Recently named one of Entrepreneur magazine’s Top 100 Cannabis Leaders, Cresco Labs is one of the largest vertically-integrated multi-state cannabis operators in the United States. Cresco is built to become the most important company in the cannabis industry by combining the most strategic geographic footprint with one of the leading distribution platforms in North America. Employing a consumer-packaged goods (“CPG”) approach to cannabis, Cresco’s house of brands is designed to meet the needs of all consumer segments and includes some of the most recognized and trusted national brands including Cresco, Remedi and Mindy’s, a line of edibles created by James Beard Award-winning chef Mindy Segal. Sunnyside*, Cresco’s national dispensary brand is a wellness-focused retailer designed to build trust, education and convenience for both existing and new cannabis consumers. Recognizing that the cannabis industry is poised to become one of the leading job creators in the country, Cresco has launched the industry’s first national comprehensive Social Equity and Educational Development (SEED) initiative designed to ensure that all members of society have the skills, knowledge and opportunity to work in and own businesses in the cannabis industry.
At Cresco, we aim to lead the nation’s cannabis industry with a focus on regulatory compliance, product consistency, and customer satisfaction. Our operations bring legitimacy to the cannabis industry by acting with the highest level of integrity, strictly adhering to regulations, and promoting the clinical efficacy of cannabis. As Cresco grows, we will operate with the same level of professionalism and precision in each new market we move in to.
Cresco Labs is seeking an Auditor for its IT Security Team who will lead and conduct independent audits within IT department, third-party audits as well as Information Security risk assessments across various business units. This will involve audit scoping, risk assessment and ranking, testing effectiveness of IT controls, driving gap closures and evidence collection and audit reporting. This role requires the candidates to be detail oriented with strong organizational and analytical skills. Ideal candidate will have the ability to handle responsibility with independence, stay organized under pressure, and have the ability to negotiate and inspire effective and timely corrective actions.
CORE JOB DUTIES:
- Perform risk assessment and conduct audits in accordance with the Information Security Policy and Standards
- Collaborate with Internal Audit team to support the Internal Audit program as it relates to IT controls
- Lead enterprise Information Security Risk Assessment across business units
- Collaborate and develop remediation plans with cross functional IT organizations
- Serve as IT lead for all third party audits
- Lead IT audit projects to provide assessment and effectiveness of internal controls and processes
- Identify potential audit areas and assessing the degrees of inherent risk
- Prepare and review audit evidence and present audit reports to key stakeholders
- Support major IT projects and initiatives by assessing internal controls and security of systems during development phase
- Drive audit gap closures and remediation efforts
REQUIRED EXPERIENCE, EDUCATION AND SKILLS:
- Bachelor’s degree in Accounting, Finance, Computer Science or other relevant fields with 3-5 years of audit experience primarily in IT area.
- Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) is preferred.
- Intermediate knowledge of cloud (AWS & Azure) systems and design, error detection/resolution techniques, quality assurance techniques, and IT implementation and management methodologies.
- Knowledge of Control Objectives for Information and Related Technology and Standards for the Professional Practice of Internal Auditing.
- A sound understanding of Sarbanes-Oxley Section 404 and its general compliance requirements related to information technology.
- Knowledge of Payment Card Industry Data Security Standard (PCI DSS) and an understanding of the general compliance requirements
- Demonstrated understanding of SOC 1 and SOC 2 reports
- Proficient in MS Office applications
- Experience enterprise risk assessment frameworks and standards
- Strong organizational skills and ability to successfully manage multiple projects simultaneously
- Exceptional oral and written communication skills suitable for all levels of management
- An eagerness to be helpful and share knowledge
- Experience with fraud investigation including interviewing and research
- Experience with Merger and acquisition as it pertains to due diligence and system integration
- Experience/working knowledge of industry-recognized security tools
- Must be 21 years of age or older to apply
- Must comply with all legal or company regulations for working in the industry
Cresco Labs is an Equal Opportunity Employer and all applicants will be considered without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.