IT Compliance Manager

Manager, IT Compliance

The Manager, IT Compliance is responsible for leading and coordinating the organization's compliance program for all regulatory obligations outside the scope of Sarbanes-Oxley (SOX). This role ensures that control activities relevant to non-SOX compliancesuch as privacy, data protection, operational resilience, and global regulatory requirementsare designed, implemented, and maintained across the enterprise.

This role will work cross-functionally to bring together control programs across business units, IT, privacy, legal, compliance, and other stakeholders, fostering a culture of compliance and continuous improvement. This role is accountable for identifying, evaluating, and reporting on risks related to non-SOX obligations, and for ensuring that controls are effective, documented, and auditable.

A key element of this role is working with executive management to determine acceptable levels of risk and ensure that compliance controls are embedded in all relevant processes and systems. The ideal candidate is a strategic and operational leader who can integrate business, compliance, and regulatory objectives, and who excels at building consensus and driving compliance initiatives across the enterprise.

The ideal candidate is a strategic and operational leader who can bridge the different elements of CBI IT. They must be able to coordinate diverse teams and priorities while maintaining objectivity and a clear understanding of the organization's goals.

Responsibilities :

• Develop and maintain governance frameworks that support non-SOX compliance across all relevant business processes, systems, and applications.
• Serve as the process owner for assurance activities related to the completeness, accuracy, and auditability of data and operations subject to non-SOX regulations.
• Provide regular reporting on non-SOX compliance risks, control effectiveness, and remediation status to internal audit, enterprise risk teams, and senior leadership.
• Collaborate with legal, privacy, compliance, and vendor management teams to ensure regulatory requirements are embedded in contracts and third-party engagements.
• Lead the implementation and continuous improvement of controls relevant to non-SOX compliance, including privacy, data protection, operational resilience, and business process controls.
• Conduct risk assessments and facilitate mitigation planning for processes impacting non-SOX regulatory obligations.
• Ensure policies and practices for access, change management, and audit trail integrity meet standards.
• Establish metrics to measure the effectiveness of training and control adherence across the organization.
• Facilitate onboarding of new business units or services into the non-SOX compliance scope, applying standard controls and defining ownership of residual risks.
• Liaise with external auditors and regulatory bodies to maintain a strong compliance posture and stay informed of evolving non-SOX requirements.
• Develop and maintain dashboards to monitor non-SOX control performance, maturity, and risk exposure.
• Maintain inventories for systems and data within non-SOX compliance scope, including cloud services and third-party platforms.

Minimum Qualifications :

ADA Physical / Mental / Workplace Requirements :

Location : Rochester, New York

Additional Locations : Canandaigua, New York, Chicago, Illinois, San Antonio, Texas

Job Type : Full time

Job Area : Information Technology

The salary range for this role is : $114,300.00 - $207,800.00

Constellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).