Recently named one of Entrepreneur magazine’s Top 100 Cannabis Leaders, Cresco Labs is one of the largest vertically-integrated multi-state cannabis operators in the United States. Cresco is built to become the most important company in the cannabis industry by combining the most strategic geographic footprint with one of the leading distribution platforms in North America. Employing a consumer-packaged goods (“CPG”) approach to cannabis, Cresco’s house of brands is designed to meet the needs of all consumer segments and includes some of the most recognized and trusted national brands including Cresco, Remedi and Mindy’s, a line of edibles created by James Beard Award-winning chef Mindy Segal. Sunnyside*, Cresco’s national dispensary brand is a wellness-focused retailer designed to build trust, education and convenience for both existing and new cannabis consumers. Recognizing that the cannabis industry is poised to become one of the leading job creators in the country, Cresco has launched the industry’s first national comprehensive Social Equity and Educational Development (SEED) initiative designed to ensure that all members of society have the skills, knowledge and opportunity to work in and own businesses in the cannabis industry.
At Cresco, we aim to lead the nation’s cannabis industry with a focus on regulatory compliance, product consistency, and customer satisfaction. Our operations bring legitimacy to the cannabis industry by acting with the highest level of integrity, strictly adhering to regulations, and promoting the clinical efficacy of cannabis. As Cresco grows, we will operate with the same level of professionalism and precision in each new market we move in to.
Cresco Labs is looking to add a Senior Manager, Information Security to our corporate team in Chicago, IL. The Senior Manager, Information Security serves as a central point of contact for the execution of the Information Security strategy and roadmap. This individual will apply management principles with a critical impact on security technologies and the organization. As a leader on the Cyber security team, you will have many opportunities to mentor, support, and contribute to multiple teams and initiatives that affect the entire organization through the secure usage of technology, industry standards, and best practices.
CORE JOB DUTIES
- Lead and manage the Information Security function, including projects related to Identity and Access Management (IAM), Vulnerability and Threat Management, Security Awareness, Operational Security, Third-Party Risk Management, and Governance, Risk, & Compliance (GRC)
- Perform analysis and prepare the technology department for emerging threats
- Identify and drive remediation of vulnerabilities identified from risk assessments and penetration tests
- Lead technology teams to define resolutions for corrective actions and work with engineering teams to develop corrective action plans
- Proactively respond to security incidents and lead the incident response plan to ensure timely investigation, including containment, eradication, recovery, and lessons learned
- Lead monitoring activities in SIEM tool by developing action plans to alerts and ensuring that critical and high alerts are addressed timely
- Present to committees and upper leadership on Information Security Key Performance Indicators (KPIs), annual operating plans, security risks, and goals
- Develop cost-effective strategies for protecting confidential data through the use of information security techniques and technologies, including but not limited to encryption, access control, secure coding, application firewalls, network security zones, content monitoring and filtering, and data leakage tools
- Develop critical security tools portfolio, including Security Information and Event Management (SIEM), Identity and Access Management (IAM), DNS-layer Security, Endpoint Protection & Response (EDR), and Data Loss Prevention (DLP).
- Design security architecture for cloud-based systems and implement solutions that align with cloud security best practices
- Provides guidance to business and technical partners on secure cloud-based solution adoption that addresses security & compliance challenges
- Lead third-party risk management activities such as performing vendor risk assessments through security questionnaires, attending security demos, and providing business partners with a thorough risk assessment
- Work on investigations and forensic analysis activity in support of Legal, Compliance, and Corporate Investigations
- Lead IT Governance Risk and Compliance (GRC) efforts to adhere to security & compliance frameworks such as HIPAA Security Rule, NIST, ISO27001, etc.
- Identify policy gaps and create relevant Information Security policies, standards, and procedures where needed
REQUIRED EXPERIENCE, EDUCATION AND SKILLS
- 10+ years of relevant technical and business experience in information security with a focus on Threat and Vulnerability management
- Leadership experience in managing cross-functional teams and influencing senior-level management and key stakeholders required
- Demonstrated ability to implement Security technologies on time and within a required budget
- Deep and fundamental knowledge of security best practices and industry standards from a business, technical, and operational perspective
- Ability to be visionary, strategic, and tactical
- Ability to execute with a sense of urgency
- Previous security and/or compliance leadership experience in healthcare or retail industries preferred
- Knowledge of current and emerging security standards, privacy regulations, and security requirements
- A firm understanding of Security offerings within Amazon Web Services (AWS) and Microsoft Azure
- Experience with the following security tools is preferred: Cisco Umbrella, Cisco Meraki, Proofpoint, TrendMicro, Azure Sentinel, Jamf, and Microsoft Intune
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Intrusion Analyst (CIA) preferred
- Understanding of health care regulatory standards (HIPAA privacy and security rules) is preferred
- Demonstrated knowledge of general IT controls (e.g., logical access, computer operations, and change management)
Cresco Labs is proud to offer eligible employees a robust offering of benefits including, major medical, dental and vision insurance, a 401(K)-match program, FSA/HSA programs, LTD/STD options, life insurance and AD&D. We also offer eligible employees paid holidays and paid time off. Other rewards may include annual discretionary bonuses, stock options as well as participation in our employee discount program. Benefits eligibility for permanent positions may vary by full-time or part-time roles, location, or position.
- Must be 21 years of age or older to apply
- Must comply with all legal or company regulations for working in the industry
Cresco Labs is an Equal Opportunity Employer and all applicants will be considered without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided