Apply on Employer Site

Constellation Brands · 19 hours ago

IT Compliance Manager

Rochester, NY

Full-time

Onsite

Senior Level, Lead/Staff

$114K/yr - $208K/yr

8+ years exp

Constellation Brands is a leading producer and marketer of beer, wine, and spirits. The IT Compliance Manager is responsible for overseeing the organization's compliance program for regulatory obligations outside the scope of Sarbanes-Oxley, ensuring effective control activities related to privacy, data protection, and operational resilience.

Food and BeverageFood ProcessingManufacturingWine And Spirits

Comp. & Benefits

Responsibilities

Develop and maintain governance frameworks that support non-SOX compliance across all relevant business processes, systems, and applications

Serve as the process owner for assurance activities related to the completeness, accuracy, and auditability of data and operations subject to non-SOX regulations

Provide regular reporting on non-SOX compliance risks, control effectiveness, and remediation status to internal audit, enterprise risk teams, and senior leadership

Collaborate with legal, privacy, compliance, and vendor management teams to ensure regulatory requirements are embedded in contracts and third-party engagements

Lead the implementation and continuous improvement of controls relevant to non-SOX compliance, including privacy, data protection, operational resilience, and business process controls

Conduct risk assessments and facilitate mitigation planning for processes impacting non-SOX regulatory obligations

Ensure policies and practices for access, change management, and audit trail integrity meet standards

Establish metrics to measure the effectiveness of training and control adherence across the organization

Facilitate onboarding of new business units or services into the non-SOX compliance scope, applying standard controls and defining ownership of residual risks

Liaise with external auditors and regulatory bodies to maintain a strong compliance posture and stay informed of evolving non-SOX requirements

Develop and maintain dashboards to monitor non-SOX control performance, maturity, and risk exposure

Maintain inventories for systems and data within non-SOX compliance scope, including cloud services and third-party platforms

Qualification

Compliance program managementRisk managementRegulatory frameworks knowledgeProfessional certificationsAnalytical skillsWritten communicationVerbal communicationTeam collaborationProblem-solvingIntegrity

Required

Bachelor's degree in business administration, compliance, information systems, privacy, or a related field; equivalent work or education-related experience will be considered

8+ years of experience in compliance, risk management, audit, or related roles, with a focus on regulatory obligations (e.g., privacy, data protection, operational resilience)

Demonstrated knowledge of global regulatory frameworks such as GDPR, CCPA, HIPAA, and their application to business processes and IT systems

Proven experience in developing and maintaining policies and procedures that support regulatory compliance

Strong analytical and problem-solving skills, with the ability to manage multiple projects under strict timelines

Excellent written and verbal communication skills, with the ability to convey complex compliance concepts to both technical and non-technical audiences

High level of personal integrity and the ability to handle confidential information with professionalism and discretion

Ability to work independently and collaboratively across cross-functional teams, including audit, legal, privacy, and operations

Preferred

Professional certifications such as Certified Information Privacy Professional (CIPP), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or equivalent are preferred