Job Description
Company Summary
We’re the producers, creators and marketers of beer, wine and spirits brands that people love. At Constellation Brands, we’re driven to push boundaries and think beyond today to deliver products and experiences that resonate now, tomorrow and well into the future. Because of this approach, we’re the fastest-growing large CPG company in the U.S. at retail, with operations in the U.S., Mexico, New Zealand and Italy. Our premium portfolio of iconic brands like Corona Extra, Modelo Especial, Kim Crawford, Robert Mondavi, The Prisoner, High West Whiskey, and more drive industry-leading growth for us today. But we’re just getting started. Our ability to stay on the forefront of consumer trends has fueled our success since our founding in 1945 and will guide us in creating the next generation of products and experiences Worth Reaching For.
Position Summary
The Data Security Architect is responsible for building a data protection program, promoting compliance through the implementation of data protection tools, technologies, strategies and standards throughout the IT organization to ensure confidential data is properly secured; proprietary information and applications are protected; and organizational processes, systems, and assets are safeguarded.
This role is responsible for shaping the strategy and architecture for securing sensitive data—ranging from consumer insights and financial data to proprietary formulations and supply chain intelligence—while enabling business agility and innovation. The architect will collaborate closely with IT and the business to embed “security by design” across all data platforms and processes.
The Data Security Architect is responsible for both technical development and implementation of best practices for data handling and protection which meets compliance and regulatory requirements. The individual will partner closely with stakeholders across the organization to develop and implement a structured process to ensure the confidentiality, integrity and availability of organizational data. Thus, this role requires a detail-oriented individual with a strong understanding of data security toolsets and governance processes in a modern IT organization as well as the ability to clearly communicate changing data protection practices.
This role’s activities include but are not limited to the design, implementation, maintenance, and internal education of: data governance materials, data classification, data loss prevention (DLP), data rights management, data encryption, and data lifecycle phases. Lastly, the role will serve as the owner of Constellation Brands IT’s data protection practices and will be responsible for the long-term security and safety of enterprise data. The ideal candidate is a thought leader who can bring people together to ensure technology, people, and process are working together to create a strong data protection environment.
Responsibilities
Technical
Actively monitor and assess control effectiveness, identify weaknesses, and suggest improvements to enhance our security posture and ensure regulatory compliance standards across the IT/OT environments.
Familiarity with implementing, administering and reporting out of known data protection tools, such as the Microsoft E5 stack, endpoint, network, data security posture management (DSPM), data catalog or other complimentary suites.
Experience with privacy-enhancing technologies, data encryption, access controls, security incident response, and data governance tools.
Architect data protection strategies for on-prem, hybrid, and multi-cloud environments (Azure, AWS, GCP), including encryption, tokenization, and key management.
Implement secure integration patterns for data movement between on-premise systems, cloud platforms, and external partners.
Manage storage, access, and processing of confidential data including personal employee information by leveraging data protection frameworks.
Monitor external privacy threats and trends, advising stakeholders on appropriate responses and adjustments to the privacy program.
Governance
Manage the organization’s data protection program
Monitor compliance with information security policies and regulations and prepare regular reports for senior management and applicable regulatory bodies.
Regularly meet with CISO and other key stakeholders to provide data risk assessments and mitigating steps to ensure data protection compliance.
Partner with the Legal and Privacy teams, interpreting and implementing requirements of privacy related regulations (GDPR, CCPA/CPRA, New Zealand Privacy Act, Australia Privacy Act, etc.) that outline data protection requirements.
Develop and communicate changes in data protection policy, ensuring all relevant employees are aware of and trained on new data practices.
In-depth understanding of changing organizational, regulatory, and legal requirements around data protection and regularly updating and communicating organization policies to reflect these changes.
Collaborate with business units to facilitate privacy risk assessments, ensuring risks are identified, documented, and mitigated appropriately.
Define and oversee legal and regulatory assessments, including reporting and remediation of non-compliance findings.
Liaise with enterprise architecture and IT teams to embed privacy-by-design principles into systems and processes, ensuring privacy requirements are built into technical architectures.
Manage data privacy incidents and breaches, ensuring timely containment, investigation, and reporting to protect data and organizational reputation.
Develop and maintain technology governance frameworks within both IT and OT environments and ensuring alignment with organizational goals.
Minimum Qualifications
Bachelor’s degree in cybersecurity. information systems, or a related field, or equivalent combination of education and experience.
8+ of experience in data privacy, data protection, compliance, or risk management.
Experience administering and optimizing data management tools such as Microsoft E5 stack, Netspoke, Cyera, Atlan, OneTrust or equivalent technologies.
Strong understanding of global and regional data protection laws and regulations, such as GDPR, CCPA, HIPAA, and other relevant privacy frameworks.
Strong understanding of technical and operational risks associated with data privacy, management and protection.
Familiarity with privacy management frameworks (e.g., NIST Privacy Framework, ISO/IEC 27701) and experience developing and implementing privacy policies.
Experience or advanced knowledge of privacy regulations and standards (e.g., GDPR, CCPA, ISO 27701) and IT/OT security frameworks/standards (e.g., CIS, NIST CSF, NIST 800-53, PCI DSS, SOX, IEC 62443)
Professional privacy or compliance certifications such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), or Certified Information Systems Auditor (CISA) are preferred.
Experience managing third-party risk assessments and negotiating privacy and data protection clauses in vendor contracts.
Excellent written and verbal communication skills, with the ability to explain complex privacy concepts to both technical and non-technical audiences.
Strong critical thinking and problem-solving skills, with a keen attention to detail and the ability to manage multiple priorities under tight deadlines.
Though not required, the ability to speak fluent Spanish is a benefit.
ADA Physical/Mental/Workplace Requirements
Ability to travel domestically and internationally
Occasional lifting up to 40lbs
Sitting, working at desk/personal computer for extended periods of time
Primary work environment is professional corporate office
Location
Rochester, New YorkAdditional Locations
Canandaigua, New York, Chicago, Illinois, San Antonio, TexasJob Type
Full timeJob Area
Information TechnologyThe salary range for this role is:
$114,300.00 - $207,800.00This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. Our compensation is based on cost of labor. For remote locations or positions open to multiple locations, the pay range may reflect several US geographic markets, including the lowest geographic market minimum to the highest geographic market maximum. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee’s pay position within the salary range will be based on several factors including, but not limited to, the prevailing minimum wage for the location, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, shift, travel requirements, sales or revenue-based metrics, any collective bargaining agreements, and business or organizational needs. At Constellation Brands, it is not typical for an individual to be hired at the high end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate. We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.
Equal Opportunity
Constellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).