Senior Manager
Information Security
Posted on 3/9/2023
INACTIVE
Cresco Labs

1,001-5,000 employees

Cannabis and medical marijuana
Company Overview
Cresco Labs is on a mission to normalize, professionalize and revolutionize cannabis.
Consumer Goods

Company Stage

N/A

Total Funding

$367M

Founded

2013

Headquarters

Chicago, Illinois

Growth & Insights
Headcount

6 month growth

-4%

1 year growth

-10%

2 year growth

3%
Locations
Remote
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
Microsoft Azure
Management
AWS
Requirements
  • , Cresco's national dispensary brand is a wellness-focused retailer designed to build trust, education and convenience for both existing and new cannabis consumers. Recognizing that the cannabis industry is poised to become one of the leading job creators in the country, Cresco has launched the industry's first national comprehensive Social Equity and Educational Development (SEED) initiative designed to ensure that all members of society have the skills, knowledge and opportunity to work in and own businesses in the cannabis industry
  • 10+ years of relevant technical and business experience in information security with a focus on Threat and Vulnerability management
  • Bachelors Degree in relevant field preferred
  • Leadership experience in managing cross-functional teams and influencing senior-level management and key stakeholders required
  • Demonstrated ability to implement Security technologies on time and within a required budget
  • Deep and fundamental knowledge of security best practices and industry standards from a business, technical, and operational perspective
  • Ability to be visionary, strategic, and tactical
  • Ability to execute with a sense of urgency
  • Previous security and/or compliance leadership experience in healthcare or retail industries preferred
  • Knowledge of current and emerging security standards, privacy regulations, and security requirements
  • A firm understanding of Security offerings within Amazon Web Services (AWS) and Microsoft Azure
  • Experience with the following security tools is preferred: Cisco Umbrella, Cisco Meraki, Proofpoint, TrendMicro, Azure Sentinel, Jamf, and Microsoft Intune
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Intrusion Analyst (CIA) preferred
  • Understanding of health care regulatory standards (HIPAA privacy and security rules) is preferred
  • Demonstrated knowledge of general IT controls (e.g., logical access, computer operations, and change management)
  • Must be 21 years of age or older to apply
  • Must comply with all legal or company regulations for working in the industry
Responsibilities
  • Lead and manage the Information Security function, including projects related to Identity and Access Management (IAM), Vulnerability and Threat Management, Security Awareness, Operational Security, Third-Party Risk Management, and Governance, Risk, & Compliance (GRC)
  • Perform analysis and prepare the technology department for emerging threats
  • Identify and drive remediation of vulnerabilities identified from risk assessments and penetration tests
  • Lead technology teams to define resolutions for corrective actions and work with engineering teams to develop corrective action plans
  • Proactively respond to security incidents and lead the incident response plan to ensure timely investigation, including containment, eradication, recovery, and lessons learned
  • Lead monitoring activities in SIEM tool by developing action plans to alerts and ensuring that critical and high alerts are addressed timely
  • Present to committees and upper leadership on Information Security Key Performance Indicators (KPIs), annual operating plans, security risks, and goals
  • Develop cost-effective strategies for protecting confidential data through the use of information security techniques and technologies, including but not limited to encryption, access control, secure coding, application firewalls, network security zones, content monitoring and filtering, and data leakage tools
  • Develop critical security tools portfolio, including Security Information and Event Management (SIEM), Identity and Access Management (IAM), DNS-layer Security, Endpoint Protection & Response (EDR), and Data Loss Prevention (DLP)
  • Design security architecture for cloud-based systems and implement solutions that align with cloud security best practices
  • Provides guidance to business and technical partners on secure cloud-based solution adoption that addresses security & compliance challenges
  • Lead third-party risk management activities such as performing vendor risk assessments through security questionnaires, attending security demos, and providing business partners with a thorough risk assessment
  • Work on investigations and forensic analysis activity in support of Legal, Compliance, and Corporate Investigations
  • Lead IT Governance Risk and Compliance (GRC) efforts to adhere to security & compliance frameworks such as HIPAA Security Rule, NIST, ISO27001, etc
  • Identify policy gaps and create relevant Information Security policies, standards, and procedures where needed