match 401(k), Physical and Mental Health Wellness programs, and more!