IT Compliance Manager

Job Description

Company Summary 

We’re the producers, creators and marketers of beer, wine and spirits brands that people love. At Constellation Brands, we’re driven to push boundaries and think beyond today to deliver products and experiences that resonate now, tomorrow and well into the future. Because of this approach, we’re the fastest-growing large CPG company in the U.S. at retail, with operations in the U.S., Mexico, New Zealand and Italy. Our premium portfolio of iconic brands like Corona Extra, Modelo Especial, Kim Crawford, Robert Mondavi, The Prisoner, High West Whiskey, and more drive industry-leading growth for us today. But we’re just getting started. Our ability to stay on the forefront of consumer trends has fueled our success since our founding in 1945 and will guide us in creating the next generation of products and experiences Worth Reaching For. 

Position Summary 

The Manager, IT Compliance is responsible for leading and coordinating the organization’s compliance program for all regulatory obligations outside the scope of Sarbanes-Oxley (SOX). This role ensures that control activities relevant to non-SOX compliance—such as privacy, data protection, operational resilience, and global regulatory requirements—are designed, implemented, and maintained across the enterprise.

This role will work cross-functionally to bring together control programs across business units, IT, privacy, legal, compliance, and other stakeholders, fostering a culture of compliance and continuous improvement. This role is accountable for identifying, evaluating, and reporting on risks related to non-SOX obligations, and for ensuring that controls are effective, documented, and auditable.

A key element of this role is working with executive management to determine acceptable levels of risk and ensure that compliance controls are embedded in all relevant processes and systems. The ideal candidate is a strategic and operational leader who can integrate business, compliance, and regulatory objectives, and who excels at building consensus and driving compliance initiatives across the enterprise.

The ideal candidate is a strategic and operational leader who can bridge the different elements of CBI IT. They must be able to coordinate diverse teams and priorities while maintaining objectivity and a clear understanding of the organization’s goals.

Responsibilities

• Develop and maintain governance frameworks that support non-SOX compliance across all relevant business processes, systems, and applications.
• Serve as the process owner for assurance activities related to the completeness, accuracy, and auditability of data and operations subject to non-SOX regulations.
• Provide regular reporting on non-SOX compliance risks, control effectiveness, and remediation status to internal audit, enterprise risk teams, and senior leadership.
• Collaborate with legal, privacy, compliance, and vendor management teams to ensure regulatory requirements are embedded in contracts and third-party engagements.
• Lead the implementation and continuous improvement of controls relevant to non-SOX compliance, including privacy, data protection, operational resilience, and business process controls.
• Conduct risk assessments and facilitate mitigation planning for processes impacting non-SOX regulatory obligations.
• Ensure policies and practices for access, change management, and audit trail integrity meet standards.
• Establish metrics to measure the effectiveness of training and control adherence across the organization.
• Facilitate onboarding of new business units or services into the non-SOX compliance scope, applying standard controls and defining ownership of residual risks.
• Liaise with external auditors and regulatory bodies to maintain a strong compliance posture and stay informed of evolving non-SOX requirements.
• Develop and maintain dashboards to monitor non-SOX control performance, maturity, and risk exposure.
• Maintain inventories for systems and data within non-SOX compliance scope, including cloud services and third-party platforms.

Minimum Qualifications 

• Bachelor’s degree in business administration, compliance, information systems, privacy, or a related field; equivalent work or education-related experience will be considered.
• 8+ years of experience in compliance, risk management, audit, or related roles, with a focus on regulatory obligations (e.g., privacy, data protection, operational resilience).
• Demonstrated knowledge of global regulatory frameworks such as GDPR, CCPA, HIPAA, and their application to business processes and IT systems.
• Professional certifications such as Certified Information Privacy Professional (CIPP), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or equivalent are preferred.
• Proven experience in developing and maintaining policies and procedures that support regulatory compliance.
• Strong analytical and problem-solving skills, with the ability to manage multiple projects under strict timelines.
• Excellent written and verbal communication skills, with the ability to convey complex compliance concepts to both technical and non-technical audiences.
• High level of personal integrity and the ability to handle confidential information with professionalism and discretion.
• Ability to work independently and collaboratively across cross-functional teams, including audit, legal, privacy, and operations.

ADA Physical/Mental/Workplace Requirements  

• Ability to travel domestically and internationally.

Location

Rochester, New York

Additional Locations

Canandaigua, New York, Chicago, Illinois, San Antonio, Texas

Job Type

Full time

Job Area

Information Technology

The salary range for this role is:

$114,300.00 - $207,800.00

This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting.  Our compensation is based on cost of labor. For remote locations or positions open to multiple locations, the pay range may reflect several US geographic markets, including the lowest geographic market minimum to the highest geographic market maximum. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee’s pay position within the salary range will be based on several factors including, but not limited to, the prevailing minimum wage for the location, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, shift, travel requirements, sales or revenue-based metrics, any collective bargaining agreements, and business or organizational needs.  At Constellation Brands, it is not typical for an individual to be hired at the high end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate. We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees.

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.

Equal Opportunity

Constellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).