Responsibilities
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.
Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us - whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop - GSO protects their data and privacy, so they can have a secure and trustworthy experience.
Want more jobs like this?
Get Management jobs in New York, NY delivered to your inbox every week.
The Security Strategy, Risk, and Resilience (SRR) team is responsible for working closely with cross-functional partners to manage security risks, mature security operations, and build organizational resilience. We support our partners in meeting industry cybersecurity compliance standards and government regulations by developing and driving the organization's cybersecurity strategy, establishing and maintaining a comprehensive business continuity management program, creating and maintaining governing security policies, implementing our security control framework, conducting regular security risk and control assessments, and staying up-to-date on global compliance initiatives and evolving regulatory requirements.
The Security Strategy, Risk and Resilience(SRR) Security Risk Management Senior Analyst involves performing comprehensive cybersecurity risk assessments to identify, assess, treat, and monitor cybersecurity risks throughout our products and enterprise. You will be responsible for working closely with cross-functional partners to evaluate risks and develop innovative mitigation strategies, provide ongoing compliance risk mitigation support, and lead various risk management projects. You would be a great fit for this role if you are enthusiastic about:
1. Maturing an industry-leading security risk management program alongside a team of outstanding individuals
2. Thriving in fast-paced environments and pivoting priorities while demonstrating the ability to quickly adapt in the face of constantly evolving cybersecurity challenges
3. Learning quickly and often with a strong appetite for acquiring new knowledge in the realm of cybersecurity and staying up-to-date on current emerging trends
4. Fostering collaboration and cross-functional partnerships to help spread awareness and drive the implementation of a strong security risk management program in order to mitigate risks faced by our organization
Responsibilities
As a Governance, Risk, & Compliance (GRC) Risk Management Senior Analyst, you will be responsible for:
- Planning, developing, implementing, maintaining, and managing Cybersecurity Risk Management framework based on industry best practices (including ISO 31000, ISO 27005, and NIST 800-39)
- Implementing and supporting scalable processes and procedures for the security risk management lifecycle including risk assessments, treatment, and monitoring
- Collaborating with risk owners to ensure risk mitigation plans are developed and completed, tracking and reporting on the progress of the remediation plans on a regular basis
- Continuously monitoring the Risk Register by assessing and re-assessing likelihood, impact, and the risk rating of all items in the Risk Register on a regular basis to maintain up-to-date status
- Maintaining exception and acceptance processes to calculate residual business risk after weighing application security gaps, compensating controls, and inherent risk scores against established security risk appetite and tolerance criteria per business line
- Mentor, coach, and train security staff and security risk analysts
Qualifications
Minimum Qualifications:
- Experience collaborating closely with security partners, including incident response, red teams, architects, and engineers to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations
- Experience drafting and driving risk mitigation strategies with risk owners to ensure effective implementation and management of risk treatment plans.
- Team player and motivated self-starter who is resourceful and has the ability to work collaboratively with multiple stakeholders across different products, business lines, and regions
- Excellent verbal communication skills with the ability to translate complex technical concepts into business language
- Strong project management skills with the ability to lead and execute security risk and control projects and initiatives on time with multiple stakeholders
- Ability to work at the New York or DC office for 3 days per week and be willing to travel to other offices, including international locations, as required to support business needs
Preferred Qualifications
- Minimum of 5 years experience related to working on projects and teams related to security risk management, audit, compliance, information security, or other related fields
Minimum of 5 years of experience in planning, designing, implementing and managing cyber security risk management frameworks such as ISO 31000, ISO 27005, and NIST 800-39.
- Familiarity with Governance, Risk, and Compliance (GRC) technologies such as RSA Archer or ServiceNow
- CISM, CISA, CISSP, CCSP, CASP, Security+, CRISC, CGEIT, GSEC, or other relevant certifications
Job Information
[For Pay Transparency] Compensation Description (annually)
The base salary range for this position in the selected city is $118800 - $196000 annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.
Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).
The Company reserves the right to modify or change these benefits programs at any time, with or without notice.
For Los Angeles County (unincorporated) Candidates:
Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Our company believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment:
1. Interacting and occasionally having unsupervised contact with internal/external clients and/or colleagues;
2. Appropriately handling and managing confidential information including proprietary and trade secret information and access to information technology systems; and
3. Exercising sound judgment.