COMPANY OVERVIEW

Recently named one of Entrepreneur magazine’s Top 100 Cannabis Leaders, Cresco Labs is one of the largest vertically-integrated multi-state cannabis operators in the United States. Cresco is built to become the most important company in the cannabis industry by combining the most strategic geographic footprint with one of the leading distribution platforms in North America. Employing a consumer-packaged goods (“CPG”) approach to cannabis, Cresco’s house of brands is designed to meet the needs of all consumer segments and includes some of the most recognized and trusted national brands including Cresco, Remedi and Mindy’s, a line of edibles created by James Beard Award-winning chef Mindy Segal. Sunnyside*, Cresco’s national dispensary brand is a wellness-focused retailer designed to build trust, education and convenience for both existing and new cannabis consumers. Recognizing that the cannabis industry is poised to become one of the leading job creators in the country, Cresco has launched the industry’s first national comprehensive Social Equity and Educational Development (SEED) initiative designed to ensure that all members of society have the skills, knowledge and opportunity to work in and own businesses in the cannabis industry. 

MISSION STATEMENT

At Cresco, we aim to lead the nation’s cannabis industry with a focus on regulatory compliance, product consistency, and customer satisfaction. Our operations bring legitimacy to the cannabis industry by acting with the highest level of integrity, strictly adhering to regulations, and promoting the clinical efficacy of cannabis. As Cresco grows, we will operate with the same level of professionalism and precision in each new market we move in to.

JOB SUMMARY

Cresco Labs is seeking an experienced IT Auditor to join the company’s Information Security team, to provide independent and objective assurance and consulting services in evaluating and improving the design and effectiveness of the company’s IT governance, risk management, and controls. The ideal candidate will have a strong desire to grow with the company in a unique industry with high growing potential.

CORE JOB DUTIES 

• Lead IT control portion of SOX (Sarbanes-Oxley) 404 audit including ITGCs (IT General Controls), ITACs (IT Application Controls), and IPEs (Information Produced by the Entity)
• Organize and lead IT walkthrough meetings with control owners
• Collaborate with individuals in HR, Finance, Accounting, and Technology to gather control evidence
• Work closely with external auditors to address document requests and follow-up questions
• Evaluate design and operating effectiveness of controls through testing and document test workpapers to provide to auditors
• Develop impact assessment and remediation plans for deficiencies identified
• Communicate deficiencies and remediation plans to control owners
• Kick off the quarterly user access review for in-scope audit applications and ensures critical financial roles and privileged access roles are reviewed with an appropriate level of precision
• Present audit findings and recommendations to upper management
• Conduct pre-implementation and post-implementation system reviews for SOX ITGC compliance and SDLC (system development lifecycle) controls

REQUIRED EXPERIENCE, EDUCATION AND SKILLS  

• Bachelor’s degree in MIS, Computer Science, Cybersecurity, or other relevant fields with a minimum of 2 years of IT Audit experience
• Big 4 experience (preferred)
• Manufacturing, Retail, CPG or adjacent industry experience preferred
• Excellent communicator with the ability to conduct walkthroughs with control owners and present findings to management
• Strong understanding of IT processes and controls, such as logical access, change management, computer operations, and system development life cycle controls
• Strong organizational skills and attention to detail
• Experience with process flow charts, controls mapping, and sample testing
• Demonstrate good initiative and ability to work independently
• Capable of working in a deadline driven environment and easily adaptable
• Must be ethically strong, with high levels of integrity and adherence to regulations, controls, and compliance.
• CISA (Certified Information Systems Auditor) certification (preferred)
• Experience with Hyperproof, risk and compliance solution (preferred)
• Experience auditing other security frameworks (HIPAA, SOC 2, CCPA, NIST, ISO27001) preferred

BENEFITS

Cresco Labs is proud to offer eligible employees a robust offering of benefits including, major medical, dental and vision insurance, a 401(K)-match program, FSA/HSA programs, LTD/STD options, life insurance and AD&D.  We also offer eligible employees paid holidays and paid time off.  Other rewards may include annual discretionary bonuses, stock options as well as participation in our employee discount program. Benefits eligibility for permanent positions may vary by full-time or part-time roles, location, or position.

COMPENSATION 

In accordance with any local and state compensation laws, the estimated range of compensation is $85,000 - $100,000 + bonus eligible. Final offer details and future compensation may be determined by multiple factors including but not limited to, geographic location, market compensation data, skills, experience and other relevant factors. For questions about this please discuss with your recruiter during the interview process.

ADDITIONAL REQUIREMENTS

• Must be 21 years of age or older to apply
• Must comply with all legal or company regulations for working in the industry 

Cresco Labs is an Equal Opportunity Employer and all applicants will be considered without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.