Recently named one of Entrepreneur magazine’s Top 100 Cannabis Leaders, Cresco Labs is one of the largest vertically-integrated multi-state cannabis operators in the United States. Cresco is built to become the most important company in the cannabis industry by combining the most strategic geographic footprint with one of the leading distribution platforms in North America. Employing a consumer-packaged goods (“CPG”) approach to cannabis, Cresco’s house of brands is designed to meet the needs of all consumer segments and includes some of the most recognized and trusted national brands including Cresco, Remedi and Mindy’s, a line of edibles created by James Beard Award-winning chef Mindy Segal. Sunnyside*, Cresco’s national dispensary brand is a wellness-focused retailer designed to build trust, education and convenience for both existing and new cannabis consumers. Recognizing that the cannabis industry is poised to become one of the leading job creators in the country, Cresco has launched the industry’s first national comprehensive Social Equity and Educational Development (SEED) initiative designed to ensure that all members of society have the skills, knowledge and opportunity to work in and own businesses in the cannabis industry.
At Cresco, we aim to lead the nation’s cannabis industry with a focus on regulatory compliance, product consistency, and customer satisfaction. Our operations bring legitimacy to the cannabis industry by acting with the highest level of integrity, strictly adhering to regulations, and promoting the clinical efficacy of cannabis. As Cresco grows, we will operate with the same level of professionalism and precision in each new market we move in to.
Cresco Labs is seeking an IT Security Program Manager. This is a critical role that will report to and is intended to provide management support to SVP and Head of IT Security of Cresco Labs. The IT Security Program Manager will be tasked to drive security initiatives in support of the program charter, manage vendor relationships and maintain IT Security budget. The ideal candidate will be an excellent leader who understands current threat landscape, is self-driven and seasoned in delivering results in a timely manner. They will also be able to design and develop processes to drive operational efficiencies into the program.
CORE JOB DUTIES
- Closely collaborate with IT security Director and IT Security architect in implementing security framework for the enterprise
- Responsible for developing and leading program governance, and partnering with other IT Security staff members in achieving goals of Cybersecurity program
- Provide oversight on the efficacy of the budget, scope, and resources deployed across all projects that are either driven by or require involvement of IT Security
- Build strong relationships with IT leaders, vendors and business partners to assist in the deployment of the Cybersecurity program as well as governance strategy
- Accountable for negotiation and execution of key security vendor contracts and Statement of Work from planning, facilitation, delivery commitments, budget leadership and management through successful completion
- Develop, maintain, and report on key security metrics – both as a program and on an individual basis; creating metric templates and scoring models
- Identifying opportunities for improvement and then driving those improvements through the enterprise
- Develop, control and maintain the information security policy exception process, including the initial evaluation of exception requests, working with technical team members of IT Security team in defining appropriate mitigating controls and providing recommendations regarding the exception
REQUIRED EXPERIENCE, EDUCATION AND SKILLS
- Bachelor’s or Associate degree with pertinent professional education/certificates
- 5-10 years’ experience working in an Information Security or Information Technology department with 5+ years in program management capacity
- Work experience in managing Technology programs for mid to large size enterprise
- Experience working in fast paced organizations and developing strong partnership and collaborating with IT peers, legal and finance
- Highly proficient, concise and articulate verbal and written communication skills to a wide range of audiences including business partners, end-users, and technical partners
- Ability to effectively translate and present technology solutions in business or management terms
- PMP/PgMP: Project/Program Management Professional or equivalent are preferred
- ITIL: Information Technology Infrastructure Library preferred
- Experience with risk analysis to identify appropriate security countermeasures
- Experience in 3rd party relationship management
- Knowledge of security tools and technology including AWS and/or Azure Security Tools/Services
- Experience in Security Incident Response management
- Strong, organizational, analytical, and interpersonal skills
- Must be 21 years of age or older to apply
- Must comply with all legal or company regulations for working in the industry
Cresco Labs is an Equal Opportunity Employer and all applicants will be considered without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.