Technology Assurance + Compliance Analyst @ Clear

New York, New York, US | Posted 1 week, 3 days ago

Description

CLEAR helps create safer, easier experiences everywhere you go. We believe you are you and by using your biometrics – your eyes, face, and fingerprints – we keep you moving. Imagine a world where you can do virtually everything you need to – breeze through the airport, buy a beer at the game, check-in at the doctor’s office, access your office building, and more – without ever pulling out your wallet. CLEAR is currently available in 50+ airports, venues and more. Now with Health Pass, CLEAR securely connects a person’s digital identity to multiple layers of COVID-related insights to help reduce public health risk and restore peace of mind.

We’re defining and leading an entirely new industry, obsessing over our customers, and investing in great people to lead the way. Recently named on CNBC’s Disruptor 50 List for the second year in a row and winner of the SXSW Interactive Innovation Award, CLEAR is providing innovative technology options for businesses and our 5+ million members to help create a safer environment no matter where you go.

CLEAR is seeking a Technology Assurance & Compliance Analyst. The right person for this role has a strong drive to solve security challenges within a rapidly expanding environment, and the desire to implement best-in-class security measures using cutting edge technology. This individual will work in CLEAR’s GRC team, partnering heavily with Infrastructure, DevOps, and Security Engineering teams in a cloud-native environment. Technology Assurance & Compliance will focus on analyzing and assessing compliance with regulatory standards, addressing business partner requests (audit response, contract review, etc.) and working with teams to brainstorm compliant solutions and remediate any outstanding compliance issues. This individual will have solid experience in cyber & IT regulatory compliance (FISMA, NIST 800-53, PCI-DSS, HIPAA, etc.), demonstrated success in working with Federal agencies and governing bodies, responding to IT or security audits and compliance attestations, and performing information assurance and compliance assessments.


 

What You Will Do:

  • Maintain security and establish functional requirements for security measures.
  • Coordinate with business area managers and professional staff to ensure information system security compliance. 
  • Be the focal point for interactions with Federal agency regulators and auditors
  • Work with CLEAR’s various Government programs and security staff to complete required Systems Security Plans (SSPs).
  • Update and maintain the documentation for certification and accreditation of each information system in accordance with government and regulatory requirements. 
  • Assess the compliance impacts of system modifications and technological advances. 
  • Keep aware of changes to regulatory requirements and industry best practices to recommend updates to information security policies.
  • Review systems in order to identify potential security weaknesses and recommend improvements to amend vulnerabilities
  • Assess remediations, changes, upgrades and documentation revisions for alignment with CLEAR’s business critical security frameworks
  • Participate in security control assessments and audits
  • Monitor and review updates to regulations, frameworks and contracts. (NIST 800-53, PCI-DSS, HIPAA)
  • Communicate updates to technology and business owners
  • Document changes to policy; such as new and enhanced controls
  • Respond to business partner security inquiries & audits and ensure that any findings are remediated in a timely fashion
  • Participate in the selection of information security solutions
  • Respond to inquiries from staff, administrators, service providers, site personnel and outside vendors, to provide technical assistance and support

 

Who You Are:

  • 3+ years of information systems security or related auditing experience
  • Experience with information systems security standards and practices (NIST 800-53, PCI-DSS, HIPAA, etc.)
  • Familiar with Federal ATO process and able to produce appropriate documentation and evidence (CDRs, SSPs, etc.)
  • Able to balance business priorities/initiatives with sound risk management
  • Familiar with risk management processes (e.g., methods for assessing and mitigating risk)
  • Expertise with cybersecurity and privacy principles and controls used to manage risks related to the use, processing, storage, and transmission of information or data
  • Conversant with system and application security risks, threats and vulnerabilities
  • Familiar with network security architecture concepts: including topology, protocols, components, and principles (e.g., application of defense-in-depth)
  • Because of the constant developing nature of information systems and cyber attacks, you must be committed to continuous learning and system knowledge.
  • Working knowledge of cloud, container, and network security
  • Excellent oral and written communication skills in both a technical & non-technical environment
  • Strong problem-solving skills, detail orientation, follow-through capabilities and escalation of key issues
  • Ability to work with diverse personalities within various levels of the organization
  • Ability to manage multiple issues at one time
  • Ability to independently organize, prioritize and follow-up on tasks in a high-pressure environment
  • Can work effectively in a dynamic environment where shifting priorities frequently alter work plans
  • Established security certifications such as CISSP, CRISC, etc. preferred