Team Lead, Cyber Risk Management

Founded in 2010, CLEAR’s mission is to create frictionless experiences. With more than 12+ million members and hundreds of partners across the world, CLEAR’s identity platform is transforming the way people live, work, and travel. Whether it’s at the airport, stadium, or right on your phone, CLEAR connects you to the things that make you, you - making everyday experiences easier, more secure, and more seamless. Since day one, CLEAR has been committed to privacy done right. 

CLEAR is seeking a Team Lead for Cyber Risk Management. The right person for this role has a strong drive to solve security challenges within a rapidly expanding environment, and the desire to implement best-in-class security measures using cutting edge technology. This individual will work in Cyber Risk Management, alongside the Security Engineering and Security Operations teams, partnering heavily with infrastructure and devops teams in a cloud native environment. This individual will have solid experience in cyber & IT risk assessment, vendor risk management, information assurance and controls assessments, and IT regulatory compliance.

What You Will Do:

• Perform risk assessment and risk mitigation analyses and ensure cyber risks are appropriately managed within risk appetite tolerance and limits
• Perform technical risk assessments on CLEAR information systems using established processes
• Perform compliance assessments and security controls testing in alignment with governing frameworks (FISMA, HIPAA, PCI, SOC 2, etc.)
• Perform vendor risk assessments on CLEAR service providers, suppliers, business partners and other third parties using established processes
• Ensure communication and awareness of the CLEAR security risk management framework
• Document and assess exceptions to information security policies
• Support procedures to manage findings including evaluating the impact on CLEAR’s partners and members  
• Support business partner security audits and inquiries, and ensure that any findings are remediated in a timely fashion
• Respond to inquiries from staff, administrators, service providers, site personnel and outside vendors, to provide technical assistance and support
• Contribute to the aggregation and reporting of cyber risk metrics and information

Who You Are:

• 5+ years of information systems security or related auditing experience
• Demonstrated team leadership and ability to manage cyber risk program initiatives
• Familiar with risk management processes (e.g., methods for assessing and mitigating risk)
• Expertise with cybersecurity and privacy principles and security controls used to manage risks related to the use, processing, storage, and transmission of information or data
• Conversant with system and application security risks, threats and vulnerabilities
• Familiar with network security architecture concepts: including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• Working knowledge of cloud, container, and network security
• Excellent oral and written communication skills in both a technical & non-technical environment
• Strong detail orientation, follow-through capabilities and escalation of key issues
• Ability to follow documented operational procedures and independently organize, prioritize and follow-up on tasks in a high-pressure environment
• CISSP, CRISC, or related certifications preferred

#LI-Hybrid