The Global Security Organization provides industry-leading cybersecurity and business protection services to TikTok globally. Our organization employs four principles that guide our strategic and tactical operations. Firstly, we Champion Transparency & Trust by leading the charge in organizational transparency, prioritizing customer trust, and placing user needs first. Secondly, we aim to maintain Best in Class Global Security by proactively identifying and reducing risks while enabling innovative product development. We constantly work towards a sustainable world-class security capability. Thirdly, we strive to be a Business Catalyst & Enabler by embodying the DNA of technical innovation and ensuring our Global Security operations are fast and agile. Finally, we Drive Empowered & Risk-Informed Decision Making by providing our leaders with the necessary information to make agile decisions based on risk. In order to enhance collaboration and cross-functional partnerships, our organization follows a hybrid work schedule that requires employees to work in the office for 3 days a week, as directed by their manager. We regularly review our hybrid work model, and the specific requirements may change at any time.

Governance, Risk, & Compliance team is responsible for working closely with cross-functional partners to manage security risks. We support our cross-functional partners in meeting all industry cybersecurity compliance standards and government regulations by developing governing policies, implementing our security control framework, conducting security risk and control assessments, and staying up-to-date on global compliance initiatives.

The Governance, Risk, & Compliance (GRC) Compliance Assurance Senior Analyst will be responsible for control testing and monitoring, identifying control gaps and issues, providing recommendations on remediation, and facilitating internal and external audits. Additionally, this individual will provide support for various security compliance projects to improve the maturity of the compliance program. You would be a great for this role if you:
- Have a strong security controls and compliance mindset with experience in identifying, evaluating, and testing controls against leading security frameworks such as ISO 27001, SOC 2, PCI DSS, and others
- Enjoy fostering collaboration and cross-functional partnerships to help spread awareness and drive the implementation of cybersecurity controls to mitigate challenging and unique risks with product, engineering, and other business teams
- Thrive in fast-paced environments and can adapt quickly in the face of constantly evolving cybersecurity challenges
- Possess a strong appetite for acquiring new knowledge and skills in cybersecurity and staying up-to-date on emerging trends
- Excel at analyzing complex systems and ideas and breaking these down into easy to understand terms
- Can provide candid and clear feedback on critical cybersecurity initiatives from policies to application designs and much more!

Responsibilities
As a Compliance Assurance Senior Analyst, you will be responsible for:
- Performing control design walkthroughs and operating effectiveness testing for products and business lines against security frameworks such as ISO 27001, SOC 2, PCI-DSS, and others
- Working with control and process owners to understand key processes, controls, supporting evidence, conclusion on controls and potential gaps, and supporting these personnel in preparation for and execution of internal and external audits
- Conducting thorough examinations of people, processes, technologies and key system configurations aligned to controls
- Supporting the scoping and maturity of the cybersecurity compliance program to ensure alignment with industry best practices and regulatory requirements including but not limited to ISO 27001, SOC 2, PCI-DSS, etc.
- Collaborating with and influencing key stakeholders to support, track, and report on remediation efforts
- Communicating with technical and non-technical stakeholders on cybersecurity risk and control topics and program-specific reporting

Qualifications

Minimum Qualifications:
- Experience supporting cybersecurity controls management programs with in-depth knowledge and experience of cybersecurity frameworks including ISO 27001, PCI-DSS, SOC 2, and other regulatory requirements
- Experience collaborating closely with engineers, business teams, and security partners, including incident response, red teams, and architects to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations
- Experience with the entire controls monitoring lifecycle, including identifying, assessing, monitoring, and remediating controls
- Excellent verbal and written communication skills with the ability to document, communicate, and report security assessments as well as the status of the implementation, effectiveness, and remediation of cybersecurity controls with product and business leaders
- Strong project management skills with the ability to lead and execute security assessment projects and initiatives on time with multiple stakeholders
- Ability to work in San Jose, NYC or D.C. office for 3 days per week and be willing to travel to other offices with the flexibility to conduct virtual meetings, including international locations, as required to support business needs

Preferred Qualifications
- Minimum of 5 years in Information Technology (IT) or Information Security (IS) compliance and controls programs in a global organization with in-depth knowledge and experience of cybersecurity frameworks such as ISO 27001, PCI-DSS, SOC 2, and other regulatory requirements
- Experience in performing controls monitoring testing and supporting complex audit projects in a cloud-centric environment with a strong aptitude to understand emerging technologies to assure regulatory and compliance requirements are met
- CISM, CISA, CISSP, CCSP, CASP, Security+, CRISC, CGEIT, GSEC, QSA, or other relevant certifications

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://shorturl.at/cdpT2

Job Information

[For Pay Transparency] Compensation Description (annually)

The base salary range for this position in the selected city is $118800 - $196000 annually.

Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.

Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).

The Company reserves the right to modify or change these benefits programs at any time, with or without notice.

For Los Angeles County (unincorporated) Candidates:

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Our company believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment:

1. Interacting and occasionally having unsupervised contact with internal/external clients and/or colleagues;

2. Appropriately handling and managing confidential information including proprietary and trade secret information and access to information technology systems; and

3. Exercising sound judgment.