IT Audit Analyst (GRC)

Cresco Labs•Chicago, IL

About The Position

The IT GRC Analyst reports to the Director of IT Governance, Risk & Compliance (GRC) and supports day-to-day IT audit and compliance activities to help ensure systems and processes are working as expected. This role supports IT audit activities by pulling, validating, and reviewing system-generated data, while partnering with teams across the business to gather supporting documentation. In this role, the Analyst helps maintain key IT General Controls (ITGCs), with a focus on Logical Access (user access controls) and Change Management (how system changes are approved and tracked). The position also contributes to remediation efforts and helps keep the organization audit-ready. This role is well-suited for someone who enjoys working with data, staying organized, and improving processes. The position involves reviewing system data, identifying inconsistencies, and supporting teams in resolving issues. The ideal candidate is detail-oriented, collaborative, and eager to learn, with an interest in using technology to investigate and analyze data to support audit and compliance activities. Success in this role means maintaining accurate audit data, ensuring effective control operations, and supporting the Director in maintaining an audit-ready environment.

Requirements

Experience supporting ITGC, SOX, or similar control frameworks preferred
Strong Excel skills with the ability to analyze and work with data
High attention to detail with strong organizational skills
Clear communication skills and ability to work with cross-functional teams
Interest in automation, process improvement, and workflow optimization
Must be 21 years of age or older to apply
Must comply with all legal or company regulations for working in the industry
Applicants must be legally authorized to work in the United States on a permanent basis without the need for current or future sponsorship at any time.

Responsibilities

Export, validate, and document system data for monthly Logical Access and Change Management reviews
Maintain audit documentation and control evidence for consistent tracking and review
Own the collection and management of audit data (Information Provided by Entity – IPE) across systems, partnering with system owners
Use tools such as Excel, AuditBoard, and FreshService to track audit activities, manage workflows, and validate data
Analyze system data to identify issues, investigate anomalies, and escalate findings
Prepare Logical Access review files (user access and role changes) as part of a repeatable, monthly review process
Monitor and review internal Change Management processes to ensure changes are properly approved and documented
Support SOX (404b) testing and ongoing audit requirements
Identify opportunities to improve and simplify audit and control processes