Security architect Jobs in Chicago, IL

Data Security Architect page is loaded## Data Security Architectlocations : Rochester, New York : Chicago, Illinois : San Antonio, Texas : Canandaigua, New Yorktime type : Full timeposted on : Publicado hoyjob requisition id : R-38810

• Descripcin del Puesto de Trabajo
• Company Summary
• Were the producers, creators and marketers of beer, wine and spirits brands that people love. At Constellation Brands, were driven to push boundaries and think beyond today to deliver products and experiences that resonate now, tomorrow and well into the future. Because of this approach, were the fastest-growing large CPG company in the U.S. at retail, with operations in the U.S., Mexico, New Zealand and Italy. Our premium portfolio of iconic brands like Corona Extra, Modelo Especial, Kim Crawford, Robert Mondavi, The Prisoner, High West Whiskey, and more drive industry-leading growth for us today. But were just getting started. Our ability to stay on the forefront of consumer trends has fueled our success since our founding in 1945 and will guide us in creating the next generation of products and experiences Worth Reaching For.
• Position Summary
• The Data Security Architect is responsible for building a data protection program, promoting compliance through the implementation of data protection tools, technologies, strategies and standards throughout the IT organization to ensure confidential data is properly secured; proprietary information and applications are protected; and organizational processes, systems, and assets are safeguarded.This role is responsible for shaping the strategy and architecture for securing sensitive dataranging from consumer insights and financial data to proprietary formulations and supply chain intelligencewhile enabling business agility and innovation. The architect will collaborate closely with IT and the business to embed security by design across all data platforms and processes.The Data Security Architect is responsible for both technical development and implementation of best practices for data handling and protection which meets compliance and regulatory requirements. The individual will partner closely with stakeholders across the organization to develop and implement a structured process to ensure the confidentiality, integrity and availability of organizational data. Thus, this role requires a detail-oriented individual with a strong understanding of data security toolsets and governance processes in a modern IT organization as well as the ability to clearly communicate changing data protection practices.This roles activities include but are not limited to the design, implementation, maintenance, and internal education of : data governance materials, data classification, data loss prevention (DLP), data rights management, data encryption, and data lifecycle phases. Lastly, the role will serve as the owner of Constellation Brands ITs data protection practices and will be responsible for the long-term security and safety of enterprise data. The ideal candidate is a thought leader who can bring people together to ensure technology, people, and process are working together to create a strong data protection environment.
• Responsibilities
• Technical
• Actively monitor and assess control effectiveness, identify weaknesses, and suggest improvements to enhance our security posture and ensure regulatory compliance standards across the IT / OT environments.
• Familiarity with implementing, administering and reporting out of known data protection tools, such as the Microsoft E5 stack, endpoint, network, data security posture management (DSPM), data catalog or other complimentary suites.
• Experience with privacy-enhancing technologies, data encryption, access controls, security incident response, and data governance tools.
• Architect data protection strategies for on-prem, hybrid, and multi-cloud environments (Azure, AWS, GCP), including encryption, tokenization, and key management.
• Implement secure integration patterns for data movement between on-premise systems, cloud platforms, and external partners.
• Manage storage, access, and processing of confidential data including personal employee information by leveraging data protection frameworks.
• Monitor external privacy threats and trends, advising stakeholders on appropriate responses and adjustments to the privacy program.
• Governance
• Manage the organizations data protection program
• Monitor compliance with information security policies and regulations and prepare regular reports for senior management and applicable regulatory bodies.
• Regularly meet with CISO and other key stakeholders to provide data risk assessments and mitigating steps to ensure data protection compliance.
• Partner with the Legal and Privacy teams, interpreting and implementing requirements of privacy related regulations (GDPR, CCPA / CPRA, New Zealand Privacy Act, Australia Privacy Act, etc.) that outline data protection requirements.
• Develop and communicate changes in data protection policy, ensuring all relevant employees are aware of and trained on new data practices.
• In-depth understanding of changing organizational, regulatory, and legal requirements around data protection and regularly updating and communicating organization policies to reflect these changes.
• Collaborate with business units to facilitate privacy risk assessments, ensuring risks are identified, documented, and mitigated appropriately.
• Define and oversee legal and regulatory assessments, including reporting and remediation of non-compliance findings.
• Liaise with enterprise architecture and IT teams to embed privacy-by-design principles into systems and processes, ensuring privacy requirements are built into technical architectures.
• Manage data privacy incidents and breaches, ensuring timely containment, investigation, and reporting to protect data and organizational reputation.
• Develop and maintain technology governance frameworks within both IT and OT environments and ensuring alignment with organizational goals.
• Minimum Qualifications
• Bachelors degree in cybersecurity. information systems, or a related field, or equivalent combination of education and experience.
• 8+ of experience in data privacy, data protection, compliance, or risk management.
• Experience administering and optimizing data management tools such as Microsoft E5 stack, Netspoke, Cyera, Atlan, OneTrust or equivalent technologies.
• Strong understanding of global and regional data protection laws and regulations, such as GDPR, CCPA, HIPAA, and other relevant privacy frameworks.
• Strong understanding of technical and operational risks associated with data privacy, management and protection.
• Familiarity with privacy management frameworks (e.g., NIST Privacy Framework, ISO / IEC 27701) and experience developing and implementing privacy policies.
• Experience or advanced knowledge of privacy regulations and standards (e.g., GDPR, CCPA, ISO 27701) and IT / OT security frameworks / standards (e.g., CIS, NIST CSF, NIST 800-53, PCI DSS, SOX, IEC 62443)
• Professional privacy or compliance certifications such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), or Certified Information Systems Auditor (CISA) are preferred.
• Experience managing third-party risk assessments and negotiating privacy and data protection clauses in vendor contracts.
• Excellent written and verbal communication skills, with the ability to explain complex privacy concepts to both technical and non-technical audiences.
• Strong critical thinking and problem-solving skills, with a keen attention to detail and the ability to manage multiple priorities under tight deadlines.
• Though not required, the ability to speak fluent Spanish is a benefit.
• ADA Physical / Mental / Workplace Requirements
• Ability to travel domestically and internationally
• Occasional lifting up to 40lbs

#J-18808-Ljbffr