Cyber Risk Analyst at CLEAR in New York, NY

We’re defining and leading an entirely new industry, obsessing over our customers, and investing in great people to lead the way. Recently named on CNBC’s Disruptor 50 List for the second year in a row and winner of the SXSW Interactive Innovation Award, CLEAR is providing innovative technology options for businesses and our 5+ million members to help create a safer environment no matter where you go.

CLEAR is seeking an Information Security Cyber Risk Analyst. The right person for this role has a strong drive to solve security challenges within a rapidly expanding environment, and the desire to implement best-in-class security measures using cutting edge technology. This individual will work in Cyber Risk Management, alongside the Security Engineering and Security Operations teams, partnering heavily with infrastructure and devops teams in a cloud native environment. This individual will have solid experience in cyber & IT risk assessment, vendor risk management, information assurance and controls assessments, and IT regulatory compliance.

What You Will Do:

• Perform risk assessment and risk mitigation analyses and ensure cyber risks are appropriately managed within risk appetite tolerance and limits
• Perform technical risk assessments on CLEAR information systems using established processes
• Perform compliance assessments and security controls testing in alignment with governing frameworks (FISMA, HIPAA, PCI, etc.)
• Perform vendor risk assessments on CLEAR service providers, suppliers, business partners and other third parties using established processes
• Ensure communication and awareness of the CLEAR security risk management framework
• Document changes to policy; such as new and enhanced controls
• Support tracking procedures to support policy documentation as they are developed and maintained by technical and business owners
• Support business partner security audits and inquiries, and ensure that any findings are remediated in a timely fashion
• Respond to inquiries from staff, administrators, service providers, site personnel and outside vendors, to provide technical assistance and support
• Contribute to the aggregation and reporting of cyber risk metrics and information

Who You Are:

• 3+ years of information systems security or related auditing experience
• Familiar with risk management processes (e.g., methods for assessing and mitigating risk)
• Expertise with cybersecurity and privacy principles and security controls used to manage risks related to the use, processing, storage, and transmission of information or data
• Conversant with system and application security risks, threats and vulnerabilities
• Familiar with network security architecture concepts: including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• Working knowledge of cloud, container, and network security
• Excellent oral and written communication skills in both a technical & non-technical environment
• Strong detail orientation, follow-through capabilities and escalation of key issues
• Ability to follow documented operational procedures and independently organize, prioritize and follow-up on tasks in a high-pressure environment
• CISSP, CRISC, or related certifications preferred