Director, Technology Governance, Risk & Compliance

Constellation Brands | Victor, NY

Posted Date 3/26/2024

Job Description

Position Summary:

The Director, Technology Governance, Risk, and Compliance (GRC) is a key leadership role within the Information Security function of CBI’s Information and Data Solutions (IDS) organization. The role is responsible for ensuring effective governance, managing risks, and maintaining control frameworks to support the organization's objectives. The Technology GRC Director will develop strategic vision and roadmap for the IDS GRC team. The director will oversee compliance with internal controls, industry leading practices, regulatory requirements, including SOX, Privacy, PCI-DSS and play a crucial role in interacting with internal and external auditors. This position is responsible for the development and guidance for a team responsible for second line of defense activities, including technology risk management and assessments, third party risk assessments, compliance monitoring and developing policy, standards, and controls to ensure a strong control environment is in place to manage risk.


Leadership & Stakeholder Alignment

  • Provide general leadership, oversight and development of technology governance, risk, and compliance practices.
  • Serve as a key stakeholder on project steering teams for new applications to ensure process and control are designed and implemented appropriately.
  • Collaborate with key stakeholders to establish Technology GRC team priorities, goals, and objectives in support of business strategies.
  • Monitor and evaluate GRC practices and develop metrics and KPIs to identify areas for improvement and optimization.
  • Report regularly to the IDSLT, the business, and other Sr. Management on the effectiveness of GRC including key risks and compliance with policy and controls; escalating issues as appropriate.
  • Facilitate regular meetings with Internal Audit & Advisory Services and other internal departments to ensure:
    • Common understanding of IDS control observations and deficiencies
    • Observations are appropriately assessed to mitigate risk and conduct necessary impact analysis
    • Alignment on short-term and long-term remediation activities
  • Conduct lessons learned with audit teams to ensure optimal coordination of improvement opportunities
  • Responsible for short term and long-range planning, including objectives and key results (OKRs), financial planning, forecasts, and related variances.

Governance & Compliance:

  • Overall responsibility for the oversight and establishment of IDS & information security policies, procedures, and controls to manage risk and ensure compliance with internal and regulatory requirements.
  • Responsible for the oversight of a unified control framework (UCF), including monitoring of controls to ensure alignment with various leading practice control frameworks, such as NIST CSF, CIS, COBIT, etc.
  • Ensures the ongoing education of product teams, platform teams, and control owners, ensuring their understanding of the governance structure, their ownership responsibilities, and the standards for documentation.
  • Oversees the design and implementation of technology controls in collaboration with other members of technology teams, ensuring adherence to requirements and that control design is embedded into solutions and procedures.
  • Facilitate and support assessments of enterprise systems, processes, and controls to verify that controls are designed appropriately and operate effectively.
  • Oversee the definition of remediation plans, compensating and mitigating control activities, and retesting; ensure any recommendations received from internal audit, external audit, regulators, or other external parties are addressed and incorporated into those plans.
  • Ensure timely remediation of ineffective controls and that remediation plans address the risks, are appropriate, detailed, and up to date.

Risk Management:

  • Overall responsibility for the success of our technology risk management program; including risk reporting, risk registry, executive metrics.
  • Provides leadership, guidance, and oversight to the development of an enterprise-wide Technology Risk Management program to assess, identify, report, manage and prioritize organizational risks that may hinder the company from delivering on its mission, vision, and objectives.
  • Provides leadership, guidance, and oversight to risk mitigation strategies to minimize risks to the organization.
  • Oversees third party and supply technology risk management practices and alignment with cross functional teams such as Enterprise Risk Management (ERM), Legal and Operational teams.

Core Competencies to be Successful:

  • Strong communication skills (both written and verbal)
  • Ability to communicate effectively at all levels of the organization
  • Relationship building and teamwork
  • Constituent focus
  • Initiative and results orientation
  • Planning and organizing
  • Role expertise
  • Coaching and developing others
  • Strategic thinking

Recommended Qualifications:

  • Bachelor’s degree in business, Information Technology, Information Security, Audit, or a related field with ten or more years of equivalent experience, MBA preferred.
  • Experience with GRC solutions and automation
  • Experience with SAP S/4Hana, specifically security and controls
  • In-depth experience of various control frameworks and regulatory requirements, such as NIST-CSF, Sarbanes-Oxley (SOX), Privacy (CCPA, GDPR, etc.) and other leading practice frameworks
  • Experience developing and executing strategies for Information Security technologies.
  • Strong working knowledge of information systems security standards and practices.
  • Ability to collaborate with senior business leaders to align technology solutions with business objectives
  • Ability to be decisive yet collaborative and influential in decision making
  • Strong written and oral communication skills
  • Strong ability to develop business case justifications and cost/benefit analysis.
  • Creative problem solver
  • Strong analytic skills
  • Demonstrated ability to develop effective working relationships with all levels of the organization.

ADA Physical/Mental/Workplace Requirements:

  • Occasional lifting up to 25 lbs.
  • Sitting, working at desk/personal computer for extended periods of time
  • Primary work environment is professional corporate office
  • Ability to travel commercially and internationally.


Victor, New York

Additional Locations

Chicago, Illinois, Rochester, New York

Job Type

Full time

Job Area

Information Technology

The salary range for this role is:

$151,000.00 - $246,300.00

This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee’s pay position within the salary range will be based on several factors including, but limited to, the prevailing minimum wage for the location, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, shift, travel requirements, sales or revenue-based metrics, any collective bargaining agreements, and business or organizational needs. We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees.

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.

Equal Opportunity

Constellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).

Not sure you meet all qualifications? Research shows that women and members of other under-represented groups tend to not apply to jobs when they think they may not meet every qualification, when, in fact, they often do! We are committed to creating a diverse and inclusive environment and strongly encourage you to apply.

Salary151,000.00 - 246,300.00 Annual
Employment Type
Full Time

Share this job