CLEAR helps create safer, easier experiences everywhere you go. We believe you are you & by using your biometrics your eyes, face, & fingerprints we keep you moving. Imagine a world where you can do virtually everything you need to breeze through the airport, buy a beer at the game, check-in at the doctors office, access your office building, & more without ever pulling out your wallet. CLEAR is currently available in 50+ airports, venues & more. Now with Health Pass, CLEAR securely connects a persons digital identity to multiple layers of COVID-related insights to help reduce public health risk & restore peace of mind.
Were defining & leading an entirely new industry, obsessing over our customers, & investing in great people to lead the way. Recently named on CNBCs Disruptor 50 List for the second year in a row & winner of the SXSW Interactive Innovation Award, CLEAR is providing innovative technology options for businesses & our 5+ million members to help create a safer environment no matter where you go.
CLEAR is seeking a Senior Compliance Analyst, FISMA. The right person for this role has a strong drive to solve security challenges within a rapidly expanding environment, & the desire to implement best-in-class security measures using cutting edge technology. This individual will work in CLEARs GRC team, partnering heavily with Infrastructure, DevOps, & Security Engineering teams in a cloud-native environment. Technology Assurance & Compliance will focus on analyzing & assessing compliance with regulatory standards, addressing business partner requests (audit response, contract review, etc.) & working with teams to brainstorm compliant solutions & remediate any outstanding compliance issues. This individual will have solid experience in cyber & IT regulatory compliance (FISMA, NIST 800-53, PCI-DSS, HIPAA, etc.), demonstrated success in working with Federal agencies & governing bodies, responding to IT or security audits & compliance attestations, & performing information assurance & compliance assessments.
What You Will Do:
- Maintain security & establish functional requirements for security measures.
- Coordinate with business area managers & professional staff to ensure information system security compliance.
- Be the focal point for interactions with Federal agency regulators & auditors
- Work with CLEARs various Government programs & security staff to complete required Systems Security Plans (SSPs).
- Update & maintain the documentation for certification & accreditation of each information system in accordance with government & regulatory requirements.
- Assess the compliance impacts of system modifications & technological advances.
- Keep aware of changes to regulatory requirements & industry best practices to recommend updates to information security policies.
- Review systems in order to identify potential security weaknesses & recommend improvements to amend vulnerabilities
- Assess remediations, changes, upgrades & documentation revisions for alignment with CLEARs business critical security frameworks
- Participate in security control assessments & audits
- Monitor & review updates to regulations, frameworks & contracts. (NIST 800-53, PCI-DSS, HIPAA)
- Communicate updates to technology & business owners
- Document changes to policy; such as new & enhanced controls
- Respond to business partner security inquiries & audits & ensure that any findings are remediated in a timely fashion
- Participate in the selection of information security solutions
- Respond to inquiries from staff, administrators, service providers, site personnel & outside vendors, to provide technical assistance & support
Who You Are:
- 3+ years of information systems security or related auditing experience
- Experience with information systems security standards & practices (NIST 800-53, PCI-DSS, HIPAA, etc.)
- Familiar with Federal ATO process & able to produce appropriate documentation & evidence (CDRs, SSPs, etc.)
- Able to balance business priorities/initiatives with sound risk management
- Familiar with risk management processes (e.g., methods for assessing & mitigating risk)
- Expertise with cybersecurity & privacy principles & controls used to manage risks related to the use, processing, storage, & transmission of information or data
- Conversant with system & application security risks, threats & vulnerabilities
- Familiar with network security architecture concepts: including topology, protocols, components, & principles (e.g., application of defense-in-depth)
- Because of the constant developing nature of information systems & cyber attacks, you must be committed to continuous learning & system knowledge.
- Working knowledge of cloud, container, & network security
- Excellent oral & written communication skills in both a technical & non-technical environment
- Strong problem-solving skills, detail orientation, follow-through capabilities & escalation of key issues
- Ability to work with diverse personalities within various levels of the organization
- Ability to manage multiple issues at one time
- Ability to independently organize, prioritize & follow-up on tasks in a high-pressure environment
- Can work effectively in a dynamic environment where shifting priorities frequently alter work plans
- Established security certifications such as CISSP, CRISC, etc. preferred