Facebook pixel

Auditor – Information Security
Confirmed live in the last 24 hours
Experience Level
Desired Skills
  • , Cresco's national dispensary brand is a wellness-focused retailer designed to build trust, education and convenience for both existing and new cannabis consumers. Recognizing that the cannabis industry is poised to become one of the leading job creators in the country, Cresco has launched the industry's first national comprehensive Social Equity and Educational Development (SEED) initiative designed to ensure that all members of society have the skills, knowledge and opportunity to work in and own businesses in the cannabis industry
  • Bachelor's degree in MIS, Computer Science, Cybersecurity, or other relevant fields with a minimum of 2 years of IT Audit experience
  • Big 4 experience (preferred)
  • Manufacturing, Retail, CPG or adjacent industry experience preferred
  • Excellent communicator with the ability to conduct walkthroughs with control owners and present findings to management
  • Strong understanding of IT processes and controls, such as logical access, change management, computer operations, and system development life cycle controls
  • Strong organizational skills and attention to detail
  • Experience with process flow charts, controls mapping, and sample testing
  • Demonstrate good initiative and ability to work independently
  • Capable of working in a deadline driven environment and easily adaptable
  • Must be ethically strong, with high levels of integrity and adherence to regulations, controls, and compliance
  • CISA (Certified Information Systems Auditor) certification (preferred)
  • Experience with Hyperproof, risk and compliance solution (preferred)
  • Experience auditing other security frameworks (HIPAA, SOC 2, CCPA, NIST, ISO27001) preferred
  • Must be 21 years of age or older to apply
  • Must comply with all legal or company regulations for working in the industry
  • Lead IT control portion of SOX (Sarbanes-Oxley) 404 audit including ITGCs (IT General Controls), ITACs (IT Application Controls), and IPEs (Information Produced by the Entity)
  • Organize and lead IT walkthrough meetings with control owners
  • Collaborate with individuals in HR, Finance, Accounting, and Technology to gather control evidence
  • Work closely with external auditors to address document requests and follow-up questions
  • Evaluate design and operating effectiveness of controls through testing and document test workpapers to provide to auditors
  • Develop impact assessment and remediation plans for deficiencies identified
  • Communicate deficiencies and remediation plans to control owners
  • Kick off the quarterly user access review for in-scope audit applications and ensures critical financial roles and privileged access roles are reviewed with an appropriate level of precision
  • Present audit findings and recommendations to upper management
  • Conduct pre-implementation and post-implementation system reviews for SOX ITGC compliance and SDLC (system development lifecycle) controls
Cresco Labs

1,001-5,000 employees

Cannabis and medical marijuana
Company Overview
Cresco Labs is on a mission to normalize, professionalize and revolutionize cannabis.