Founded in 2010, CLEAR’s mission is to create frictionless experiences. With more than 12+ million members and hundreds of partners across the world, CLEAR’s identity platform is transforming the way people live, work, and travel. Whether it’s at the airport, stadium, or right on your phone, CLEAR connects you to the things that make you, you - making everyday experiences easier, more secure, and more seamless. Since day one, CLEAR has been committed to privacy done right.
The Security Manager will be responsible for ensuring the implementation and maintenance of security controls in accordance with federal policies. This person will create, document and implement various security plans and compliance documents to enforce Information Assurance principles.
The Security Manager will be solving security challenges within a rapidly expanding environment, and implementing best-in-class security measures using cutting edge technology. This individual will build relationships with key stakeholders to ensure compliance with security laws, regulations, guidance and requirements. They will focus on interfacing with key external regulators and business partners (audit response, contract review, etc.), managing internal regulatory standard compliance efforts, and working with teams to brainstorm compliant solutions and remediate any outstanding compliance issues.
This individual will work in CLEAR’s Assurance, Risk and Compliance team, partnering heavily with infrastructure, DevOps, and Security Engineering teams in a cloud-native environment. This individual will have solid experience in cyber & IT regulatory compliance (FISMA, NIST 800-53, PCI-DSS, HIPAA, etc.), demonstrated success in working with Federal agencies and governing bodies, responding to IT or security audits and compliance attestations, and performing information assurance and compliance assessments
What You Will Do:
- Coordinate with internal and external stakeholders staff to ensure system security compliance with federal policies and guidelines.
- Identify, initialize and maintain certification and accreditation initiatives for information systems.
- Monitor and assess changes to regulations, frameworks and customer contracts.
- Lead staff to maintain required Systems Security Plans (SSPs) for CLEAR’s govt.programs.
- Represent CLEAR’s security program during audits with various federal organizations to ensure auditors get accurate and thorough information.
- Develop and maintain the lifecycle of security controls and continuous monitoring
- Manage the findings management process to ensure efficient and effective remediation
- Perform analysis of proposed changes, performing security impact and risk assessments.
- Enable and support customer inquiries relating to the effectiveness of CLEAR’s security program
Who You Are:
- 7+ years of information systems security or related auditing experience
- Experienced with information government security standards, NIST 800-53 and 800-171
- Experienced in leading activities relating to the NIST Risk Management Framework
- Experienced with public cloud technologies, Software as a Service, and Platform as a Service
- Familiar with FedRAMP and Federal ATO
- Familiar with DISA STIG and tools required for Continuous Diagnostics Management
- Familiar with risk management processes (e.g., methods for assessing and mitigating risk)
- Able to balance business priorities/initiatives with sound risk management
- Expertise with data protection principles for managing risks related data sharing
- Conversant with system and application security risks, threats and vulnerabilities
- Understand and structure problem solving of issues related to systems and organization
- Understand advanced concepts and issues related to cyber security and its organizational impact
- Committed to continuous learning and system knowledge.
- Excellent oral and written communication skills in both a technical & non-technical environment
- Highly analytical and effectively able to diagnose and prioritize needs and requirements
- Strong problem-solving skills, detail orientation, and capability to escalation and resolve issues
- Ability to work with diverse personalities within various levels of the organization
- Ability to manage multiple issues at one time
- Strong ability to analyze and communicate complex technical topics to all levels of CLEAR
- Ability to communicate effectively in verbal and written form
- Ability to independently organize, prioritize and follow-up on tasks in a high-pressure environment
- Can work effectively in a dynamic environment where shifting priorities frequently alter work plans
- Established security certifications such as CISSP or CISA