CLEARs mission is to strengthen security & create frictionless experiences. We believe you are you & by using your biometrics your eyes, face, & fingerprints we keep you moving. Imagine a world where you can do virtually everything you need to breeze through the airport, buy a beer at the game, check-in at the doctors office, access your office building, & more without ever pulling out your wallet. CLEAR is currently available in 50+ airports, stadiums & venues nationwide. Now with Health Pass, CLEAR securely connects a persons digital identity to multiple layers of COVID-related insights to help reduce public health risk & restore peace of mind.
Were defining & leading an entirely new industry, obsessing over our customers, & investing in great people to lead the way. Recently named on CNBCs Disruptor 50 List for the second year in a row & winner of the SXSW Interactive Innovation Award, CLEAR is providing innovative technology options for businesses & our 5+ million members to help create a safer environment no matter where you go.
Our VP of Cyber Security will lead & manage a growing team taking our security engineering & operations strategy, technology, controls, processes, to the next level. Reporting to the CTO & charged with building teams focused on creating a world class & progressive Cyber Security practice & culture. They will lead top Cyber Security talent & provide innovative solutions with a fine balance between cost & risk. This role will constantly balance the need for high levels of security with low friction product design. A successful candidate for this role will have the ability to make strong technical decisions backed with data.
What You Will Do:
- Define technical standards, security tooling, & infrastructure to support key security programs: Product & Application Security, Infrastructure & Cloud Security, Vulnerability Management, Secure Development Lifecycle, Identity & Access Management, Threat Intelligence, Threat Hunting, Insider Threat, & Incident Detection & Response Engineering, & Risk Assessment.
- Staff key roles on the team, manage, coach, & maintain effective performance levels of all direct & indirect reports; total team size of 17. Plan & track continued team growth & career development.
- Assess development & operations of AWS/cloud native & Kubernetes based environments to identify risks & gaps related to information security, including potential data breach risks. Define security guardrails & implement both detective & preventive controls for deviations.
- Define, champion, & execute the overall Cyber Security strategy, road map & governance structure with buy-in from operational & business stakeholders. Work to build out robust & mature Cyber Security capabilities & measures of performance.
- Communicate security risks to management to ensure proper awareness & decision making. Understand business processes & system requirements & the associated risk in those processes.
- Build out embedded security services, business processes, & technologies to enable lightweight but high impact security value streams (e.g. Secure Design Reviews, Threat Modeling, Production Readiness testing, Security Control Verification, & many more).
- Help the business achieve & maintain FISMA High (NIST 800-53v4 High), PCI, & HIPAA compliance.
- Aid in security incident response planning & participate in the investigation of security incidents. Work to automate the detection & response of new/recurring threat activity.
- Manage & mature the organization's critical vendor security controls & relationships.
Who You Are:
- Minimum of 10 years in information security with 5 years focused in Security Engineering and/or Operations in a Cloud based environment.
- Minimum of 6 years of managing a technical security team.
- Experience with agile frameworks preferred.
- Strong Experience or knowledge with a cloud provider(s) (Amazon Web Services, Microsoft Azure, or Google Cloud) as well as protecting various cloud SaaS solutions.
- Strong working knowledge of building security security engineering focus programs & teams.
- Demonstrates excellent understanding of technology infrastructures using Firewalls, VPN, Data Loss Prevention, IDS/IPS, operating systems hardening, web-proxy & security audits.
- Has managed a team of at least 10 & managed managers.
- Experience designing secure networks, systems & application architectures, including cloud security solutions.
- Ability to build strong relationships & work cross functionally with internal & external constituents.
- Strong time management, organization & prioritization skills; ability to complete multiple concurrent tasks within close deadlines with a high degree of accuracy & detail.
- Ability to listen for nuances, dig into details in order to understand systems deeply, & articulate technical details & risks to business leaders.
- Excellent communication & organizational skills along with the ability to deliver along strict (and often time sensitive) guidelines.
- Familiarity with one or more industry standards & regulations such as PCI, NIST 800-53, FedRAMP & ISO27001.
- Comprehension of RESTful APIs, HTTP, & web APIs.
- Experience or knowledge with a cloud provider(s) (Amazon Web Services, Microsoft Azure, or Google Cloud).
- Strong experience with Platform as a Service providers.
- Some programming & scripting experience in C#, C++. Java, Python, BASH, Go, or something similar.
- Bachelor's degree or higher in Computer Science.