Events  Classes  Deals  Jobs 
    Sign in  
CLEAR // biometric identity platform
New York City, United States    Posted: Friday, October 16, 2020
Apply To Job

CLEARs mission is to strengthen security & create frictionless experiences. We believe you are you & by using your biometrics your eyes, face, & fingerprints we keep you moving.  Imagine a world where you can do virtually everything you need to breeze through the airport, buy a beer at the game, check-in at the doctors office, access your office building, & more without ever pulling out your wallet. CLEAR is currently available in 50+ airports, stadiums & venues nationwide. Now with Health Pass, CLEAR securely connects a persons digital identity to multiple layers of COVID-related insights to help reduce public health risk & restore peace of mind.

Were defining & leading an entirely new industry, obsessing over our customers, & investing in great people to lead the way. Recently named on CNBCs Disruptor 50 List for the second year in a row & winner of the SXSW Interactive Innovation Award, CLEAR is providing innovative technology options for businesses & our 5+ million members to help create a safer environment no matter where you go.

CLEAR is seeking a Director of Technology Assurance & Compliance. The right person for this role has a strong drive to solve security challenges within a rapidly expanding environment, & the desire to implement best-in-class security measures using cutting edge technology. This individual will work in CLEARs GRC team, partnering heavily with Infrastructure, DevOps, & Security Engineering teams in a cloud-native environment. Technology Assurance & Compliance will focus on interfacing with key external regulators & business partners (audit response, contract review, etc.), managing internal regulatory standard compliance efforts, & working with teams to brainstorm compliant solutions & remediate any outstanding compliance issues. This individual will have solid experience in cyber & IT regulatory compliance (FISMA, NIST 800-53, PCI-DSS, HIPAA, etc.), demonstrated success in working with Federal agencies & governing bodies, responding to IT or security audits & compliance attestations, & performing information assurance & compliance assessments.

What You Will Do:

  • Maintain security & establish functional requirements for security measures.
  • Coordinate with business area managers & professional staff to ensure information system security compliance. 
  • Be the focal point for interactions with Federal agency regulators & auditors
  • Work with CLEARs various Government programs & security staff to complete required Systems Security Plans (SSPs).
  • Define, create & maintain the documentation for certification & accreditation of each information system in accordance with government & regulatory requirements. 
  • Assess the compliance impacts of system modifications & technological advances. 
  • Review systems in order to identify potential security weaknesses & recommend improvements to amend vulnerabilities
  • Be responsible for authentication of hardening hardware & software systems against external or internal threats.
  • Assess remediations, changes, upgrades & documentation revisions for alignment with CLEARs business critical security frameworks
  • Lead security control assessments & audits
  • Recommend changes to information security policies
  • Monitor & review updates to regulations, frameworks & contracts. (NIST 800-53, PCI-DSS, HIPAA)
  • Communicate updates to technology & business owners
  • Document changes to policy; such as new & enhanced controls
  • Provide tracking procedures to support policies are developed & maintained by technical & business owners
  • Respond to business partner security inquiries & audits & ensure that any findings are remediated in a timely fashion
  • Participate in the selection of information security solutions
  • Respond to inquiries from staff, administrators, service providers, site personnel & outside vendors, to provide technical assistance & support

Who You Are:

  • 7+ years of information systems security or related auditing experience
  • Experience with information systems security standards & practices (NIST 800-53, PCI-DSS, HIPAA, etc.)
  • Familiar with Federal ATO process & able to produce appropriate documentation & evidence (CDRs, SSPs, etc.)
  • Able to balance business priorities/initiatives with sound risk management
  • Familiar with risk management processes (e.g., methods for assessing & mitigating risk)
  • Expertise with cybersecurity & privacy principles & controls used to manage risks related to the use, processing, storage, & transmission of information or data
  • Conversant with system & application security risks, threats & vulnerabilities
  • Familiar with network security architecture concepts: including topology, protocols, components, & principles (e.g., application of defense-in-depth)
  • Understand technology, management, & leadership issues related to organization processes & problem solving
  • Understand advanced concepts & issues related to cyber security & its organizational impact
  • Because of the constant developing nature of information systems & cyber attacks, you must be committed to continuous learning & system knowledge.
  • Working knowledge of cloud, container, & network security
  • Excellent oral & written communication skills in both a technical & non-technical environment
  • Highly analytical & effectively able to troubleshoot & prioritize needs, requirements & other issues
  • Strong problem-solving skills, detail orientation, follow-through capabilities & escalation of key issues
  • Ability to work with diverse personalities within various levels of the organization
  • Ability to manage multiple issues at one time
  • Strong ability to analyze, consolidate & communicate complex technical topics to all levels of staff including but not limited to IT executives, business/technical managers, developers & system administrators in verbal & written form
  • Ability to independently organize, prioritize & follow-up on tasks in a high-pressure environment
  • Can work effectively in a dynamic environment where shifting priorities frequently alter work plans
  • Established security certifications such as CISSP, CRISC, etc. preferred
Apply To Job
© 2020 GarysGuide      About    Feedback    Press    Terms