What are the responsibilities and job description for the Governance, Risk, & Compliance (GRC) Security Risk Management Senior Analyst - Global Security Organization position at TikTok?
Responsibilities
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.
Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience.
The Security Governance, Risk, and Compliance team is responsible for working closely with cross-functional partners to manage security risks to ensure we meet all industry cybersecurity compliance standards and government regulations through developing governing policies, implementing the security control framework, conducting security risk and control assessments, and staying up-to-date on global compliance initiatives.
The Governance, Risk, & Compliance (GRC) Security Risk Management Senior Analyst involves performing comprehensive cybersecurity risk assessments to identify, assess, treat, and monitor cybersecurity risks throughout our products and enterprise. You will be responsible for working closely with cross-functional partners to evaluate risks and develop innovative mitigation strategies, provide ongoing compliance risk mitigation support, and lead various risk management projects. You would be a great fit for this role if you are enthusiastic about:
1. Maturing an industry-leading security risk management program alongside a team of outstanding individuals
2. Thriving in fast-paced environments and pivoting priorities while demonstrating the ability to quickly adapt in the face of constantly evolving cybersecurity challenges
3. Learning quickly and often with a strong appetite for acquiring new knowledge in the realm of cybersecurity and staying up-to-date on current emerging trends
4. Fostering collaboration and cross-functional partnerships to help spread awareness and drive the implementation of a strong security risk management program in order to mitigate risks faced by our organization
Responsibilities
As a Governance, Risk, & Compliance (GRC) Risk Management Senior Analyst, you will be responsible for:
- Planning, developing, implementing, maintaining, and managing Cybersecurity Risk Management framework based on industry best practices (including ISO 31000, ISO 27005, and NIST 800-39)
- Implementing and supporting scalable processes and procedures for the security risk management lifecycle including risk assessments, treatment, and monitoring
- Collaborating with risk owners to ensure risk mitigation plans are developed and completed, tracking and reporting on the progress of the remediation plans on a regular basis
- Continuously monitoring the Risk Register by assessing and re-assessing likelihood, impact, and the risk rating of all items in the Risk Register on a regular basis to maintain up-to-date status
- Maintaining exception and acceptance processes to calculate residual business risk after weighing application security gaps, compensating controls, and inherent risk scores against established security risk appetite and tolerance criteria per business line
- Mentor, coach, and train security staff and security risk analysts
Qualifications
Minimum Qualifications:
- Experience collaborating closely with security partners, including incident response, red teams, architects, and engineers to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations
- Experience drafting and driving risk mitigation strategies with risk owners to ensure effective implementation and management of risk treatment plans.
- Team player and motivated self-starter who is resourceful and has the ability to work collaboratively with multiple stakeholders across different products, business lines, and regions
- Excellent verbal communication skills with the ability to translate complex technical concepts into business language
- Strong project management skills with the ability to lead and execute security risk and control projects and initiatives on time with multiple stakeholders
- Ability to work at the New York or DC office for 3 days per week and be willing to travel to other offices, including international locations, as required to support business needs
Preferred Qualifications
- Minimum of 5 years experience related to working on projects and teams related to security risk management, audit, compliance, information security, or other related fields
Minimum of 5 years of experience in planning, designing, implementing and managing cyber security risk management frameworks such as ISO 31000, ISO 27005, and NIST 800-39.
- Familiarity with Governance, Risk, and Compliance (GRC) technologies such as RSA Archer or ServiceNow
- CISM, CISA, CISSP, CCSP, CASP, Security , CRISC, CGEIT, GSEC, or other relevant certifications
About TikTok
TikTok is the leading destination for short-form mobile video. At TikTok, our mission is to inspire creativity and bring joy. TikTok's global headquarters are in Los Angeles and Singapore, and we also have offices in New York City, London, Dublin, Paris, Berlin, Dubai, Jakarta, Seoul, and Tokyo.
Why Join Us
Inspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day.
We strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. Every challenge is an opportunity to learn and innovate as one team. We're resilient and embrace challenges as they come. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our company, and our users. When we create and grow together, the possibilities are limitless. Join us.
Diversity & Inclusion
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
TikTok Accommodation
TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://tinyurl.com/RA-request
Job Information
【For Pay Transparency】 Compensation Description (Annually) - Washington, DC
The base salary range for this position in the selected city is 106920 - 176400 annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.
Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).
The Company reserves the right to modify or change these benefits programs at any time, with or without notice.
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.
Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience.
The Security Governance, Risk, and Compliance team is responsible for working closely with cross-functional partners to manage security risks to ensure we meet all industry cybersecurity compliance standards and government regulations through developing governing policies, implementing the security control framework, conducting security risk and control assessments, and staying up-to-date on global compliance initiatives.
The Governance, Risk, & Compliance (GRC) Security Risk Management Senior Analyst involves performing comprehensive cybersecurity risk assessments to identify, assess, treat, and monitor cybersecurity risks throughout our products and enterprise. You will be responsible for working closely with cross-functional partners to evaluate risks and develop innovative mitigation strategies, provide ongoing compliance risk mitigation support, and lead various risk management projects. You would be a great fit for this role if you are enthusiastic about:
1. Maturing an industry-leading security risk management program alongside a team of outstanding individuals
2. Thriving in fast-paced environments and pivoting priorities while demonstrating the ability to quickly adapt in the face of constantly evolving cybersecurity challenges
3. Learning quickly and often with a strong appetite for acquiring new knowledge in the realm of cybersecurity and staying up-to-date on current emerging trends
4. Fostering collaboration and cross-functional partnerships to help spread awareness and drive the implementation of a strong security risk management program in order to mitigate risks faced by our organization
Responsibilities
As a Governance, Risk, & Compliance (GRC) Risk Management Senior Analyst, you will be responsible for:
- Planning, developing, implementing, maintaining, and managing Cybersecurity Risk Management framework based on industry best practices (including ISO 31000, ISO 27005, and NIST 800-39)
- Implementing and supporting scalable processes and procedures for the security risk management lifecycle including risk assessments, treatment, and monitoring
- Collaborating with risk owners to ensure risk mitigation plans are developed and completed, tracking and reporting on the progress of the remediation plans on a regular basis
- Continuously monitoring the Risk Register by assessing and re-assessing likelihood, impact, and the risk rating of all items in the Risk Register on a regular basis to maintain up-to-date status
- Maintaining exception and acceptance processes to calculate residual business risk after weighing application security gaps, compensating controls, and inherent risk scores against established security risk appetite and tolerance criteria per business line
- Mentor, coach, and train security staff and security risk analysts
Qualifications
Minimum Qualifications:
- Experience collaborating closely with security partners, including incident response, red teams, architects, and engineers to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations
- Experience drafting and driving risk mitigation strategies with risk owners to ensure effective implementation and management of risk treatment plans.
- Team player and motivated self-starter who is resourceful and has the ability to work collaboratively with multiple stakeholders across different products, business lines, and regions
- Excellent verbal communication skills with the ability to translate complex technical concepts into business language
- Strong project management skills with the ability to lead and execute security risk and control projects and initiatives on time with multiple stakeholders
- Ability to work at the New York or DC office for 3 days per week and be willing to travel to other offices, including international locations, as required to support business needs
Preferred Qualifications
- Minimum of 5 years experience related to working on projects and teams related to security risk management, audit, compliance, information security, or other related fields
Minimum of 5 years of experience in planning, designing, implementing and managing cyber security risk management frameworks such as ISO 31000, ISO 27005, and NIST 800-39.
- Familiarity with Governance, Risk, and Compliance (GRC) technologies such as RSA Archer or ServiceNow
- CISM, CISA, CISSP, CCSP, CASP, Security , CRISC, CGEIT, GSEC, or other relevant certifications
About TikTok
TikTok is the leading destination for short-form mobile video. At TikTok, our mission is to inspire creativity and bring joy. TikTok's global headquarters are in Los Angeles and Singapore, and we also have offices in New York City, London, Dublin, Paris, Berlin, Dubai, Jakarta, Seoul, and Tokyo.
Why Join Us
Inspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day.
We strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. Every challenge is an opportunity to learn and innovate as one team. We're resilient and embrace challenges as they come. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our company, and our users. When we create and grow together, the possibilities are limitless. Join us.
Diversity & Inclusion
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
TikTok Accommodation
TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://tinyurl.com/RA-request
Job Information
【For Pay Transparency】 Compensation Description (Annually) - Washington, DC
The base salary range for this position in the selected city is 106920 - 176400 annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.
Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).
The Company reserves the right to modify or change these benefits programs at any time, with or without notice.
