Information Security Auditor - Cresco Labs Chicago, Illinois, United States Bookmark Share Print 226 0 0

Listing Description


Recently named one of Entrepreneur magazine’s Top 100 Cannabis Leaders, Cresco Labs is one of the largest vertically-integrated multi-state cannabis operators in the United States. Cresco is built to become the most important company in the cannabis industry by combining the most strategic geographic footprint with one of the leading distribution platforms in North America. Employing a consumer-packaged goods (“CPG”) approach to cannabis, Cresco’s house of brands is designed to meet the needs of all consumer segments and includes some of the most recognized and trusted national brands including Cresco, Remedi and Mindy’s, a line of edibles created by James Beard Award-winning chef Mindy Segal. Sunnyside*, Cresco’s national dispensary brand is a wellness-focused retailer designed to build trust, education and convenience for both existing and new cannabis consumers. Recognizing that the cannabis industry is poised to become one of the leading job creators in the country, Cresco has launched the industry’s first national comprehensive Social Equity and Educational Development (SEED) initiative designed to ensure that all members of society have the skills, knowledge and opportunity to work in and own businesses in the cannabis industry. 


At Cresco, we aim to lead the nation’s cannabis industry with a focus on regulatory compliance, product consistency, and customer satisfaction. Our operations bring legitimacy to the cannabis industry by acting with the highest level of integrity, strictly adhering to regulations, and promoting the clinical efficacy of cannabis. As Cresco grows, we will operate with the same level of professionalism and precision in each new market we move in to.


Cresco Labs is seeking an experienced IT Auditor to join the company’s Information Security team, to provide independent and objective assurance and consulting services in evaluating and improving the design and effectiveness of the company’s IT governance, risk management, and controls. The ideal candidate will have a strong desire to grow with the company in a unique industry with high growing potential.


  • Lead IT control portion of SOX (Sarbanes-Oxley) 404 audit including ITGCs (IT General Controls), ITACs (IT Application Controls), and IPEs (Information Produced by the Entity)

  • Organize and lead IT walkthrough meetings with control owners

  • Collaborate with individuals in HR, Finance, Accounting, and Technology to gather control evidence

  • Work closely with external auditors to address document requests and follow-up questions

  • Evaluate design and operating effectiveness of controls through testing and document test workpapers to provide to auditors

  • Develop impact assessment and remediation plans for deficiencies identified

  • Communicate deficiencies and remediation plans to control owners

  • Kick off the quarterly user access review for in-scope audit applications and ensures critical financial roles and privileged access roles are reviewed with an appropriate level of precision

  • Present audit findings and recommendations to upper management

  • Conduct pre-implementation and post-implementation system reviews for SOX ITGC compliance and SDLC (system development lifecycle) controls


  • Bachelor’s degree in MIS, Computer Science, Cybersecurity, or other relevant fields with a minimum of 2 years of IT Audit experience

  • Big 4 experience (preferred)

  • Manufacturing, Retail, CPG or adjacent industry experience preferred

  • Excellent communicator with the ability to conduct walkthroughs with control owners and present findings to management

  • Strong understanding of IT processes and controls, such as logical access, change management, computer operations, and system development life cycle controls

  • Strong organizational skills and attention to detail

  • Experience with process flow charts, controls mapping, and sample testing

  • Demonstrate good initiative and ability to work independently

  • Capable of working in a deadline driven environment and easily adaptable

  • Must be ethically strong, with high levels of integrity and adherence to regulations, controls, and compliance.

  • CISA (Certified Information Systems Auditor) certification (preferred)

  • Experience with Hyperproof, risk and compliance solution (preferred)

  • Experience auditing other security frameworks (HIPAA, SOC 2, CCPA, NIST, ISO27001) preferred


Cresco Labs is proud to offer eligible employees a robust offering of benefits including, major medical, dental and vision insurance, a 401(K)-match program, FSA/HSA programs, LTD/STD options, life insurance and AD&D.  We also offer eligible employees paid holidays and paid time off.  Other rewards may include annual discretionary bonuses, stock options as well as participation in our employee discount program. Benefits eligibility for permanent positions may vary by full-time or part-time roles, location, or position.


  • Must be 21 years of age or older to apply

  • Must comply with all legal or company regulations for working in the industry 

Cresco Labs is an Equal Opportunity Employer and all applicants will be considered without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.

Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided


  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided

About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765