Skip to main contentA logo with &quat;the muse&quat; in dark blue text.

Privacy & Data Compliance Specialist - USDS

AT TikTok
TikTok

Privacy & Data Compliance Specialist - USDS

Washington, DC

Responsibilities

Team Intro
The USDS Privacy and Integrated Security team is responsible for overseeing and governing all activities of privacy impacts to TikTok USDS' operations.

- We address complex and cutting-edge challenges, aiming to build the world's most trusted social media platform.
- We partner with TikTok global legal, R&D, Privacy and Data Protection Office, and security organizations in advancing our privacy practices.
- We oversee, govern and support the integration and optimization of operational privacy capabilities including data inventory, data classification, data retention/deletion, and incident response, etc., to ensure scalable and compliant privacy and data protection practices.

Want more jobs like this?

Get Computer and IT jobs in Washington, DC delivered to your inbox every week.

By signing up, you agree to our Terms of Service & Privacy Policy.


We seek a highly motivated, experienced, and dynamic professional to join our team. This is an opportunity to work on the most innovative platform in the industry, strengthening security and privacy, in our mission to Inspire Creativity and Enrich Lives. The Privacy and Data Compliance Specialist plays an important role in advancing our privacy practices at USDS, through aligning USDS privacy practice with the global privacy compliance framework (PCF), working closely with global legal, R&D, Privacy and Data Protection Offices (PDPO) as well as USDS privacy operation teams. The ideal candidate will have a strong background in privacy compliance assessment, a deep understanding of privacy control mechanisms at the technical layers, and a passion for privacy considerations from an end-user perspective. Initially reporting to the Head of Privacy and Integrated Security, the reporting structure may evolve as the capability grows.

In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.

Responsibilities
- Collaborate with global PDPO to ensure alignment with the global privacy compliance framework (PCF). Promote the global framework within USDS operating arms.
- Actively support privacy compliance assessments, identifying gaps in the alignment of operations with the global Privacy Compliance Framework (PCF), including privacy controls and safeguards across a broad spectrum of products.
- Based on identified gaps, draft and implement necessary policies, processes, and Standard Operating Procedures (SOPs) to formalize privacy practice and improve privacy operations at USDS, continuously improving USDS privacy posture while contributing to the broader global privacy framework.
- Build strong relationships with global and US stakeholders. Build rapport with R&D/PDPO and US privacy operations. Champion privacy best practices of global impacts and integrate them into USDS operations.
- Support privacy risk assessments with a focus on control implementation. Provide actionable recommendations to mitigate identified risks and enhance privacy compliance.
- Demonstrate empathy towards business and engineering cost considerations while advocating for robust privacy practices.
- Engage in special projects and additional responsibilities may be needed as the team expands and capabilities are enhanced.

Qualifications

Minimum Qualifications
- Major in information security, computer science, law or a related field. Candidates with significant relevant experience in security, privacy and data protection fields will also be considered in lieu of a formal degree.
- 3-5+ years of compliance experience. Excellent fundamental knowledge of industry standards frameworks (NIST Privacy Framework, ISO 27001, ISO/IEC 27701, NIST RMF, ISO 31000, IAPP guidelines, etc.)
- Must be able to adapt to the people, process and technology complexities in a large enterprise.
- Understand the laws and regulations of important countries, such as GDPR, CCPA, COPPA, etc..
- Familiar with PIA/DPIA methods, and able to propose practical and feasible privacy controls based on the results of privacy risk assessment, with considerations on business processes, technical solutions and capabilities.

Preferred Qualifications
- Experience presiding over GDPR/CCPA external compliance reviews, SOC2, ISO27001, ISO27701 system construction, data governance system construction, etc.
- Familiar with common technical features of mobile/web/server/data platforms of Internet platforms.
- Candidates who are familiar with data governance and data security technology solutions
- Certifications such as CIPT, CIPM, CIPP, CISSP, CRISC, etc.

Client-provided location(s): Washington, DC, USA
Job ID: TikTok-7473594406558959890
Employment Type: Other

Perks and Benefits

  • Health and Wellness

    • Health Insurance
    • Dental Insurance
    • Vision Insurance
    • HSA
    • Life Insurance
    • Fitness Subsidies
    • Short-Term Disability
    • Long-Term Disability
    • On-Site Gym
    • Mental Health Benefits
    • Virtual Fitness Classes
  • Parental Benefits

    • Fertility Benefits
    • Adoption Assistance Program
    • Family Support Resources
  • Work Flexibility

    • Flexible Work Hours
    • Hybrid Work Opportunities
  • Office Life and Perks

    • Casual Dress
    • Snacks
    • Pet-friendly Office
    • Happy Hours
    • Some Meals Provided
    • Company Outings
    • On-Site Cafeteria
    • Holiday Events
  • Vacation and Time Off

    • Paid Vacation
    • Paid Holidays
    • Personal/Sick Days
    • Leave of Absence
  • Financial and Retirement

    • 401(K) With Company Matching
    • Performance Bonus
    • Company Equity
  • Professional Development

    • Promote From Within
    • Access to Online Courses
    • Leadership Training Program
    • Associate or Rotational Training Program
    • Mentor Program
  • Diversity and Inclusion

    • Diversity, Equity, and Inclusion Program
    • Employee Resource Groups (ERG)

Company Videos

Hear directly from employees about what it is like to work at TikTok.