Analyst, Sr. Information Security Risk Management

Job Description
Position Summary
The Sr. Information Security Risk Analyst's responsibilities include identifying, evaluating and reporting on information security risks in a manner that meets Constellation Brands' regulatory and other compliance requirements. The Sr. Information Security Risk Analyst will work proactively the Information Security Risk Management team, as well as with various constituents across business units, information technology, information security and other internal departments and organizations to implement controls, processes and best practices that meet Constellation Brands' defined policies and standards for information security and risk management.
In addition, the Sr. Information Security Risk Analyst is responsible for aiding the Information Security Risk Management team in the management of Constellation Brands' information security program, which consists of the coordinated planning, management and execution of multiple related projects that are directed toward the same strategic, business or organizational objectives.
Responsibilities
Information Security Risk Management
Work to further implement and maintain an information security risk management program based on industry recognized risk management framework.
Work with project teams, IT, business unit constituents and other stakeholders to conduct information asset and application risk assessments including for third-party vendors, ensuring the appropriate balance of risk reduction, cost, resources and customer experience.
Perform information security risk-related activities including budgeting, planning, testing, reporting and recommending appropriate remediation measures.
Monitor information security risk mitigation and coordination of policy and controls, to ensure that effective remediation steps are being taken.
Work with Manager, Information Security Risk Management to benchmark information security risk management practices of other companies ? particularly those in related industries or with similar business models ? maintain an up-to-date understanding of industry best practices, and monitor the legal and regulatory environment for developments that could require changes to established policies and practices.
Create, disseminate and (as required) update documentation of Constellation Brands' matrix of identified information security risks and controls.
Work directly with IT, business units and other internal departments to facilitate information security risk analysis and risk management processes, identify acceptable levels of residual risk, and establish roles and responsibilities related to information classification and protection.
Coordinate and oversee technical risk assessments such as penetration testing, security assessments, and other related activities performed by internal audit and third-parties.
Coordinate and oversee information security and risk management projects with personnel from IT, business units and other stakeholders.
Review risk assessments and analyze the effectiveness of information security control activities and report on them, providing actionable recommendations.
Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
Information Security Program Management
Collaborate with others and lead the planning, implementation, and maintenance of the CBI information security program, based on industry recognized information security framework, best practices, and compliance standards such as SOX and PCI.
Coordinate and provide appropriate, agreed upon reporting, metrics, maturity, benchmarking and other periodic indicators of the information security program's successes and failures.
Work with Manager, Information Security Risk Management to ensure that information security project goals are accomplished and in line with overall business, Information Security and IT objectives.
Information Security
Complete tasks to ensure the security of CBI information assets against unauthorized access, modification or destruction.
Utilize risk assessment results and other gap analyses to consult with the business, IT, and Information Security to develop new security solutions and controls.
May conduct security architectural reviews on projects, applications and initiatives that ensure that corporate security policy, standards and guidelines are adhered to.
Completion of miscellaneous tasks to fulfill the mission and vision of the overall CBI information security program.
Minimum Qualifications
Bachelor's degree in Information Systems, Business or related program preferred, or equivalent work experience in an information security or similar information technology environment.
A minimum of 4 - 6 years of experience in the field of information technology, with a minimum of 2 years in information security, with a focus in Risk Management highly preferred.
Strong working knowledge of information systems security standards and practices.
Experience with one or more of the following: risk assessments, application security assessments, information security/risk management/compliance frameworks such as NIST, ISO, PCI, SOX, etc., security monitoring, development of policies and procedures, Active Directory, cryptography/PKI, database security, security awareness, or other related information security subject areas.
Possession of security certification(s) highly preferred: CISSP, SSCP, CISM, CISA, Security+, GSEC, MCSE.
Must be available 24x7x365 and able to quickly respond to problems affecting system security, occasionally requiring work outside normal business hours (i.e. weekends, evenings or early mornings).
Competencies
Customer Focus
Exceptional communication skills both written and verbal
Teamwork, collaboration ability to build relationships
Take initiative and focus on results
Exceptional planning and organizational skills
Must be passionate about information security
Self-starter and ability to work independently or as part of a team
Physical Requirements/Work Environment
Must be at least 21 years of age. Must be able to sit and/or stand for long periods of time and work on a computer for extended periods. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Location
Victor, New York
Additional Locations
Job Type
Full time
Job Area
Information Technology
Equal Opportunity
Constellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).



Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

Sr. Information Security Risk Analyst
New York City, NY Cameron Craig Group
Information Security Risk Manager
New York City, NY IEX Group
Information Security/Risk Assessment Manager
New York City, NY Axelon Services Corporation
Senior Information Security, Risk and Governan...
New York City, NY Deloitte
AVP-Information Security Risk Analyst
New York City, NY Moody's