CLEAR transforms what is uniquely you your fingerprints, your face, your eyes into a secure, biometric key to frictionless experiences. We are creating a world where travel is effortless, where accessing your office building is as simple as walking in, & where shopping is as easy as walking in & out of a storewithout ever once showing an ID or credit card. CLEAR currently powers secure, frictionless customer experiences in nearly 40 U.S. airports & venues. With over 2 million members so far, CLEAR is the identity platform of the future, today.
We are seeking Director, Cyber Risk Management. This person will be a driven self-starter with experience in managing & mitigating IT & Cyber Risk to join CLEARs GRC team & develop 2nd line-of-defense processes, policies & tools for CLEARs Cyber Security Risk environment. Cyber Security Risk coverage areas include evaluate overall cyber & IT security risk, provide assurance over cyber & IT risk, monitor & report on risks & ensure that remediation efforts to remediate the risks are adequate.
What You Will Do:
- Develop, enhance & maintain a robust & sustainable Cyber & IT Security Risk program
- Partner with the VP of Cyber Security Strategy, Risk & Governance, Chief Security Officer (CSO), IT organization & business units to establish standards, policies, & develop KRIs & KPIs for measuring & monitoring cyber & IT risks on a continuous basis
- Manage risk assessors to provide & perform independent assurance & validation activities over common cybersecurity controls that include both administrative & technical controls
- Assess the accuracy, completeness, & sufficiency of the risk management governance framework, processes & methodologies. Identify & define emerging cyber threats & risks to CLEARs environment
- Perform effective challenge of all critical & highly sensitive processes & controls, & business continuity
- Develop cyber security risk scenarios to identify potential attack vectors & TTP (tactics, techniques & procedures) to guide the continuous improvement of CLEARs cyber defense posture. Lead & support selected cyber security remediation efforts, involved with strategic planning with Security Operations, Security Engineering & IT
Who You Are:
- Have a solid foundation in information technology & information security principles. Familiar with common cybersecurity frameworks & standards such as NIST SP 800-53, CSC Top 20, ISO 27000 series, PCI-DSS, HIPAA & GDPR.
- Possess broad & deep understanding of technical security concepts & familiarity with related technologies & infrastructure, as well as a solid conceptual knowledge of enterprise IT system operations
- Familiar with cloud security technologies, techniques & methodologies
- Proficient in common cybersecurity domains: data protection, access control, encryption, identify management, security operations, application security, penetration tests, endpoint security, vulnerability management, threat intelligence, risk assessment
- Able to analyze root causes of cyber security issues & documenting remediation
- Have a high degree of initiative, dependability & ability to work with little supervision.
- Possess strong leadership skills with the ability to lead by influence
- Strong written & verbal communication
- Prior experience:
- Previous working experience in cybersecurity operation & relevant security design knowledge
- Previous work within Risk and/or Information Security/Cyber Security. Ideally, has worked in a 2 LOD Cyber Security Risk function
- Previous working experience managing & directing teams of risk or security professionals
- Bachelor and/or Masters Degree in Computer Science, Engineering or relevant technical field
- CISSP, CISM, or CISA certifications a strong plus
- Background in IT Risk Assessment, IT Audit, Information security management.
- Knowledge of US IT Security regulatory requirements & environment a plus (i.e. FISMA, PCI-DSS, HIPAA, NIST cybersecurity frameworks).