Identity Security Architect

Position Overview

At Constellation Brands – renowned for producing, creating and marketing beer, wine, and spirits that people love – the Identity Security Architect plays a critical role in our converged security capabilities focused on identity management. You will support our information security program alongside teams in security architecture, operations, OT/ICS, GRC, technology infrastructure and networking, ensuring our IDM strategy remains on the forefront of industry standards. This position is based in Rochester, New York, with additional opportunities in Canandaigua, Chicago, and San Antonio.

Key Responsibilities

• Serve as a thought leader and hands-on expert for security identity management (IDM).
• Collaborate with senior security leaders to build IDM strategy, set milestones, and communicate results to executives.
• Lead IDM security engineering projects including tool evaluations, deployments, user experience improvements, and mentoring team members.
• Design and implement security processes aligned with top standards (ISO/IEC, NIST, MITRE, etc.) and perform security tool operations.
• Conduct secure design and architecture reviews with effective threat modeling and establish security metrics with process automation.
• Partner with SecOps and OT/ICS engineers to evaluate and deploy best-in-class security solutions while maintaining detailed runbooks.
• Be available for on-call support 24/7/365.

Required Qualifications

• Bachelor’s degree in Cybersecurity, Information Assurance, Computer/Systems/ Electrical Engineering, Management Information Systems or a similar technical field with 8+ years of relevant experience and a CISSP (or equivalent) certification.
• Strong understanding of enterprise identity security architecture and engineering concepts.
• Proven ability to think like a hacker with hands-on experience improving IDM user experience and optimizing security tool operations.
• In-depth knowledge of authentication methods (MFA, SSO, SAML, OIDC, OAuth, FIDO, PKI, biometric and risk-based authentication) and access management including Privileged Access Management, Active Directory integration, and various PAM solutions.
• Experience in identity governance such as onboarding applications, managing user access campaigns, and automating critical workflows along with familiarity in regulatory compliance (e.g., SOX).
• Ability to perform incident response duties and communicate effectively with both technical and non-technical stakeholders.
• Highly organized and detail oriented with the capacity to work under strict deadlines and manage multiple projects concurrently.

Preferred Qualifications

• Experience in security operations and threat intelligence.
• Ability to partner internationally with senior security and enterprise teams.
• A self-starter with strong initiative and conviction.

Benefits & Perks

• Compensation: $114,300.00 - $207,800.00
• Comprehensive benefits package including paid time off
• Medical, dental, and vision insurance
• 401(k) retirement plan
• Other benefits to eligible employees