IT Compliance Manager

Job Description

Posted on: 
May 11, 2022

Curaleaf Holdings, Inc. (CSE: CURA) (OTCQX: CURLF) ("Curaleaf") is a leading international provider of consumer products in cannabis, with a mission to improve lives by providing clarity around cannabis and confidence around consumption. As a high-growth cannabis company known for quality, expertise, and reliability, the company and its brands, including Curaleaf and Select provide industry-leading service, product selection, and accessibility across the medical and adult-use markets. In the United States, Curaleaf currently operates in 23 states with 123 dispensaries, 25 cultivation sites, and over 30 processing sites, and employs over 5,000 team members. Curaleaf International is the leading vertically integrated cannabis company in Europe with a unique supply and distribution network throughout the European market, bringing together pioneering science and research with cutting-edge cultivation, extraction, and production.  

We believe in taking corporate and social responsibility very seriously, from our educational outreach to national partnerships, state-wide initiatives and local causes. Giving back to the communities where we operate is important to us, and helps to change old attitudes by showing the positive impact of cannabis in creating jobs, changing lives, and helping local communities.

We educate. We advocate. We give.

Curaleaf is seeking interested and qualified applicants for an IT Compliance Manager to be part of the 

Information Security team. This position is responsible for leading the effort to interpret compliance 

regulations such as SOX, HIPPA, GDPR, CCPA and CPRA into actionable IT Controls, with corresponding 

processes, policies oversight. This position will manage the SOX ITGC controls and work with the 

internal and external auditors and process owners to organize the audits, controls, testing and manage 

findings and gap remediations. This position is responsible for creating and updating the related policies 

and SOPs. 

To be considered for this position, interested applicants must pass an extensive background check and be comfortable working within the cannabis industry. Position is Remote with minor travel for occasional training or meetings. 

Essential Duties and Responsibilities 

•  Interprets and develops controls, policies and SOPs to support compliance with various regulatory requirements including, HIPPA, SOX, CCPA and GDPR.

•  Provide guidance on applications, both internally developed and purchased to ensure they meet compliance controls

•  Develop and perform training on compliance controls

•  Monitors, researches, analyzes, and interprets federal and state regulations to determine applicability and risks to IT operations.

•  Gather and review SOC II reports

•  Regularly audit and assess efficiency of controls and recommend effective improvements

•  Conducts security audits to ensure that Curaleaf information resources follow company policies and guidelines, and local, state, and federal regulations.

•  Works with internal and external audit, business process and IT owners on policies, processes and support of controls.

•  Represent IT with the internal and external auditors for the SOX audits.

•  Light project management, as required, for Information Security projects.

•  Other duties as required and assigned.


•  Good working knowledge of Information Security frameworks (NIST 800-53, COBIT, CIS, HITRUST Etc.)

•  Good working knowledge of regulatory compliance frameworks (HIPPA, SOX, CCPA, etc.)

•  Experience with configuring privacy and compliance software

•  Experience in a cloud only environment, preferably Azure Cloud.

•  Solid working knowledge of internal and external audit practices

•  Technical support processes and protocol.

Must Have Skills

•  Excellent verbal, written, and interpersonal communication skills, including explaining technical concepts in non-technical terms.

•  Effectively using organizational and planning skills with attention to detail and follow-through.

•  Tracking, troubleshooting, and resolving user problems.

•  Efficiently meeting deadlines, schedules, and target dates.

•  Maintaining confidentiality of work-related information and materials.

•  Establishing and maintaining effective working relationships.

Nice to Have Skills

Experience in multiple Information Security disciplines/domains.

Required Work Experience and Education

•  Minimum of 5 years working experience in Information Technology audit or Information Security field.

•  CISA certification required.

•  Security Certification highly desirable (Security+, ITIL, GCLD, CIPM, or any one Microsoft Cloud Security).

Curaleaf is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation , national origin, genetics, disability, age, or veteran status.


Job Requirements

Apply now

Similar job openings