VP, Information Security
This job is no longer accepting applications.
Curaleaf Holdings, Inc. (CSE: CURA) (OTCQX: CURLF) (Curaleaf) is a leading U.S. provider of consumer products in cannabis, with a mission to improve lives by providing clarity around cannabis and confidence around consumption. As a vertically integrated, high-growth cannabis operator known for quality, expertise, and reliability, the company and its brands, including Curaleaf and Select provide industry-leading service, product selection, and accessibility across the medical and adult-use markets. Curaleaf currently operates in 23 states with 106 dispensaries, 22 cultivation sites, and over 30 processing sites, and employs over 4,600 team members across the United States. Home | Curaleaf | Cannabis with Confidence
Our corporate social responsibility is Rooted In Good Diversity, Equity, Inclusion + Social Equity + Sustainability Social Responsibility | Curaleaf | Cannabis with Confidence We believe in taking corporate and social responsibility very seriously, from our educational outreach to national partnerships, state-wide initiatives and local causes. Giving back to the communities where we operate is important to us, and helps to change old attitudes by showing the positive impact of cannabis in creating jobs, changing lives, and helping local communities.
We educate. We advocate. We give.
The VP of Information Security is the highest-level executive dedicated to IT security responsible for Curaleaf’s development and enforcement of information security policy and strategy. The VP oversees and directs information security programs and security efforts across the company, including information technology, personnel, communications, legal, intellectual property, as well as the design and implementation of preventative information security standards, procedures, and programs as well as compliance regulations. They direct the investigation of security breaches and disciplinary actions related to internet and computer crimes, fraud, product tampering, product diversion, and physical safety of employees and visitors.
The VP is also responsible for establishing and enforcing policies and protocols that protect the organization's digital and physical assets and leads the team of IT security professionals who investigate possible cyber-crime or data breaches and monitor information security risks.
This position can be 100% remote.
Review and approve security policies and controls, such as business continuity planning, loss prevention, identity and access management, fraud prevention, and privacy and IT support for compliance regulations such as SOX, HIPAA, GDPR and PCI.
Oversee security professionals and vendors who safeguard the company's assets, intellectual property and computer systems.
Works closely with Legal, Compliance, HR and IT peers in the strategy and execution of security direction and execution
Identify protection goals, objectives and metrics consistent with corporate strategic plan.
Manage the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security. Information protection responsibilities will include network security architecture, network access and monitoring, identity and access management policies, employee education and awareness, and more.
Work with other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.
Maintain relationships with local, state and federal law enforcement and other related government agencies.
Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
Work with outside consultants as appropriate for independent security audits.
Oversee safeguarding of intellectual property and computer systems.
Develop risk management assessments.
Identify and approve, the selection and design of security systems, tools and devices.
Ensures that disaster recovery and business continuity plans are in place and tested.
Maintains and communicate threats landscape for the industry and develop plans to address.
Develops and provides data driven reporting on security threats and incidents.
Reviews investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
Maintains current understanding security standards and regulations and ensures compliance with the changing laws and applicable regulations; translates that knowledge to identification of risks and actionable plans to protect the business.
Schedules periodic security audits and penetration tests and tracks remediation of all issues identified.
Ensures that security policies and procedures are communicated to all personnel and that compliance is enforced.
Develops and oversees security training of employees.
Manages all teams, employees, contractors and vendors involved in security.
Provides training and mentoring to security team members
Briefs the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget
Communicates best practices and risks to all parts of the business.
10+ years of relevant work experience
Mastery level understanding of information security concepts, principles and drivers
Mastery level understanding of security, privacy, IT audit and legal security standards, guidelines and principles
Understanding of SOX, HIPAA, GPDR and PCI regulations and requirements
Experience with Cloud services
Mastery level understanding of information technology within a highly-distributed organization
Strong understanding of state of the art security technology and technical concepts
Demonstrated ability to leverage advanced knowledge of a business structure and components of a product or service to identify current state for a project or endeavor; Ability to analyze gaps caused by change initiatives and determine potential opportunities
Experience conducting and/or coordinating technical security scanning, penetration testing, social engineering testing, application security testing, mobile device security analysis, network security analysis/operations
Experience with enforcing secure coding practices, threat modeling, identity and access management, and/or security incident response/recovery
Industry-recognized information security management certifications such as: Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) desired.
Proficiency with common information security management frameworks
Subject to background check per state cannabis requirements
Demonstrated ability to communicate effectively with stakeholders and customers regarding technical concepts
Comprehensive understanding of strategic planning and program management
High degree of personal integrity and ethics as well as a passion for securing data systems and networks
Constantly striving for excellence using objective, transparent and agreed-upon standards
Excellent written and verbal communication and presentation skills for leadership, technical and business audiences
Exhibits strong leadership and management skills, business acumen, and the ability to build relationships to influence and drive change
Prior knowledge and/or experience with budget management
Superior analytical/problem solving ability; Superior critical thinking skills
Strong ability to communicate across all levels of the organization
Ability to work under constantly changing conditions and tight deadlines
Ability to manage multiple goals and deadlines
Ability to travel as needed (estimated at 10%-15%)
Curaleaf is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Your application has been successfully submitted.
Cannabis with confidence