Be the reason

Security Awareness Program Manager

Staples is business to business. You’re what binds us together.

Our eCommerce team delivers customer-centric site experiences to position Staples as a digital selling platform of choice. Our team ensures that our mobile, desktop, and app platforms deliver the digital experience that our customers expect.  We do this through customer insights, analytics, and testing to build a strong innovation pipeline for the future and to bring products and solutions to market seamlessly. We utilize online merchandising and campaigns executed by both humans and automated tools to convert new and returning website visitors into customers. We work end-to-end with our sales, merchandising, finance, logistics and technology teams to provide a world-class, holistic digital experience, growing profitable results in a fun and rewarding work environment. We are inclusive, customer-obsessed, and are looking for well-rounded professionals with strong eCommerce business acumen to join our team.

Role Summary

As the Security Awareness Program Manager, you will take ownership of the Company’s global Cybersecurity Training and Awareness program, working to develop and execute a comprehensive strategy that ensures compliance with state, federal, and international laws, as well as PCI DSS, NIST, and other relevant standards. You will engage closely with teams across Communications, Learning & Development, Human Resources, Fraud, Security Operations, and our Subsidiary and Leadership teams. This position acts as the primary liaison to third-party security training and awareness vendors and is responsible for managing multiple vendor relationships to drive effective program delivery and continuous improvement.

What you’ll be doing:

• Building, maintaining, assigning, and tracking annual Security & Privacy Training and Developer Secure Code Training, ensuring compliance and audit requirements are met.

• Managing monthly phishing simulation and periodic voice phishing programs, including reporting and analysis for effectiveness.

• Developing and coordinating year-round security awareness events such as Security Champions, Cyber Security Awareness Month (CSAM), Data Privacy Week, and Internet Safety Month, featuring internal/external speakers, lunch & learns, virtual activities, and creative training materials.

• Collaborating with leaders to design and deliver engaging communications for all cybersecurity projects and initiatives.

• Creating new security training and awareness content and strategies in partnership with Security, Learning & Development, and Communications teams.

• Maintaining the Security intranet and SharePoint sites to provide up-to-date resources and messaging.

• Managing end-to-end vendor relationships from RFP participation to project delivery and performance evaluation.

• Owning and executing projects for both integrated and non-integrated subsidiaries, supporting employees and contractors.

• Analyzing training and simulation metrics, reporting on effectiveness, and strategizing improvements based on data and industry trends.

• Utilizing AI prompt creation for developing graphics and content as needed.

• Advising senior leadership on human risk and behavior-change strategies, presenting program performance and strategic plans to leadership and compliance/audit teams.

What you bring to the table:

• Strong interpersonal skills with proven ability to influence at all levels of the organization.

• Excellent written and verbal communication skills, including the ability to translate technical concepts into engaging, accessible messages.

• Creativity and innovation for designing effective, compelling educational campaigns tailored to diverse audiences.

• Organizational agility and project management expertise, adept at balancing multiple initiatives and stakeholder relationships.

• High degree of professionalism, integrity, and confidentiality.

What’s needed – Basic Qualifications:

• Bachelor’s Degree in Cybersecurity, Information Technology, Communications, Education, or a related field.

• 7+ years relevant experience in IT Security or Cybersecurity, training and development, communications, or related disciplines.

• 3+ years direct experience managing a security awareness program or equivalent function.

• Proven experience developing and managing IT Security or Cybersecurity training and awareness programs.

• Strong knowledge of cybersecurity frameworks and standards (e.g., NIST CSF, PCI DSS, ISO 27001).

• Experience with phishing simulation platforms and LMS tools.

• Excellent project management and vendor management skills.

• Ability to analyze risk trends and human behavior metrics to adjust awareness strategies.

What’s needed – Preferred Qualifications:

• Security certifications such as CISSP, CISM, CISA, or SSAP (SANS Security Awareness Professional).

• Certifications in adult learning, instructional design, or change management (e.g., CPLP, Prosci).

• Experience working in regulated industries or global organizations with compliance requirements (e.g., GDPR, HIPAA).

• Familiarity with scripting or automation tools (e.g., Python, PowerShell, APIs) used in awareness programs.

We Offer:

• Inclusive culture with associate-led Business Resource Groups
• Flexible PTO (22 days) and Holiday Schedule (7 observed paid holidays)
• Online and Retail Discounts, Company Match 401(k), Physical and Mental Health Wellness programs, and more!https://careers.staples.com/Staples-Life/Benefits

The salary range represents the expected compensation for this role at the time of posting. The specific base pay may be influenced by a variety of factors to include the candidate's experience, skill set, education, geography, business considerations, and internal equity.  In addition to base pay, this role may be eligible for bonuses, or other forms of variable compensation.

 It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. 

Chez Staples, « inclusion » est un mot d'action. Il représente ce que nous faisons pour garantir que tous les employés se sentent valorisés et soutenus afin de contribuer à leur plein potentiel. Lorsque nous opérons de manière inclusive, la diversité suit naturellement. C'est pourquoi nous travaillons dur pour favoriser une culture inclusive, car nous recherchons des employés ayant des perspectives uniques et variées et des domaines d'expertise divers. Le résultat est un meilleur environnement de travail et une réflexion innovante qui nous aide à dépasser les attentes de nos clients – grâce à la force des personnes derrière notre marque emblématique.

Staples est un employeur garantissant l'égalité des chances. Tous les candidats qualifiés seront pris en considération pour un emploi sans distinction de race, couleur, religion, âge, sexe, orientation sexuelle, identité de genre, origine nationale, statut de vétéran protégé, handicap ou toute autre base protégée par la loi fédérale, étatique ou locale.