Application Security & Authorizations Manager

Job Description

Company Summary

We’re the producers, creators and marketers of beer, wine and spirits brands that people love. At Constellation Brands, we’re driven to push boundaries and think beyond today to deliver products and experiences that resonate now, tomorrow and well into the future. Because of this approach, we’re the fastest-growing large CPG company in the U.S. at retail, with operations in the U.S., Mexico, New Zealand and Italy. Our premium portfolio of iconic brands like Corona Extra, Modelo Especial, Kim Crawford, Robert Mondavi, The Prisoner, High West Whiskey, and more drive industry-leading growth for us today. But we’re just getting started. Our ability to stay on the forefront of consumer trends has fueled our success since our founding in 1945 and will guide us in creating the next generation of products and experiences Worth Reaching For.

Position Summary

The Application Security and Authorization Manager is responsible for overseeing the security of enterprise applications and access management across the enterprise. This role ensures that business applications used by Constellation Brands are protected against threats and access to them is managed according to firm policy, industry best practices, and compliance requirements.

This role will oversee regular application security assessments, identity and access management (IAM), and authorization frameworks. This role will require collaborate with applications owners; enterprise architects; and infrastructure, security, and compliance teams to ensure strong digital protections and threat mitigation around enterprise applications. They will be responsible for ensuring that security measures will meet firm standards and relevant regulations.

The ideal candidate is a technically capable, process-driven, collaborative leader with strong expertise in application security, IAM, and regulatory compliance. They possess excellent organizational skills, a strategic mindset, and an ability to work across teams to ensure effective responses to any potential threats to enterprise applications. Success in this role requires a commitment to governance, continuous improvement, and enabling business agility.

Key Responsibilities

• Policy & Compliance Management: Develop, implement, and enforce robust application security policies, standards, and procedures. Ensure continuous compliance with internal controls and external regulations such as SOX, GDPR, etc..
• Role-Based Access Control (RBAC) & SoD: Design, manage, and maintain effective Role-Based Access Controls (RBAC) and Segregation of Duties (SoD) frameworks to prevent conflicts of interest and unauthorized access across all systems.
• SAP Security Expertise: Oversee all aspects of SAP security, including role design, user administration in various SAP systems (S/4HANA, Fiori, TM, BTP), and management of SAP GRC (Governance, Risk, and Compliance) solutions for automated risk analysis and reporting.
• Enterprise Systems Oversight: Manage core non-SAP platforms Integrations with IAM (e.g., Azure AD or Entra, Okta, SailPoint and any application specific tooling), ensuring seamless user lifecycle management (joiners, movers, leavers) and integration with various cloud based SAAS services and systems.
• Operational Excellence & Process Improvement: Champion the continuous improvement of security operations by optimizing existing processes, standardizing procedures, leveraging automation technologies, and reducing manual effort within the security and provisioning lifecycles.
• Access Monitoring & Incident Response: Monitor system access logs, review exception reports, and investigate potential authorization misuse or breaches. Lead rapid response efforts to contain, analyze, and remediate application security incidents specifically related to user roles, permissions, and compromised credentials.
• Auditing & Reporting: Coordinate internal and external audits by providing documentation and evidence of access controls. Oversee and execute the quarterly User Access Review (UAR) process, ensuring timely completion, documentation of evidence, and remediation of discrepancies. Report on security metrics and compliance status to senior management.
• Team Leadership & Collaboration: Lead, mentor, and train a team of security analysts and collaborate effectively with IT and business stakeholders and product Teams to ensure application security requirements are met across all projects and operations.

Minimum qualifications:

• Bachelor’s degree in Information Technology, Business Systems, or related field.
• 8+ years of experience in Application Security, Identity and Access Management, IT Security Operations.
• Proven experience managing application security programs and IAM in enterprise environments.
• Strong understanding of security frameworks and tools (e.g., SSO, MFA, OAuth, SAML).
• Excellent communication and stakeholder engagement skills.

Preferred Qualifications:

• Certifications such as CISSP, CISM, or relevant security/IAM platforms.
• Experience with automation and integration of security and access management tools.
• Background in consumer goods or similar industries.
• Familiarity with audit, compliance, and regulatory processes (e.g., SOX, GDPR, ISO 27001).

ADA Physical/Mental/Workplace Requirements

• Ability to travel domestically and internationally

Location

Rochester, New York

Additional Locations

Canandaigua, New York, Chicago, Illinois, San Antonio, Texas

Job Type

Full time

Job Area

Information Technology

The salary range for this role is:

$114,300.00 - $207,800.00

This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting.  Our compensation is based on cost of labor. For remote locations or positions open to multiple locations, the pay range may reflect several US geographic markets, including the lowest geographic market minimum to the highest geographic market maximum. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee’s pay position within the salary range will be based on several factors including, but not limited to, the prevailing minimum wage for the location, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, shift, travel requirements, sales or revenue-based metrics, any collective bargaining agreements, and business or organizational needs.  At Constellation Brands, it is not typical for an individual to be hired at the high end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate. We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees.

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.

Equal Opportunity

Constellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).