Position Summary

The Vice President, Chief Information Security Officer (CISO) will manage CBIybersecurity risk in alignment with overall business goals and strategy and will provide effective governance, operational efficiency, performance monitoring and measurement of risk and cyber capabilities. A key element of this role is working with executive management to determine acceptable levels of risk for the organization. She or he must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode. This role is responsible for establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected.

Responsibilities

The main objective for the CISO is to lead, develop and execute the vision and strategy for the CBI cybersecurity organization while also leading the delivery of business relevant cyber services. This position requires a visionary leader with sound knowledge of business management and a working knowledge of information security technologies

Strategic Planning:

As a leading strategic planner for cybersecurity within CBI, the CISO will be responsible for driving cybersecurity strategy and making global cybersecurity platform and architectural decisions.

• Provide the vision and leadership required to develop and execute the CBI cybersecurity strategy and roadmap to guide the ongoing direction of CBIybersecurity posture.
• Understand sourcing models and leveraging strategic partnerships to advance CBIyber capabilities in the most effective and efficient manner.

Compliance:

The CISO will be responsible for ensuring alignment and compliance with common cybersecurity management frameworks, regulatory requirements and industry leading practices.

• Measure compliance with policy and effectiveness of cybersecurity controls as part of assessing the overall cybersecurity risk posture of CBI.
• Ensure that cybersecurity legal and regulatory requirements are addressed and implemented globally as required.

Proactive Leadership:

The CISO will operate as an evangelist of cybersecurity internally and externally to develop, maintain and enhance relationships in order to drive consistency across CBI and to implement innovate cybersecurity solutions designed to enable the business:

• Develop and maintaining strong internal and external relationships to influence policy, standards, programs and capabilities to build and sustain a security conscious culture which considers cyber risk across the fabric of the organization.
• Serve as a spokesperson for cybersecurity at CBI internally and externally across the industry.
• Collaborate with the Chief Technology Officer to ensure cybersecurity considerations are embedded into mobility and innovation initiatives.
• Leverage cybersecurity investments to enhance the CBI brand, customer trust, strategy and business operations.
• Provide regular and meaningful reporting to executive leadership on cyber risks and CBIyber risk posture.

Operations:

As part of the Leadership team, the CISO is responsible for coordinating the day-to-day functions of the cybersecurity function.

• Lead the development of cybersecurity policies and standards that align to CBIecurity program and reflect the unique business needs and regulatory requirement of CBI while keeping pace with changes in business objectives, technology, regulation, industry practices and security threats.
• Lead development of CBIybersecurity risk profile and securing the investment necessary to mitigate overall risk to an acceptable level.
• Lead efforts to build effective cybersecurity controls, programs, and capabilities to improve the overall global cybersecurity posture of CBI and keep up with the evolving needs of the business.
• Lead development and delivery of a responsive and effective cybersecurity operations capability that will identify, contain and resolve cybersecurity incidents by minimizing business impact and meeting compliance and reporting obligations.

Talent & Resource Management:

The CISO will lead efforts to identify talent and develop a highly qualified staff of cybersecurity professionals to meet organizational need.

• Communicate with, inspiring and motivating all levels of staff.
• Manage business and other domain stakeholders.
• Develop future leaders in cybersecurity by providing guidance, mentoring and formal training opportunities.

Minimum Qualifications

• Bacheloregree in Computer Science, Information Systems, Engineering, Business Administration or a related field is required.
• Minimum of 15 years of relevant work experience in cybersecurity policy, standards, architecture, technology and programs; with 4 years in a senior leadership.
• Minimum of 1 industry-recognized information security management certifications is required; Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC).

Preferred Qualifications

• Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.
• Strong proficiency with common cybersecurity management frameworks, regulatory requirements, and industry leading practices.
• Experience with contract and vendor negotiations.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
• Project management skills: financial/budget management, scheduling and resource management.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• High degree of initiative, dependability and ability to work with little supervision

Physical Requirements/Work Environment

• Must be at least 21 years of age.
• Must be able to sit and/or stand for long periods of time and work on a computer for extended periods. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Location Victor, New York

Additional Locations Chicago, Illinois

Job Type Full time

Job Area Information Technology

Equal Opportunity

Constellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).