Listing Description

Founded in 2010, CLEAR’s mission is to create frictionless experiences. With more than 12+ million members and hundreds of partners across the world, CLEAR’s identity platform is transforming the way people live, work, and travel. Whether it’s at the airport, stadium, or right on your phone, CLEAR connects you to the things that make you, you - making everyday experiences easier, more secure, and more seamless. Since day one, CLEAR has been committed to privacy done right. Members are always in control of their own information, and we never sell member data.

CLEAR is seeking an Security Risk Analyst. The right person for this role has a strong drive to identify, assess, and mitigate information security risks, solve security challenges within a rapidly evolving landscape, and implement best-in-class security measures while also achieving business objectives. This individual will work in the Cyber Risk Management team and partner heavily with all business and technology teams, as well as collaborate closely with other CLEAR Security teams (e.g., Architecture, Engineering, Operations, Brand Protection, Business Continuity, Compliance, etc.). This individual will have demonstrated experience in third-party and supply chain risk management, cybersecurity & technology risk management, and secondary experience in information assurance and regulatory compliance.

What You Will Do:

• Perform risk assessments and due diligence on existing and prospective CLEAR service providers, suppliers, business partners, and other third parties using established tools and processes


• Coordinate risk treatment plans with prospective third-parties and internal stakeholders


• Contribute to internal-facing security risk assessment and mitigation analyses, and ensure security risks are appropriately managed within risk tolerance


• Develop, maintain, and communicate effective management and executive-level risk metrics and insights


• Implement Supply Chain Risk Management (SCRM) controls


• Ensure continued awareness of and compliance with security risk management processes across CLEAR


• Collaborate with Security Architecture, Product Security, Compliance, Finance, Legal, and other stakeholders to ensure the timely identification and implementation of adequate security controls and other risk mitigations


• Consult with business and technology stakeholders on vendor evaluation and selection projects (e.g., RFIs/RFPs)


• Partner with CLEAR Threat Intelligence, Insider Threat, and other teams on various cross-functional Security initiatives


• Maintain third-party risk policies and procedures


• Contribute to the continuous evolution and improvement of the Security Risk and Assurance team and adjacent functions (e.g., tooling, continuous monitoring, automation, etc.)

Who You Are:

• 1+ years of information security or technical IT auditing experience


• Experience with risk management processes (e.g., methods for identifying, assessing, and mitigating security risks), cybersecurity and privacy principles, and supporting controls used to manage risks


• Familiar with application, infrastructure, and data security risks, threats, and vulnerabilities


• Familiar with network security architecture concepts: including topology, protocols, components, and principles (e.g., defense-in-depth strategies)


• Conversant in cloud computing (XaaS) technologies and agile development concepts, tools, and vendors


• Ability to effectively communicate with both technical & non-technical audiences


• Ability to follow documented operational procedures and independently organize, prioritize, and follow-up on tasks in a high-pressure environment


• Experience working within regulated environments is a plus (e.g., SOX, FISMA, HIPAA, PCI DSS, etc.)

#LI-Hybrid