Director, Cyber Risk Management
CLEAR transforms what is uniquely you – your fingerprints, your face, your eyes – into a secure, biometric key to frictionless experiences. We are creating a world where travel is effortless, where accessing your office building is as simple as walking in, and where shopping is as easy as walking in and out of a store—without ever once showing an ID or credit card. CLEAR currently powers secure, frictionless customer experiences in nearly 40 U.S. airports and venues. With over 3 million members so far, CLEAR is the identity platform of the future, today.
We are seeking Director, Cyber Risk Management. This person will be a driven self-starter with experience in managing and mitigating IT and Cyber Risk to join CLEAR’s GRC team and develop 2nd line-of-defense processes, policies and tools for CLEAR’s Cyber Security Risk environment. Cyber Security Risk coverage areas include evaluate overall cyber & IT security risk, provide assurance over cyber & IT risk, monitor and report on risks and ensure that remediation efforts to remediate the risks are adequate.
What You Will Do:
- Develop, enhance & maintain a robust and sustainable Cyber & IT Security Risk program
- Partner with the VP of Cyber Security Strategy, Risk & Governance, Chief Security Officer (CSO), IT organization and business units to establish standards, policies, and develop KRIs and KPIs for measuring and monitoring cyber & IT risks on a continuous basis
- Manage risk assessors to provide and perform independent assurance and validation activities over common cybersecurity controls that include both administrative and technical controls
- Assess the accuracy, completeness, and sufficiency of the risk management governance framework, processes and methodologies. Identify and define emerging cyber threats and risks to CLEAR’s environment
- Perform effective challenge of all critical and highly sensitive processes & controls, and business continuity
- Develop cyber security risk scenarios to identify potential attack vectors and TTP (tactics, techniques and procedures) to guide the continuous improvement of CLEAR’s cyber defense posture. Lead and support selected cyber security remediation efforts, involved with strategic planning with Security Operations, Security Engineering & IT
Who You Are:
- Have a solid foundation in information technology and information security principles. Familiar with common cybersecurity frameworks and standards such as NIST SP 800-53, CSC Top 20, ISO 27000 series, PCI-DSS, HIPAA & GDPR.
- Possess broad and deep understanding of technical security concepts and familiarity with related technologies and infrastructure, as well as a solid conceptual knowledge of enterprise IT system operations
- Familiar with cloud security technologies, techniques & methodologies
- Proficient in common cybersecurity domains: data protection, access control, encryption, identify management, security operations, application security, penetration tests, endpoint security, vulnerability management, threat intelligence, risk assessment
- Able to analyze root causes of cyber security issues and documenting remediation
- Have a high degree of initiative, dependability and ability to work with little supervision.
- Possess strong leadership skills with the ability to lead by influence
- Strong written and verbal communication
- Prior experience:
- Previous working experience in cybersecurity operation and relevant security design knowledge
- Previous work within Risk and/or Information Security/Cyber Security. Ideally, has worked in a 2 LOD Cyber Security Risk function
- Previous working experience managing and directing teams of risk or security professionals
- Bachelor and/or Master’s Degree in Computer Science, Engineering or relevant technical field
- CISSP, CISM, or CISA certifications a strong plus
- Background in IT Risk Assessment, IT Audit, Information security management.
- Knowledge of US IT Security regulatory requirements and environment a plus (i.e. FISMA, PCI-DSS, HIPAA, NIST cybersecurity frameworks).