Events  Deals  Jobs 
 
  Sign in  
 
 
CLEAR // biometric identity platform
 
New York City, United States    Posted: Monday, August 01, 2022
 
 
 
 
Apply To Job
 
 
JOB DETAILS
 

Founded in 2010, CLEARs mission is to create frictionless experiences. With more than 12+ million members & hundreds of partners across the world, CLEARs identity platform is transforming the way people live, work, & travel. Whether its at the airport, stadium, or right on your phone, CLEAR connects you to the things that make you, you - making everyday experiences easier, more secure, & more seamless. Since day one, CLEAR has been committed to privacy done right. 

CLEAR is seeking a Security Risk Analyst. The right person for this role has a strong drive to identify, assess, & mitigate information security risks, solve security challenges within a rapidly evolving landscape, & implement best-in-class security measures while also achieving business objectives. This individual will work in the Cyber Risk Management team & partner heavily with all business & technology teams, as well as collaborate closely with other CLEAR Security teams (e.g., Architecture, Engineering, Operations, Brand Protection, Business Continuity, Compliance, etc.). This individual will have solid experience in security & IT regulatory compliance (FISMA, NIST 800-53, PCI-DSS, HIPAA, etc.), demonstrated success in working with Federal agencies & governing bodies, responding to IT or security audits & compliance attestations, & performing information assurance & compliance assessments.

What You Will Do:

  • Coordinate with business managers & professional staff to ensure information system security compliance
  • Be the focal point for interactions with regulators & external auditors
  • Update & maintain the documentation for certification & accreditation of each information system in accordance with governmental & regulatory requirements
  • Assess the compliance impacts of system modifications & technological advances
  • Keep aware of changes to regulatory requirements & industry best practices to recommend updates to information security policies.
  • Assess remediations, changes, upgrades & documentation revisions for alignment with CLEARs business critical security frameworks
  • Monitor & review updates to regulations, frameworks & contracts. (NIST 800-53, PCI-DSS, HIPAA, SOC 2, ISO 27001, etc.)
  • Communicate updates to technology & business owners
  • Document changes to policy & procedures; such as new & enhanced controls
  • Respond to business partner security inquiries & audits & ensure that any findings are remediated in a timely fashion
  • Respond to inquiries from staff, administrators, service providers, site personnel & outside vendors, to provide technical assistance & support
  • Participate in & lead internal-facing security control assessments & audits
  • Develop, maintain, & communicate effective management & executive-level risk metrics & insights
  • Ensure continued awareness of & compliance with security risk management processes across CLEAR
  • Collaborate with Security Architecture, Product Security, Compliance, Finance, Legal, & other stakeholders to ensure the timely identification & implementation of adequate security controls & other risk mitigations
  • Contribute to the continuous evolution & improvement of the Security Risk & Assurance team & adjacent functions (e.g., tooling, continuous monitoring, automation, etc.)

Who You Are:

  • 3+ years of information security or technical IT auditing experience
  • Experience with information systems security standards & practices (NIST 800-53, PCI-DSS, HIPAA, SOC 2, ISO 27001, etc.)
  • Expertise with cybersecurity & privacy principles & controls used to manage risks related to the use, processing, storage, & transmission of information or data
  • Familiar with application, infrastructure, & data security risks, threats, & vulnerabilities
  • Familiar with network security architecture concepts: including topology, protocols, components, & principles (e.g., defense-in-depth strategies)
  • Ability to effectively communicate with both technical & non-technical audiences
  • Comfortable working independently across verticals & organizational hierarchies 
  • Strong attention to detail, follow-through capabilities, & escalation of key issues
  • Ability to manage multiple issues at one time
  • Ability to follow documented operational procedures & independently organize, prioritize, & follow-up on tasks in a high-pressure environment
  • CISSP, CRISC, CISA, or related certifications preferred

#LI-Hybrid

 
 
 
Apply To Job
 
 
 
 
 
© 2022 GarysGuide      About    Feedback    Press    Terms