Privacy and Data Governance Manager

Job Description

Company Summary

Constellation Brands is a leading international producer and marketer of beer, wine and spirits with operations in the U.S., Canada, Mexico, New Zealand and Italy. We offer a wide range of exciting career opportunities in sales, marketing, operations, production, finance and administration. As a part of the Constellation team, employees are encouraged to improve their skills and performance throughout their careers through various professional and educational development programs. Constellation provides a robust onboarding program in addition to ongoing training initiatives to help employees integrate into the organization quickly and maximize their growth potential.

Position Summary:   

The Privacy & Data Governance Manager will partner closely with stakeholders across the organization to develop and implement a structured process to ensure the confidentiality, integrity and availability of organizational data. The core responsibilities of the role involve building out our privacy program from within Information Security, identifying ways to protect the organization and drive core processes related to privacy and data security. This role involves developing, implementing, and managing privacy and data procedures, conducting risk assessments, and collaborating with various departments to safeguard data according to the information classification schema. Additional responsibilities include identifying, evaluating, and reporting on control opportunities within our technology stack and translating that into Business Risk in a meaningful way to our business stakeholders.

Privacy & Data Responsibilities:

• Actively monitor and assess control effectiveness, identify weaknesses, and suggest improvements to enhance our security posture and ensure regulatory compliance standards across the IT/OT environments.
• Actively manage the organization’s privacy program with guidance from Legal and the Privacy Officer.
• Familiarity with administering privacy compliance tools (preferably OneTrust). 
• Monitor and assess privacy risks, identifying control weaknesses and recommending improvements to align with regulatory and organizational standards. Oversee privacy operations such as:
     o  Cookie and tracking technology compliance
     o  Data mapping and record maintenance
     o  Managing data subject access requests (DSARs)
     o  Providing privacy training and awareness programs to employees
• Drive privacy governance documentation, including data protection frameworks, records of processing activities, and privacy impact assessments (PIAs).
• Conduct privacy risk assessments and audits, ensuring alignment with best practices and regulatory requirements.
• Collaborate with IT, Procurement, and Technology teams to manage third-party data protection risks.
• Integrate privacy considerations into new projects and technologies, ensuring proactive compliance.
• Extensive knowledge interpreting and implementing requirements of privacy related regulations (GDPR, CCPA/CPRA, New Zealand Privacy Act, Australia Privacy Act, etc.)
• Monitoring and Reporting: Monitor compliance with privacy policies and regulations, and prepare regular reports for senior management and regulatory bodies.
• Data Governance: Develop and enforce data governance policies and procedures to ensure proper data handling, classification, and lifecycle management.
• Data Handling: Oversee data handling practices, including data collection, storage, processing, and sharing, to ensure compliance with privacy and security standards.
• Experience with privacy-enhancing technologies, data encryption, access controls, security incident response, and data governance tools.
• In-depth understanding of privacy laws and regulations, data protection principles, data governance frameworks, and information security best practices.
• CIPP/CIPM certification preferred

Responsibilities/Accountabilities:

• Drive IT/OT policies, standards, and procedures to ensure compliance with relevant regulations (e.g., SOX, GDPR, HIPAA, PCI etc.) and industry standards (e.g., ISO, NIST, IEC 62443).
• Build and sustain strong relationships, becoming a trusted partner with line-of-business stakeholder, product teams, and IDS colleagues to promote cross-functional collaboration and drive progress toward shared goals.
• Identify thematic technology risks and trends throughout product lines and the Enterprise.
• Ensure timely identification and reporting of technology control gaps due to failed internal procedures, weak controls, and new threats.
• Ability to quantify and report technology risk and business impact to senior leadership.
• Demonstrate an ability to prioritize, influence and drive the successful implementation of remediation measures to burn down risk.
• Work closely with Procurement, Legal, and Technology teams to assess and manage third-party data protection risks.
• Develop and maintain technology governance frameworks within both IT and OT environments and ensuring alignment with organizational goals.

Core Competencies to be Successful:

Agile

Change Agent

Positive Attitude

Follow Through and Accountability

Innovative

Collaborate and Be Inclusive

Build Productive Working Relationships

Communicate Effectively

Ability to influence people and events without having direct control

Gaining Commitment

Detailed Documentation

Develop Self and Others

Drive Results

In-Depth Planning

Decision Making

Provide leadership

Qualifications:

• Bachelor’s degree in Privacy, Data Privacy, Data Protection, Information Security, Risk Management, or equivalent experience
• 6-10 years of experience in Privacy or Data Security, with a focus on information security governance principles.
• Experience or advanced knowledge of privacy regulations and standards (e.g., GDPR, CCPA, ISO 27701) and IT/OT security frameworks/standards (e.g., CIS, NIST CSF, NIST 800-53, PCI DSS, SOX, IEC 62443)
• CIPP or CIPM certification preferred.
• Proven ability to align privacy requirements with technical and organizational objectives.
• Experience administering and optimizing privacy management tools like OneTrust.
• Strong understanding of technical and operational risks associated with privacy.
• Excellent communication skills to convey privacy concepts to diverse audiences.
• Experience or advanced knowledge of data governance and data protection best practices, such as data classification, encryption, transfer, loss prevention and retention themes.
• The ability to communicate complex technical risks to non-technical stakeholders to ensure a common understanding and alignment of priorities based on risk
• Strong verbal and written communication skills and the ability to influence significant change

ADA Physical/Mental/Workplace Requirements:

• Occasional lifting up to 40lbs
• Sitting, working at desk/personal computer for extended periods of time
• Primary work environment is professional corporate office

Location

Rochester, New York

Additional Locations

Chicago, Illinois, Virtual - US

Job Type

Full time

Job Area

Information Technology

The salary range for this role is:

$96,500.00 - $205,500.00

This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting.  Our compensation is based on cost of labor. For remote locations or positions open to multiple locations, the pay range may reflect several US geographic markets, including the lowest geographic market minimum to the highest geographic market maximum. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee’s pay position within the salary range will be based on several factors including, but not limited to, the prevailing minimum wage for the location, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, shift, travel requirements, sales or revenue-based metrics, any collective bargaining agreements, and business or organizational needs.  At Constellation Brands, it is not typical for an individual to be hired at the high end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate. We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees.

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.

Equal Opportunity

Constellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).

Not sure you meet all qualifications? Research shows that women and members of other under-represented groups tend to not apply to jobs when they think they may not meet every qualification, when, in fact, they often do! We are committed to creating a diverse and inclusive environment and strongly encourage you to apply.