Join us as we inspire
creativity and bring joy to
millions of users worldwide.
Join us as we inspire
creativity and bring joy to
millions of users worldwide.
@2025 TikTok
Responsibilities
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates. Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience. The Security Governance, Risk, and Compliance team is responsible for working closely with cross-functional partners to manage security risks to ensure we meet all industry cybersecurity compliance standards and government regulations through developing governing policies, implementing the security control framework, conducting security risk and control assessments, and staying up-to-date on global compliance initiatives. Role This role is for a strategic and hands-on cybersecurity practitioner who will be a key player in securing our company's vendor ecosystem. You'll work on the front lines of third-party risk management, moving beyond checkbox assessments to proactively identify, assess, and mitigate risks from our critical vendors and partners. Your work will directly protect our users and business operations. If you are a curious, driven, and collaborative security professional who wants to build and mature a world-class third-party security program, this is the role for you. We're looking for someone who can thrive in a fast-paced environment and isn't afraid to take on complex challenges. Responsibilities As Security Strategy, Risk, and Resilience (SRR) Third Party Security Senior Analyst, you will be responsible for: - Conduct In-Depth Security Assessments: Lead technical and procedural security assessments of our third-party vendors, partners, and suppliers. This includes reviewing security documentation and performing technical due diligence to identify potential vulnerabilities and control gaps. - Develop and Manage Strategic Risk Mitigation: Partner with stakeholders (e.g., Legal, Procurement, IT, and business units) to develop and implement innovative, risk-based mitigation and remediation strategies for identified issues. - Mature the Third-Party Security Program: Play a critical role in enhancing our third-party security management program, incorporating best practices for due diligence, continuous monitoring, and offboarding. Drive program maturity through automation and process improvements. - Proactive Threat & Vulnerability Monitoring: Utilize and integrate leading security tools to continuously monitor our third-party ecosystem, providing dynamic risk reporting and early alerts to stakeholders. - Be a Security Champion: Advocate for and educate
Qualifications
Minimum Qualifications: - Demonstrated experience in developing and managing cybersecurity risk frameworks such as NIST CSF, ISO 27001, SOC 2, and others - Proficiency in conducting technical and procedural security assessments. You know what to look for and can articulate complex security issues to both technical and non-technical audiences - Strong project management skills with a proven ability to manage multiple projects simultaneously, meet deadlines, and work effectively with diverse teams - Ability to articulate complex security risks and recommendations clearly and concisely to leadership and stakeholders - Deep understanding of how cybersecurity impacts business operations. You can connect technical risks to business outcomes - Ability to work a hybrid schedule from the Washington, D.C. TikTok Office at least 3 times a week Preferred Qualifications - 5 years of hands-on experience in a cybersecurity role, with a strong focus on third-party risk management, risk assessments, controls assessments, or vendor risk - Experience in the technology industry - Relevant industry certifications such as CISSP, CISM, CISA, CRISC, or similar - A bachelor's degree in a relevant field (e.g., Cybersecurity, Computer Science, Information Systems) or equivalent practical experience - Experience with GRC (Governance, Risk, and Compliance) platforms and automation tools used for third-party risk management - A solid understanding of cloud security principles (e.g., AWS, Azure, GCP) and how they apply to third-party risk
Job Information
【For Pay Transparency】 Compensation Description (Annually) - Washington, DC
The base salary range for this position in the selected city is 106920 - 176400 annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.
Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).
The Company reserves the right to modify or change these benefits programs at any time, with or without notice.
About TikTok
TikTok is the leading destination for short-form mobile video. At TikTok, our mission is to inspire creativity and bring joy. TikTok's global headquarters are in Los Angeles and Singapore, and we also have offices in New York City, London, Dublin, Paris, Berlin, Dubai, Jakarta, Seoul, and Tokyo.
Why Join Us
Inspiring creativity is at the core of TikTok's mission. Our innovative product is built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and bring joy - a mission we work towards every day.
We strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. Every challenge is an opportunity to learn and innovate as one team. We're resilient and embrace challenges as they come. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our company, and our users. When we create and grow together, the possibilities are limitless. Join us.
Diversity & Inclusion
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
TikTok Accommodation
TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://tinyurl.com/RA-request
