This job board retrieves part of its jobs from: Toronto Jobs | Emplois Montréal | IT Jobs Canada

Liberty and Prosperity for all - new job offers every day

To post a job, login or create an account |  Post a Job

IT Security & Compliance Specialist

Barnes & Noble Education

This is a Full-time position in Basking Ridge, NJ posted November 23, 2021.

JOB TITLE: IT Security & Compliance Specialist

REPORTS TO: Director, IT Compliance

JOB SUMMARY:

The IT Security & Compliance Specialist will oversee and support critical compliance initiatives including vendor management and IT risk management for our organization. The position will be responsible for spearheading our vendor management program and supporting standard deliverables related to accessibility, external audits and IT compliance operations. The ideal candidate will be expected to be skilled in Information Technology security and data privacy, offering recommendations on projects, programs and initiatives to ensure compliance with regulatory standards, policy and IT security metrics. The candidate selected for this role will also be responsible for working with the Director, IT Compliance to respond to security questionnaires from clients while providing superior service.

ESSENTIAL FUNCTIONS:

  • Conduct quantitative security risk analysis, direct and assist in remediation efforts, provide technical guidance, and recommend security enhancements to management, as needed.
  • Assist in the coordination and communication of new policies and procedures relevant to IT operations, including implementation of security guidance and solutions.
  • Manage the vendor risk management program, the risks associated with conducting business with third-party vendors and maintaining our program for vendor relationships.
  • Support risk assessments of applications, infrastructure, business and technology vendors against a defined risk framework. These assessments will be conducted either through a formalized risk assessment program or through other risk reporting activities.
  • Ongoing maintenance and support of the Compliance program which includes but is not limited to reporting, analysis, control testing, and partnering with various auditors.
  • Works with third parties, consultants, internal teams, and auditors to ensure regulatory compliance with applicable laws and regulations; remains current with required regulatory training.
  • Additional responsibilities as required.

Job Requirements:

REQUIREMENTS/QUALIFICATIONS:

  • Minimum 10-12 years of experience required. 
  • Strong interpersonal skills with the ability to work with teams cross-functionally.
  • Strong communicator to technical and non-technical audiences including developers and tech operators required.
  • Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and delivering on commitments.
  • Comprehensive understanding of accessibility design and engineering best practices including WCAG guidelines.
  • Knowledge of NIST, PCI-DSS standards as well as SOX, CCPA, GDPR, regulations. Contribute to developing assessment plans building on the methodologies promoted by these standards and regulations to quantify risk.
  • Proficiency with the OneTrust application, particularly vendor management and cookie compliance.
  • Performs activities needed to demonstrate regulatory compliance.
  • Facilitate and maintain responses to vendor risk assessments using industry-standard methods (i.e. SIG, HECVAT, VSAQ, or CIS, SANS Top 20) as well as business requests for information (ROIs).
  • Demonstrated experience in project management, including hands on experience in one or more of these areas: Security Operations and Tools, Privacy, Compliance (SOX, PCI), Vendor Risk Management and IT Risk Management.
  • Highly organized and efficient with excellent analytical, problem solving, and decision-making skills.
  • Ability to identify and resolve problems in a timely manner with a solution driven approach. 

KEY RELATIONSHIPS:

  • IT
  • Marketing
  • Sales
  • Development
  • Business Applications
  • Legal
  • Finance

Barnes & Noble Education, Inc. is an Equal Employment Opportunity and Affirmative Action Employer committed to diversity in the workplace.  Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.