**Education - It's in Our DNA** At Barnes & Noble Education (“BNED”) we are dedicated to making tomorrow a better, more inclusive, and smarter world by servicing all who work in education. As a leading solutions provider for the education industry, we are committed to driving affordability, accessibility, and achievement at hundreds of academic institutions nationwide by ensuring millions of students are equipped for success in the classroom and beyond. Together, our teams work to elevate lives through education. We are seeking an **Specialist, IT Security, Risk & Compliance** to drive critical initiatives in Vendor Management, IT Risk Management, and overall compliance operations. In this role, you will manage the Vendor Management Program, support audits and accessibility efforts, and ensure alignment with regulatory standards and IT security policies. You will also provide expertise in data privacy and cybersecurity, delivering actionable recommendations to enhance compliance and strengthen organizational security. **How You'll Make an Impact** + Perform quantitative security risk analyses, provide technical guidance, and recommend security enhancements to management as needed, while assisting with remediation efforts. + Coordinate and communicate new IT policies and procedures, ensuring the effective implementation of security guidance and solutions. + Manage the Vendor Risk Management Program, addressing risks associated with third-party vendors and maintaining the program to ensure secure vendor relationships. + Conduct risk assessments of applications, infrastructure, and business or technology vendors using a defined risk framework, either through formalized programs or other risk reporting activities. + Maintain and support the Compliance Program, including reporting, analysis, control testing, and collaboration with internal and external auditors. + Collaborate with third parties, consultants, internal teams, and auditors to ensure adherence to regulatory compliance requirements and remain current with relevant regulatory training. + Perform additional duties as assigned. **What You'll Need to Succeed** + 5+ years of experience in IT security, compliance, or related fields, with expertise in Security Operations, Privacy, SOX and PCI Compliance, Vendor Risk Management, and IT Risk Management. + Strong knowledge of accessibility design and engineering best practices, including WCAG guidelines. + In-depth understanding of NIST, PCI-DSS, SOX, CCPA, and GDPR regulations, with the ability to develop risk assessment plans and methodologies. + Experience using risk management software such as OneTrust or Navex IRM for vendor management, risk assessment and cookie compliance. + Experience conducting and responding to vendor risk assessments and business requests for information (ROIs) using industry-standard tools such as SIG, HECVAT, VSAQ, CIS, or SANS Top 20. + Demonstrated ability to ensure regulatory compliance through reporting, analysis, control testing, and process management. + Highly organized and efficient, with the ability to manage multiple projects in a fast-paced, deadline-driven environment. + Excellent communication skills, capable of explaining technical concepts to both technical and non-technical audiences. + Strong interpersonal skills for cross-functional collaboration and teamwork. + Skilled in navigating ambiguity, taking ownership of processes, and delivering results. + Exceptional analytical, problem-solving, and decision-making skills with a solution-driven approach to challenges. **_Note: This is a hybrid role requiring a mix of in-office attendance at our Columbia, MO location and remote work. Applicants must be within a commutable distance to the Columbia, MO area._** **How We Elevate Our Employees** We believe your success is our success, so our benefits package is designed specifically to support you in every aspect of your life. At BNED, we offer a variety of programs and resources to support the physical, mental, and financial well-being of our employees by offering a competitive total rewards package for full-time employees, which includes medical, dental, and vision plans, 401k match, life insurance, commuter benefits, paid time off with paid holidays, and a broad range of other benefits. **The hiring range for this position is $70000 - 80000 annually.** The actual pay may vary based on a number of factors, including professional experience, hiring location, skills, competencies, and may fall outside of the range shown. **Our Commitment to Diversity, Equity, & Inclusion** _At Barnes & Noble Education we empower everyone. Our mission is to support students, faculty and schools, serving as a catalyst to meet the evolving needs of the education system and a new generation of students. That starts with fostering an environment for our employees where diversity and individuality is celebrated._ _Barnes & Noble Education is an Equal Employment Opportunity and Affirmative Action Employer committed to diversity in the workplace. In the spirit of inclusivity, qualified applicants will receive consideration for employment without regard to age, ethnicity, ability, gender, gender expression, gender identity, nationality, protected veteran status, race, religion or sexual orientation._ _\#INDBNED_ **Job Locations** _US-MO-Columbia_ **ID** _2024-16231_ **Category** _Information Technology_ **Position Type** _Regular FT_