Security Strategy, Risk and Resilience (SRR) Security Strategy Senior Analyst - Global Security Organization

The Security Strategy, Risk, and Resilience (SRR) team is responsible for working closely with cross-functional partners to manage security risks, mature security operations, and build organizational resilience. We support our partners in meeting industry cybersecurity compliance standards and government regulations by developing and driving the organization's cybersecurity strategy, establishing and maintaining a comprehensive business continuity management program, creating and maintaining governing security policies, implementing our security control framework, conducting regular security risk and control assessments, and staying up-to-date on global compliance initiatives and evolving regulatory requirements.

The Cybersecurity Strategy and Metrics Senior Analyst plays a critical role in supporting the development and execution of strategic initiatives and metrics programs across TikTok's Global Security Organization. You will help define what "best-in-class" looks like for a rapidly growing global cybersecurity team by driving data-informed decision-making, maturity modeling, and performance measurement. This role involves working closely with cross-functional stakeholders to align cybersecurity efforts with broader organizational goals while contributing to the department's strategic direction and operational excellence. You would be a great fit for this role if you are enthusiastic about:
1. Using data and metrics to tell compelling stories and influence decisions at the highest levels of leadership
2. Thriving in a fast-paced, ambiguous environment with a passion for building frameworks and programs from the ground up
3. Collaborating with technical and non-technical stakeholders to build visibility and alignment around cybersecurity goals and performance

Responsibilities
As a Cybersecurity Strategy and Metrics Senior Analyst, you will be responsible for:
- Supporting the development and execution of the department-wide cybersecurity strategy and multi-year maturity roadmap
- Designing and maintaining cybersecurity performance measurement frameworks, including department KPIs, KRIs, OKRs, and executive dashboards
- Developing maturity models and measurement tools to assess and monitor cybersecurity capabilities across teams and functions
- Providing regular reporting and briefings to leadership, summarizing progress against strategic goals, identifying areas for improvement, and recommending adjustments
- Conducting benchmarking and trend analysis to assess the organization's performance relative to industry standards and peers
- Partnering with leadership to identify strategic gaps and support initiative development, prioritization, and tracking
- Supporting strategic planning cycles, initiative management, and documentation efforts that align with both security and business priorities

Qualifications

Minimum Qualifications:
- Strong understanding of cybersecurity domains and frameworks (e.g., NIST CSF, ISO 27001, MITRE ATT&CK) and how to translate them into measurable objectives
- Experience designing and operationalizing metrics or performance programs in a cross-functional environment
- Strong analytical and project management skills with the ability to lead initiatives and drive results with multiple stakeholders
- Excellent verbal and written communication skills, with the ability to translate complex data and strategy into business-relevant narratives
- Ability to work at the San Jose office for 3 days per week and willingness to travel to other offices, including international locations, as required to support business needs

Preferred Qualifications:
- Minimum of 5 years of experience in cybersecurity, GRC, metrics development, strategic operations, or a related field
- Minimum of 5 years of experience in security strategy, cybersecurity operations, metrics programs, consulting, or related areas
- Experience working with data visualization tools such as Tableau, Power BI, or internal dashboards
- Relevant certifications (e.g., CISSP, CRISC, CISM, PMP, or other strategy or security-related certifications)

Job Information

[For Pay Transparency] Compensation Description (annually)

The base salary range for this position in the selected city is $118800 - $196000 annually.

Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.

Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).

The Company reserves the right to modify or change these benefits programs at any time, with or without notice.

For Los Angeles County (unincorporated) Candidates:

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Our company believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment:

1. Interacting and occasionally having unsupervised contact with internal/external clients and/or colleagues;

2. Appropriately handling and managing confidential information including proprietary and trade secret information and access to information technology systems; and

3. Exercising sound judgment.