IT Compliance Manager

Position Overview

At Constellation Brands, we create and market beloved beer, wine and spirits brands and are driven by innovation to stay ahead of consumer trends. The Manager, IT Compliance is responsible for leading and coordinating the organization's non‐SOX compliance program, ensuring that privacy, data protection, operational resilience, and global regulatory requirements are embedded through effective controls and continuous improvement across the enterprise. Reporting to executive management and working cross-functionally, this role develops and maintains governance frameworks, identifies risk exposures, and promotes a culture of compliance and operational excellence.

Key Responsibilities

• Develop and maintain governance frameworks that support non-SOX compliance across all relevant business processes, systems, and applications.
• Act as process owner for assurance activities related to the completeness, accuracy, and auditability of data and operations subject to non-SOX regulations.
• Provide regular reporting on non-SOX compliance risks, control effectiveness, and remediation status to internal audit, risk teams, and senior leadership.
• Collaborate with legal, privacy, compliance, and vendor management teams to ensure regulatory requirements are embedded in contracts and third-party engagements.
• Lead the implementation and continuous improvement of controls relevant to non-SOX compliance, including privacy, data protection, operational resilience, and business process controls.
• Conduct risk assessments and facilitate mitigation planning for processes impacting non-SOX regulatory obligations.
• Ensure policies and practices for access, change management, and audit trail integrity meet established standards.
• Establish metrics to measure the effectiveness of training and control adherence across the organization.
• Facilitate onboarding of new business units or services into the non-SOX compliance scope, applying standard controls and defining ownership of residual risks.
• Liaise with external auditors and regulatory bodies to maintain a strong compliance posture and stay informed of evolving non-SOX requirements.
• Develop and maintain dashboards to monitor non-SOX control performance, maturity, and risk exposure.
• Maintain inventories for systems and data within the non-SOX compliance scope, including cloud services and third-party platforms.

Required Qualifications

• Bachelor's degree in Business Administration, Compliance, Information Systems, Privacy, or a related field; equivalent work or educational experience will be considered.
• 8+ years of experience in compliance, risk management, audit, or related roles focusing on regulatory obligations such as privacy, data protection, and operational resilience.
• Knowledge of global regulatory frameworks including GDPR, CCPA, and HIPAA, and their application to business processes and IT systems.
• Proven experience in developing and maintaining policies and procedures that support regulatory compliance.
• Strong analytical and problem-solving skills with the ability to manage multiple projects under strict timelines.
• Excellent written and verbal communication skills to convey complex compliance concepts to both technical and non-technical audiences.
• High level of personal integrity and the ability to handle confidential information professionally.
• Ability to work independently and collaboratively with cross-functional teams including audit, legal, privacy, and operations.

Preferred Qualifications

• Professional certifications such as Certified Information Privacy Professional (CIPP), Certified Internal Auditor (CIA), or Certified Information Systems Auditor (CISA) are preferred.

Benefits & Perks

• Comprehensive benefits package including paid time off
• Medical, dental, and vision insurance
• 401(k) plan
• Competitive compensation package with a salary range of $114,300.00 - $207,800.00