Posted: Thursday, September 28, 2017 11:19 PM
Job DescriptionPosition SummaryThe Sr. Information Security Risk Analyst's responsibilities include identifying, evaluating and reporting on information security risks in a manner that meets Constellation Brands' regulatory and other compliance requirements. The Sr. Information Security Risk Analyst will work proactively the Information Security Risk Management team, as well as with various constituents across business units, information technology, information security and other internal departments and organizations to implement controls, processes and best practices that meet Constellation Brands' defined policies and standards for information security and risk management.In addition, the Sr. Information Security Risk Analyst is responsible for aiding the Information Security Risk Management team in the management of Constellation Brands' information security program, which consists of the coordinated planning, management and execution of multiple related projects that are directed toward the same strategic, business or organizational objectives.ResponsibilitiesInformation Security Risk Management* Work to further implement and maintain an information security risk management program based on industry recognized risk management framework.* Work with project teams, IT, business unit constituents and other stakeholders to conduct information asset and application risk assessments including for third-party vendors, ensuring the appropriate balance of risk reduction, cost, resources and customer experience.* Perform information security risk-related activities including budgeting, planning, testing, reporting and recommending appropriate remediation measures.* Monitor information security risk mitigation and coordination of policy and controls, to ensure that effective remediation steps are being taken.* Work with Manager, Information Security Risk Management to benchmark information security risk management practices of other companies ? particularly those in related industries or with similar business models ? maintain an up-to-date understanding of industry best practices, and monitor the legal and regulatory environment for developments that could require changes to established policies and practices.* Create, disseminate and (as required) update documentation of Constellation Brands' matrix of identified information security risks and controls.* Work directly with IT, business units and other internal departments to facilitate information security risk analysis and risk management processes, identify acceptable levels of residual risk, and establish roles and responsibilities related to information classification and protection.* Coordinate and oversee technical risk assessments such as penetration testing, security assessments, and other related activities performed by internal audit and third-parties.* Coordinate and oversee information security and risk management projects with personnel from IT, business units and other stakeholders.* Review risk assessments and analyze the effectiveness of information security control activities and report on them, providing actionable recommendations.* Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.Information Security Program Management* Collaborate with others and lead the planning, implementation, and maintenance of the CBI information security program, based on industry recognized information security framework, best practices, and compliance standards such as SOX and PCI.* Coordinate and provide appropriate, agreed upon reporting, metrics, maturity, benchmarking and other periodic indicators of the information security program's successes and failures.* Work with Manager, Information Security Risk Management to ensure that information security project goals are accomplished and in line with overall business, Information Security and IT objectives.Information Security* Complete tasks to ensure the security of CBI information assets against unauthorized access, modification or destruction.* Utilize risk assessment results and other gap analyses to consult with the business, IT, and Information Security to develop new security solutions and controls.* May conduct security architectural reviews on projects, applications and initiatives that ensure that corporate security policy, standards and guidelines are adhered to.* Completion of miscellaneous tasks to fulfill the mission and vision of the overall CBI information security program.Minimum Qualifications* Bachelor's degree in Information Systems, Business or related program preferred, or equivalent work experience in an information security or similar information technology environment.* A minimum of 4 - 6 years of experience in the field of information technology, with a minimum of 2 years in information security, with a focus in Risk Management highly preferred.* Strong working knowledge of information systems security standards and practices.* Experience with one or more of the following: risk assessments, application security assessments, information security/risk management/compliance frameworks such as NIST, ISO, PCI, SOX, etc., security monitoring, development of policies and procedures, Active Directory, cryptography/PKI, database security, security awareness, or other related information security subject areas.* Possession of security certification(s) highly preferred: CISSP, SSCP, CISM, CISA, Security+, GSEC, MCSE.* Must be available 24x7x365 and able to quickly respond to problems affecting system security, occasionally requiring work outside normal business hours (ie weekends, evenings or early mornings).Competencies* Customer Focus* Exceptional communication skills both written and verbal* Teamwork, collaboration ability to build relationships* Take initiative and focus on results* Exceptional planning and organizational skills* Must be passionate about information security* Self-starter and ability to work independently or as part of a teamPhysical Requirements/Work EnvironmentMust be at least 21 years of age. Must be able to sit and/or stand for long periods of time and work on a computer for extended periods. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.LocationVictor, New YorkAdditional LocationsJob TypeFull timeJob AreaInformation TechnologyEqual OpportunityConstellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).SDL2017.
• Location: Rochester, Victor
• Post ID: 31612657 rochester