The Senior Information Security Risk Analyst's responsibilities include identifying, evaluating and reporting on information security risks in a manner that meets Constellation Brands' regulatory and other compliance requirements to ensure CBI information assets are guarded against unauthorized access, modification or destruction. The Security Risk Analyst will work proactively with various constituents within and across business units, information technology, information security and other internal departments and organizations to implement and support controls, processes and best practices that meet Constellation Brands' defined policies and standards for information security and risk management.
We are hiring two Senior Information Security Analysts.
Assist in defining, building and implementing a process to assess risks and the state of controls for company-wide information system/technology operations (data centers, application systems, development efforts, computing environments/technologies, and telecommunications).
Lead and support initiatives to implement and maintain an information security risk management program based on industry recognized risk management framework including a risk register for tracking of risks.
Assists in establishing metrics and regular reporting mechanisms (data analytics) for assessing and measuring security and risk across the organization.
Thinks strategically and communicates the risks and impact of IT and finance controls to technical and non-technical managers at various levels of the Company.
May conduct security architectural reviews on projects, applications and initiatives that ensure that corporate security policy, standards and guidelines are adhered to.
Coordinate alignment of risk register with IT Controls and Compliance, Security Operations, and other Information Technology and Business functions related to risk reporting.
Work with project teams, IT, business unit constituents and other stakeholders to conduct information asset and application risk assessments including for third-party vendors, ensuring the appropriate balance of risk reduction, cost, resources and customer experience.
Perform information security risk-related activities including budgeting, planning, testing, reporting and recommending appropriate remediation measures.
Maintain an up-to-date understanding of security industry best practices and monitor the legal and regulatory environment for developments that could require changes to established policies and practices.
Coordinate and oversee technical risk assessments and penetration testing, security assessments, and other related activities performed by internal audit and third parties.
Researches and compiles data relating to specific risk projects, platforms and data and completes risk assessments and analyze the effectiveness of information security control activities and report on them, providing actionable recommendations.
Follow up on risks and deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate tracking, and remediation measures are being monitored and obtained by appropriate parties.
Define and lead with other team members Security Awareness based training initiatives, including New Hire Training, Annual Employee training, and targeted security training for specific initiatives.
Bachelor's degree in Information Systems, Business or related program preferred, or equivalent work experience in an information security or similar information technology environment.
A minimum of 6 - 10 years of experience in the field of information technology, with a minimum of 4 years in information security, with a focus in Risk Management highly preferred.
Strong working knowledge of information systems security standards and practices.
Experience with one or more of the following: risk assessments, application security assessments, information security/risk management/compliance frameworks such as NIST, ISO, PCI, SOX, etc., security monitoring, development of policies and procedures, security awareness, or other related information security subject areas.
Possession of security certification(s) highly preferred: CISSP, SSCP, CISM, CISA, Security+, GSEC, MCSE.
Willingness and ability to take a stand or advocate a position that may be unpopular with others.
Facilitates meetings with management and conducts various presentations.
Prepares and submits high-quality assessments, reports and analysis to Company management.
Core Competencies to be Successful
Teamwork and Collaboration
Integrity and Trust
Challenging the Process
Attention to Detail
Initiative and Drive
Occasional lifting up to 25 lbs.
Sitting, working at desk/personal computer for extended periods of time.
Primary work environment is professional corporate office.
Ability to travel commercially both domestically and internationally.
Victor, New York
Constellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).