What are the responsibilities and job description for the Group Chief Information Security Officer position at Barnes & Noble?
The Chief Information Security Officer (CISO) will lead and oversee the Information Security program across the entire organization. The role will be responsible for developing, implementing, and maintaining a unified enterprise security strategy that ensures the confidentiality, integrity, and availability of the company’s information assets, platforms, infrastructure, and customer data across all business operations.
As the organization continues to modernize its retail, digital, cloud, and enterprise technology platforms, we require a transformational security leader capable of driving the next phase of cybersecurity maturity across the group. This role is significantly broader than traditional cybersecurity operations and compliance management. The CISO will play a critical leadership role in helping the organization securely navigate large-scale technology transformation, AI adoption, cloud modernization, evolving regulatory requirements, and an increasingly sophisticated global threat landscape.
The CISO will be responsible for establishing and leading a group-wide cybersecurity strategy across both US and UK operations, driving consistency in governance, policy, standards, risk management, incident response, and operational security practices. This includes developing enterprise security standards, modernizing security architecture, implementing Zero Trust principles, strengthening cloud and identity security, improving business resilience, and reducing legacy technology and operational risk across the environment.
Cybersecurity has evolved far beyond traditional perimeter defense and audit-driven compliance programs. We now face a rapidly changing threat environment driven by AI-enabled attacks, ransomware, cloud complexity, third-party supply chain risk, increasing regulatory scrutiny, and growing operational dependence on digital platforms. As a result, the CISO must operate not only as a security leader, but also as a strategic business partner and an agent for transformation.
This role will require close collaboration with executive leadership, technology teams, legal, compliance, operations, and external partners to ensure security is embedded into the organization’s strategy and business operations. Given the strategic importance of cybersecurity and enterprise risk management to the organization, the CISO role will maintain a regular reporting cadence with the Board Risk Committee and will be responsible for providing ongoing updates related to cybersecurity posture, operational risk, regulatory compliance, major initiatives, emerging threats, and overall enterprise resilience.
Benefits for those who are scheduled to work less than 20 hours per week include Employee Discount, EAP and Sick Pay. For those scheduled to work between 20 and 29.99 benefits include Employee Discount, EAP, Sick Pay and Paid Time Off including paid Maternity and Parental Leave, Company Paid Holidays, Transit and 401(k) with Company Match. For those scheduled to work 30 hours or more benefits include Employee Discount, EAP, Sick Pay and Paid Time Off including paid Maternity and Parental Leave, Company Paid Holidays, 401(k) with Company Match, Comprehensive Health Benefits (Medical, Dental and Vision), Healthcare and Dependent Care Spending Accounts, Healthcare Spending Account, Disability Benefits, Life Insurance, Transit, and Tuition Reimbursement. All benefits provided are in accordance with the terms of the current plan and may be subject to future change. Benefits may vary depending on location/state regulations. More information can be received by the recruiter or Human Resources.
An employee in this position can expect an annual starting rate between $350,000 - $400,000 depending on experience, seniority, geographic locations, and other factors permitted by law.
As the organization continues to modernize its retail, digital, cloud, and enterprise technology platforms, we require a transformational security leader capable of driving the next phase of cybersecurity maturity across the group. This role is significantly broader than traditional cybersecurity operations and compliance management. The CISO will play a critical leadership role in helping the organization securely navigate large-scale technology transformation, AI adoption, cloud modernization, evolving regulatory requirements, and an increasingly sophisticated global threat landscape.
The CISO will be responsible for establishing and leading a group-wide cybersecurity strategy across both US and UK operations, driving consistency in governance, policy, standards, risk management, incident response, and operational security practices. This includes developing enterprise security standards, modernizing security architecture, implementing Zero Trust principles, strengthening cloud and identity security, improving business resilience, and reducing legacy technology and operational risk across the environment.
Cybersecurity has evolved far beyond traditional perimeter defense and audit-driven compliance programs. We now face a rapidly changing threat environment driven by AI-enabled attacks, ransomware, cloud complexity, third-party supply chain risk, increasing regulatory scrutiny, and growing operational dependence on digital platforms. As a result, the CISO must operate not only as a security leader, but also as a strategic business partner and an agent for transformation.
This role will require close collaboration with executive leadership, technology teams, legal, compliance, operations, and external partners to ensure security is embedded into the organization’s strategy and business operations. Given the strategic importance of cybersecurity and enterprise risk management to the organization, the CISO role will maintain a regular reporting cadence with the Board Risk Committee and will be responsible for providing ongoing updates related to cybersecurity posture, operational risk, regulatory compliance, major initiatives, emerging threats, and overall enterprise resilience.
Benefits for those who are scheduled to work less than 20 hours per week include Employee Discount, EAP and Sick Pay. For those scheduled to work between 20 and 29.99 benefits include Employee Discount, EAP, Sick Pay and Paid Time Off including paid Maternity and Parental Leave, Company Paid Holidays, Transit and 401(k) with Company Match. For those scheduled to work 30 hours or more benefits include Employee Discount, EAP, Sick Pay and Paid Time Off including paid Maternity and Parental Leave, Company Paid Holidays, 401(k) with Company Match, Comprehensive Health Benefits (Medical, Dental and Vision), Healthcare and Dependent Care Spending Accounts, Healthcare Spending Account, Disability Benefits, Life Insurance, Transit, and Tuition Reimbursement. All benefits provided are in accordance with the terms of the current plan and may be subject to future change. Benefits may vary depending on location/state regulations. More information can be received by the recruiter or Human Resources.
An employee in this position can expect an annual starting rate between $350,000 - $400,000 depending on experience, seniority, geographic locations, and other factors permitted by law.
Salary : $350,000 - $400,000