Responsibilities
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.
Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us - whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop - GSO protects their data and privacy, so they can have a secure and trustworthy experience.
Want more jobs like this?
Get jobs in Washington, DC delivered to your inbox every week.
The Security Strategy, Risk, and Resilience (SRR) team is responsible for working closely with cross-functional partners to manage security risks, mature security operations, and build organizational resilience. We support our partners in meeting industry cybersecurity compliance standards and government regulations by developing and driving the organization's cybersecurity strategy, establishing and maintaining a comprehensive business continuity management program, creating and maintaining governing security policies, implementing our security control framework, conducting regular security risk and control assessments, and staying up-to-date on global compliance initiatives and evolving regulatory requirements.
The Cybersecurity Strategy Senior Analyst plays a critical role in supporting the development and execution of strategic initiatives and metrics programs across TikTok's Global Security Organization. You will help define what "best-in-class" looks like for a rapidly growing global cybersecurity team by driving data-informed decision-making, maturity modeling, and performance measurement. This role involves working closely with cross-functional stakeholders to align cybersecurity efforts with broader organizational goals while contributing to the department's strategic direction and operational excellence. You would be a great fit for this role if you are enthusiastic about:
1. Using data and metrics to tell compelling stories and influence decisions at the highest levels of leadership
2. Thriving in a fast-paced, ambiguous environment with a passion for building frameworks and programs from the ground up
3. Collaborating with technical and non-technical stakeholders to build visibility and alignment around cybersecurity goals and performance
Responsibilities
As a Cybersecurity Strategy and Metrics Senior Analyst, you will be responsible for:
- Supporting the development and execution of the department-wide cybersecurity strategy and multi-year maturity roadmap
- Designing and maintaining cybersecurity performance measurement frameworks, including department KPIs, KRIs, OKRs, and executive dashboards
- Developing maturity models and measurement tools to assess and monitor cybersecurity capabilities across teams and functions
- Providing regular reporting and briefings to leadership, summarizing progress against strategic goals, identifying areas for improvement, and recommending adjustments
- Conducting benchmarking and trend analysis to assess the organization's performance relative to industry standards and peers
- Partnering with leadership to identify strategic gaps and support initiative development, prioritization, and tracking
- Supporting strategic planning cycles, initiative management, and documentation efforts that align with both security and business priorities
Qualifications
Minimum Qualifications:
- Strong understanding of cybersecurity domains and frameworks (e.g., NIST CSF, ISO 27001, MITRE ATT&CK) and how to translate them into measurable objectives
- Experience designing and operationalizing metrics or performance programs in a cross-functional environment
- Strong analytical and project management skills with the ability to lead initiatives and drive results with multiple stakeholders
- Excellent verbal and written communication skills, with the ability to translate complex data and strategy into business-relevant narratives
- Ability to work at the Washington DC or New York office for 3 days per week and willingness to travel to other offices, including international locations, as required to support business needs
Preferred Qualifications:
- Minimum of 5 years of experience in cybersecurity, GRC, metrics development, strategic operations, or a related field
- Minimum of 5 years of experience in security strategy, cybersecurity operations, metrics programs, consulting, or related areas
- Experience working with data visualization tools such as Tableau, Power BI, or internal dashboards
- Relevant certifications (e.g., CISSP, CRISC, CISM, PMP, or other strategy or security-related certifications)