Senior IT Security Risk Analyst

Constellation Brands | Victor, NY

Posted Date 10/30/2021

Position Summary:

The Senior IT Security Risk Analyst will partner closely with stakeholders across the organization to develop and implement a structured process to assess and manage IT Risk. The Senior IT Security Risk Analyst’s responsibilities include identifying, evaluating, and reporting on information security risks to ensure CBI information assets are guarded against unauthorized access, modification, or destruction.


  • Assist with defining and implementing a program for analyzing, monitoring, and reporting the status of IT risk across the organization
  • Monitor and drive the prioritization of IT and cyber security controls deficiencies that lead to increased risk to the organization
  • Lead the development of a risk register and supporting processes to effectively manage risk remediation and mitigation plans
  • Support the development of metrics for assessing and measuring risk across the organization
  • Provide guidance to ensure IT risk management activities are being documented and consistently performed
  • Work with colleagues in Enterprise Risk Management, Internal Audit, and Information Security to ensure policy/procedure and control standardization
  • Develop and maintain a risk assessment/security review process for new and existing third-party vendors and SaaS applications
  • Work with project teams, IT, business unit contacts and other stakeholders to conduct information asset and application risk assessments
  • Maintain an up-to-date understanding of security industry best practices and monitor the legal and regulatory environment for developments that could require changes to established policies and practices

Core Competencies to be Successful

  • Knowledge/Expertise
  • Teamwork and Collaboration
  • Integrity and Trust
  • Communication/Influence
  • Project Management/Planning
  • Challenging the Process
  • Attention to Detail
  • Initiative and Drive

Recommended Qualifications:

  • BS in Computer Science, Management of Information Systems, Information Security/Assurance, Internal Audit, or equivalent experience
  • 5-8 years of experience in Information Security, Risk Management, Audit, or similar role
  • Experience with one or more of the following: risk assessments, application security assessments, vendor risk assessments, control gap analysis, risk remediation and mitigation, risk analysis
  • Possession of security certification(s) desirable: CRISC, CISSP, SSCP, CISM, CISA, Security+
  • Experience and strong working knowledge with IT and security frameworks/standards such as CIS, NIST CSF, NIST 800-53, PCI DSS, SOX
  • Strong verbal and written communication skills and the ability to influence significant change
  • The ability to interact with key stakeholder to ensure a common understanding and alignment of priorities based on risk

ADA Physical/Mental/Workplace Requirements:

  • Occasional lifting up to 25 lbs
  • Sitting, working at desk/personal computer for extended periods of time
  • Primary work environment is professional corporate office
  • Ability to travel commercially and internationally.


Victor, New York

Additional Locations

Chicago, Illinois, Dallas, Texas, Virtual - US

Job Type

Full time

Job Area

Information Technology

Equal Opportunity

Constellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).

Employment Type
Full Time

Share this job