**Education - It's in Our DNA** At Barnes & Noble Education (“BNED”) we are dedicated to making tomorrow a better, more inclusive, and smarter world by servicing all who work in education. As a leading solutions provider for the education industry, we are committed to driving affordability, accessibility, and achievement at hundreds of academic institutions nationwide by ensuring millions of students are equipped for success in the classroom and beyond. Together, our teams work to elevate lives through education. To support our mission, we are seeking a **Vice President, Associate General Counsel and Chief Privacy Officer** to lead our organization’s privacy, data protection, and compliance strategies. This high-impact role ensures compliance with privacy laws (e.g., CCPA, GDPR, HIPAA), data security standards, and broader regulatory requirements. Additionally, the VP will address legal and compliance risks associated with emerging technologies, such as artificial intelligence, while driving privacy and ethical data use initiatives. Collaborating with key stakeholders, this position will implement strategies to ensure robust data governance and security across the organization. **How You'll Make an Impact** **Legal Counsel Duties:** + Advise on North American privacy and data protection laws, including CCPA, as amended, PIPEDA, HIPAA, and GDPR and other relevant laws, rules and regulations pertaining to consumer privacy, data security and emerging technologies such as artificial intelligence. + Provide legal guidance on AI-related issues, including compliance with laws regulating automated decision-making, algorithmic transparency, and the use of artificial intelligence for consumer profiling and inference generation. + Draft, review, and negotiate legal agreements with privacy and artificial intelligence implications, including data protection agreements, data protection impact assessments, technology contracts, artificial intelligence development/vendor agreements and other relevant documents + Comprise part of triage incident response team and manage responses to cybersecurity incidents, investigations, and compliance matters in collaboration with the Chief Information Officer, Chief Information Security Officer, and Information Security Team. + Monitor and analyze legal developments in privacy and artificial intelligence to identify potential risks and opportunities, ensuring the organization remains proactive in adapting to regulatory changes. + Develop and update corporate policies related to privacy, cybersecurity, records retention, the ethical use of artificial intelligence technologies, and data governance. **Chief Privacy Officer Duties:** + Lead the development and execution of the company’s privacy program to ensure compliance with applicable laws and prepare for emerging regulatory changes. + Conduct privacy impact assessments (PIAs), artificial intelligence impact assessments (AIAs), and data mapping exercises to evaluate and mitigate privacy and AI-related risks. Develop and oversee the implementation of frameworks for privacy-by-design and artificial intelligence governance to ensure ethical and compliant use of artificial intelligence technologies in business operations. + Manage data subject rights requests (DSRs), including requests for access, correction, and deletion of personal data, in accordance with U.S. privacy laws. + Assist in internal investigations and responses to data breaches or privacy incidents, including breach notifications as required under applicable laws. + Partner with business units to embed privacy-by-design principles into operations, technologies, and new initiatives. + Monitor and analyze trends in privacy and artificial intelligence enforcement and regulations to shape the company’s compliance strategy. + Collaborate with IT, HR, and other teams to maintain up-to-date records of processing activities and ensure consistent data protection and risk management practices. **Leadership & Collaboration:** + Serve as the primary point of contact for privacy and AI-related inquiries, including regulatory audits and investigations. + Deliver training programs to ensure business teams remain informed on privacy, artificial intelligence best practices, and regulatory developments. + Work with internal teams to assess and mitigate privacy, cybersecurity, and artificial intelligence related risks while ensuring operational efficiency. + Perform additional responsibilities as required to support legal and business goals. **What You'll Need to Succeed** **Education:** + Juris Doctor (JD) degree from an accredited law school. + Active membership in at least one U.S. state bar. + Certified Information Privacy Professional/United States (CIPP/US) or equivalent certification preferred. + Additional certifications or coursework in artificial intelligence governance, data analytics, or related fields are a plus. **Experience:** + 8+ years of experience in privacy law, corporate legal matters, and regulatory compliance. + Expertise in North American privacy frameworks and standards, including CCPA, as amended, PIPEDA, HIPAA, and PCI-DSS, with a strong track record of managing privacy compliance programs for U.S.-based organizations. + Familiarity with global privacy frameworks, such as GDPR and DPDP, as they impact U.S. and India operations. + Proven background in drafting and negotiating contracts with privacy and data security considerations. + Experience advising on legal and regulatory implications of emerging technologies, including artificial intelligence, automated decision-making, and data analytics. + Experience managing compliance with laws related to artificial intelligence, consumer profiling, and algorithmic decision-making. **Skills & Competencies:** + Experienced and effective attorney with strong executive presence and exceptional client service skills. + Demonstrates sound judgment and the ability to deliver creative, constructive solutions under tight time constraints while influencing decisions through informal authority and collaboration. + Strong business acumen, work ethic, and adaptability to quickly learn emerging technologies, including artificial intelligence, IT infrastructure, information security forensics, payment card processing systems, and IT governance. + Excellent written and verbal communication skills, with strong interpersonal abilities and a commitment to the highest professional standards, ethics, and integrity. **_Note: This is a hybrid role requiring in-office attendance three (3) days per week. Applicants should be within a commutable distance to the Basking Ridge, NJ area._** **How We Elevate Our Employees** We believe your success is our success, so our benefits package is designed specifically to support you in every aspect of your life. At BNED, we offer a variety of programs and resources to support the physical, mental, and financial well-being of our employees by offering a competitive total rewards package for full-time employees, which includes medical, dental, and vision plans, 401k, life insurance, commuter benefits, paid time off with paid holidays, and a broad range of other benefits. **The hiring rate for this position is $250,000-$280,000 and is eligible for bonus and equity.** The actual pay may vary based on factors such as professional experience, skills, and competencies. **Our Commitment to Diversity, Equity, & Inclusion** At Barnes & Noble Education we empower everyone. Our mission is to support students, faculty, and schools, serving as a catalyst to meet the evolving needs of the education system and a new generation of students. That starts with fostering an environment for our employees where diversity and individuality is celebrated. Barnes & Noble Education is an Equal Employment Opportunity and Affirmative Action Employer committed to diversity in the workplace. In the spirit of inclusivity, qualified applicants will receive consideration for employment without regard to age, ethnicity, ability, gender, gender expression, gender identity, nationality, protected veteran status, race, religion or sexual orientation. _\#INDBNED_ **Job Locations** _US-NJ-BASKING RIDGE_ **ID** _2025-16683_ **Category** _Legal_ **Position Type** _Regular FT_