Responsibilities
Team Introduction
The IT Security team plays a pivotal role in safeguarding ByteDance's global office network and IT infrastructure. We work closely with cross-functional partners to manage security risks and ensure compliance with industry cybersecurity standards and government regulations. Our responsibilities include managing security risks, developing governing policies, implementing security control frameworks, and driving remediation efforts within the IT scope.
Responsibilities
As an IT Security Risk Manager, you will be responsible for:
- Developing, implementing and maintaining a comprehensive Cybersecurity Risk Management framework for IT, based on industry best practices (including ISO 31000, ISO 27005, and NIST 800-39).
Want more jobs like this?
Get jobs in Singapore delivered to your inbox every week.
- Establishing scalable processes and procedures for managing the security risk lifecycle, including risk identification, assessments, remediation, and continuous monitoring within the IT environment.
- Creating and maintaining a Risk Register based on business requirements, consistently tracking, re-assessing and updating risks while providing leadership with data-driven insights on security trends.
- Managing exception and acceptance processes to evaluate residual risks, balancing security gaps, compensating controls, and business risk tolerance.
- Collaborating with risk owners to ensure that risk mitigation plans are developed, tracked, and completed on time, while regularly reporting on remediation progress.
- Work closely with security engineers, IT teams and XFN stakeholders to implement technical security controls, enhance security configurations, and remediate high-risk vulnerabilities.
- Oversee vulnerability identification, assessment, and remediation efforts, ensuring that security patches and updates are applied effectively to minimize risk exposure.
- Ensure IT adherence to compliance standards by facilitating audits, developing governance policies, implementing security control frameworks, and conducting risk assessments.
- Preparing and presenting regular executive reports on security risks and compliance status, and remediation progress to leadership, providing strategic insights into the current landscape.
Qualifications
Minimum Qualifications
- At least 5 years of experience in Governance, Risk, and Compliance (GRC) within the cybersecurity industry.
- A minimum of 3 years of experience in cybersecurity risk management, including developing cybersecurity risk management frameworks, processes for security risk lifecycle management and Risk Register.
- Proven experience collaborating with security teams (incident response, red teams, architects, engineers) to incorporate cybersecurity controls and risk management into day-to-day operations.
- A team player and motivated self-starter, resourceful with the ability to collaborate effectively with multiple stakeholders across XFN teams, business lines, and regions. Comfortable engaging in cross-regional meetings.
- Exceptional verbal and written communication skills, with the ability to translate complex technical concepts into business language.
- Strong project management skills with the ability to lead and execute security risk remediation and compliance projects and initiatives on time with multiple stakeholders
- Ability to work on-site at ByteDance offices 5 days a week and willingness to travel to international locations as needed to support business needs.
Preferred Qualifications
- Minimum of 5 years experience related to working on projects and teams related to security risk management, audit, compliance, information security, or other related fields
- Familiarity with Governance, Risk, and Compliance (GRC) technologies
- Experienced in implementing technical security controls with XFN teams
- CISM, CISA, CISSP, CCSP, CASP, ISO27001 Lead Implementer/Audit, Security+, CRISC, CGEIT, GSEC, or other relevant certifications