Responsibilities
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.
Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us - whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop - GSO protects their data and privacy, so they can have a secure and trustworthy experience.
Want more jobs like this?
Get Management jobs in Washington, DC delivered to your inbox every week.
The Security Strategy, Risk, and Resilience (SRR) team is responsible for working closely with cross-functional partners to manage security risks, mature security operations, and build organizational resilience. We support our partners in meeting industry cybersecurity compliance standards and government regulations by developing and driving the organization's cybersecurity strategy, establishing and maintaining a comprehensive business continuity management program, creating and maintaining governing security policies, implementing our security control framework, conducting regular security risk and control assessments, and staying up-to-date on global compliance initiatives and evolving regulatory requirements.
The Security, Strategy, Risk and Resilience (SRR) Security Risk Management Senior Analyst involves performing comprehensive cybersecurity risk assessments to identify, assess, treat, and monitor cybersecurity risks throughout our products and enterprise. You will be responsible for working closely with cross-functional partners to evaluate risks and develop innovative mitigation strategies, provide ongoing compliance risk mitigation support, and lead various risk management projects. You would be a great fit for this role if you are enthusiastic about:
1. Maturing an industry-leading security risk management program alongside a team of outstanding individuals
2. Thriving in fast-paced environments and pivoting priorities while demonstrating the ability to quickly adapt in the face of constantly evolving cybersecurity challenges
3. Learning quickly and often with a strong appetite for acquiring new knowledge in the realm of cybersecurity and staying up-to-date on current emerging trends
4. Fostering collaboration and cross-functional partnerships to help spread awareness and drive the implementation of a strong security risk management program in order to mitigate risks faced by our organization
Responsibilities
As a Governance, Risk, & Compliance (GRC) Risk Management Senior Analyst, you will be responsible for:
- Planning, developing, implementing, maintaining, and managing Cybersecurity Risk Management framework based on industry best practices (including ISO 31000, ISO 27005, and NIST 800-39)
- Implementing and supporting scalable processes and procedures for the security risk management lifecycle including risk assessments, treatment, and monitoring
- Collaborating with risk owners to ensure risk mitigation plans are developed and completed, tracking and reporting on the progress of the remediation plans on a regular basis
- Continuously monitoring the Risk Register by assessing and re-assessing likelihood, impact, and the risk rating of all items in the Risk Register on a regular basis to maintain up-to-date status
- Maintaining exception and acceptance processes to calculate residual business risk after weighing application security gaps, compensating controls, and inherent risk scores against established security risk appetite and tolerance criteria per business line
- Mentor, coach, and train security staff and security risk analysts
Qualifications
Minimum Qualifications:
- Experience collaborating closely with security partners, including incident response, red teams, architects, and engineers to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations
- Experience drafting and driving risk mitigation strategies with risk owners to ensure effective implementation and management of risk treatment plans.
- Team player and motivated self-starter who is resourceful and has the ability to work collaboratively with multiple stakeholders across different products, business lines, and regions
- Excellent verbal communication skills with the ability to translate complex technical concepts into business language
- Strong project management skills with the ability to lead and execute security risk and control projects and initiatives on time with multiple stakeholders
- Ability to work at the New York or DC office for 3 days per week and be willing to travel to other offices, including international locations, as required to support business needs
Preferred Qualifications
- Minimum of 5 years experience related to working on projects and teams related to security risk management, audit, compliance, information security, or other related fields
Minimum of 5 years of experience in planning, designing, implementing and managing cyber security risk management frameworks such as ISO 31000, ISO 27005, and NIST 800-39.
- Familiarity with Governance, Risk, and Compliance (GRC) technologies such as RSA Archer or ServiceNow
- CISM, CISA, CISSP, CCSP, CASP, Security+, CRISC, CGEIT, GSEC, or other relevant certifications