CLEARs mission is to strengthen security & create frictionless experiences. We believe you are you & by using your biometrics your eyes, face, & fingerprints we keep you moving. Imagine a world where you can do virtually everything you need to breeze through the airport, buy a beer at the game, check-in at the doctors office, access your office building, & more without ever pulling out your wallet. CLEAR is currently available in 50+ airports, stadiums & venues nationwide. Now with Health Pass, CLEAR securely connects a persons digital identity to multiple layers of COVID-related insights to help reduce public health risk & restore peace of mind.
Were defining & leading an entirely new industry, obsessing over our customers, & investing in great people to lead the way. Recently named on CNBCs Disruptor 50 List for the second year in a row & winner of the SXSW Interactive Innovation Award, CLEAR is providing innovative technology options for businesses & our 5+ million members to help create a safer environment no matter where you go.
CLEAR is seeking a Director of Technology Assurance & Compliance. The right person for this role has a strong drive to solve security challenges within a rapidly expanding environment, & the desire to implement best-in-class security measures using cutting edge technology. This individual will work in CLEARs GRC team, partnering heavily with Infrastructure, DevOps, & Security Engineering teams in a cloud-native environment. Technology Assurance & Compliance will focus on interfacing with key external regulators & business partners (audit response, contract review, etc.), managing internal regulatory standard compliance efforts, & working with teams to brainstorm compliant solutions & remediate any outstanding compliance issues. This individual will have solid experience in cyber & IT regulatory compliance (FISMA, NIST 800-53, PCI-DSS, HIPAA, etc.), demonstrated success in working with Federal agencies & governing bodies, responding to IT or security audits & compliance attestations, & performing information assurance & compliance assessments.
What You Will Do:
- Maintain security & establish functional requirements for security measures.
- Coordinate with business area managers & professional staff to ensure information system security compliance.
- Be the focal point for interactions with Federal agency regulators & auditors
- Work with CLEARs various Government programs & security staff to complete required Systems Security Plans (SSPs).
- Define, create & maintain the documentation for certification & accreditation of each information system in accordance with government & regulatory requirements.
- Assess the compliance impacts of system modifications & technological advances.
- Review systems in order to identify potential security weaknesses & recommend improvements to amend vulnerabilities
- Be responsible for authentication of hardening hardware & software systems against external or internal threats.
- Assess remediations, changes, upgrades & documentation revisions for alignment with CLEARs business critical security frameworks
- Lead security control assessments & audits
- Recommend changes to information security policies
- Monitor & review updates to regulations, frameworks & contracts. (NIST 800-53, PCI-DSS, HIPAA)
- Communicate updates to technology & business owners
- Document changes to policy; such as new & enhanced controls
- Provide tracking procedures to support policies are developed & maintained by technical & business owners
- Respond to business partner security inquiries & audits & ensure that any findings are remediated in a timely fashion
- Participate in the selection of information security solutions
- Respond to inquiries from staff, administrators, service providers, site personnel & outside vendors, to provide technical assistance & support
Who You Are:
- 7+ years of information systems security or related auditing experience
- Experience with information systems security standards & practices (NIST 800-53, PCI-DSS, HIPAA, etc.)
- Familiar with Federal ATO process & able to produce appropriate documentation & evidence (CDRs, SSPs, etc.)
- Able to balance business priorities/initiatives with sound risk management
- Familiar with risk management processes (e.g., methods for assessing & mitigating risk)
- Expertise with cybersecurity & privacy principles & controls used to manage risks related to the use, processing, storage, & transmission of information or data
- Conversant with system & application security risks, threats & vulnerabilities
- Familiar with network security architecture concepts: including topology, protocols, components, & principles (e.g., application of defense-in-depth)
- Understand technology, management, & leadership issues related to organization processes & problem solving
- Understand advanced concepts & issues related to cyber security & its organizational impact
- Because of the constant developing nature of information systems & cyber attacks, you must be committed to continuous learning & system knowledge.
- Working knowledge of cloud, container, & network security
- Excellent oral & written communication skills in both a technical & non-technical environment
- Highly analytical & effectively able to troubleshoot & prioritize needs, requirements & other issues
- Strong problem-solving skills, detail orientation, follow-through capabilities & escalation of key issues
- Ability to work with diverse personalities within various levels of the organization
- Ability to manage multiple issues at one time
- Strong ability to analyze, consolidate & communicate complex technical topics to all levels of staff including but not limited to IT executives, business/technical managers, developers & system administrators in verbal & written form
- Ability to independently organize, prioritize & follow-up on tasks in a high-pressure environment
- Can work effectively in a dynamic environment where shifting priorities frequently alter work plans
- Established security certifications such as CISSP, CRISC, etc. preferred