Privacy & Data Compliance Specialist - USDS

Why Join Us
Creation is the core of TikTok's purpose. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible. Together, we inspire creativity and bring joy - a mission we all believe in and aim towards achieving every day. To us, every challenge, no matter how difficult, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always. At TikTok, we create together and grow together. That's how we drive impact - for ourselves, our company, and the communities we serve. Join us.

Team Intro
The USDS Privacy and Integrated Security team is responsible for overseeing and governing all activities of privacy impacts to TikTok USDS' operations.
- We address complex and cutting-edge challenges, aiming to build the world's most trusted social media platform.
- We partner with TikTok global legal, R&D, Privacy and Data Protection Office, and security organizations in advancing our privacy practices.
- We oversee, govern and support the integration and optimization of operational privacy capabilities including data inventory, data classification, data retention/deletion, and incident response, etc., to ensure scalable and compliant privacy and data protection practices.

We seek a highly motivated, experienced, and dynamic professional to join our team. This is an opportunity to work on the most innovative platform in the industry, strengthening security and privacy, in our mission to Inspire Creativity and Enrich Lives. The Privacy and Data Compliance Specialist plays an important role in advancing our privacy practices at USDS, through aligning USDS privacy practice with the global privacy compliance framework (PCF), working closely with global legal, R&D, Privacy and Data Protection Offices (PDPO) as well as USDS privacy operation teams. The ideal candidate will have a strong background in privacy compliance assessment, a deep understanding of privacy control mechanisms at the technical layers, and a passion for privacy considerations from an end-user perspective. Initially reporting to the Head of Privacy and Integrated Security, the reporting structure may evolve as the capability grows.

In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.

Responsibilities
- Collaborate with global PDPO to ensure alignment with the global privacy compliance framework (PCF). Promote the global framework within USDS operating arms.
- Actively support privacy compliance assessments, identifying gaps in the alignment of operations with the global Privacy Compliance Framework (PCF), including privacy controls and safeguards across a broad spectrum of products.
- Based on identified gaps, draft and implement necessary policies, processes, and Standard Operating Procedures (SOPs) to formalize privacy practice and improve privacy operations at USDS, continuously improving USDS privacy posture while contributing to the broader global privacy framework.
- Build strong relationships with global and US stakeholders. Build rapport with R&D/PDPO and US privacy operations. Champion privacy best practices of global impacts and integrate them into USDS operations.
- Support privacy risk assessments with a focus on control implementation. Provide actionable recommendations to mitigate identified risks and enhance privacy compliance.
- Demonstrate empathy towards business and engineering cost considerations while advocating for robust privacy practices.
- Engage in special projects and additional responsibilities may be needed as the team expands and capabilities are enhanced.

Qualifications

Minimum Qualifications
- Major in information security, computer science, law or a related field. Candidates with significant relevant experience in security, privacy and data protection fields will also be considered in lieu of a formal degree.
- 3-5+ years of compliance experience. Excellent fundamental knowledge of industry standards frameworks (NIST Privacy Framework, ISO 27001, ISO/IEC 27701, NIST RMF, ISO 31000, IAPP guidelines, etc.)
- Must be able to adapt to the people, process and technology complexities in a large enterprise.
- Understand the laws and regulations of important countries, such as GDPR, CCPA, COPPA, etc..
- Familiar with PIA/DPIA methods, and able to propose practical and feasible privacy controls based on the results of privacy risk assessment, with considerations on business processes, technical solutions and capabilities.

Preferred Qualifications
- Experience presiding over GDPR/CCPA external compliance reviews, SOC2, ISO27001, ISO27701 system construction, data governance system construction, etc.
- Familiar with common technical features of mobile/web/server/data platforms of Internet platforms.
- Candidates who are familiar with data governance and data security technology solutions
- Certifications such as CIPT, CIPM, CIPP, CISSP, CRISC, etc.

D&I Statement
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

Accommodation Statement
TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://shorturl.at/ktJP6

Data Security Statement
This role requires the ability to work with and support systems designed to protect sensitive data and information. As such, this role will be subject to strict national security-related screening.