Responsibilities

The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates. Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience. The Security Strategy, Risk, and Resilience (SRR) team is responsible for working closely with cross-functional partners to manage security risks, mature security operations, and build organizational resilience. We support our partners in meeting industry cybersecurity compliance standards and government regulations by developing and driving the organization’s cybersecurity strategy, establishing and maintaining a comprehensive business continuity management program, creating and maintaining governing security policies, implementing our security control framework, conducting regular security risk and control assessments, and staying up-to-date on global compliance initiatives and evolving regulatory requirements. The Security Strategy, Risk and Resilience (SRR) Third Party Security Senior Analyst role involves performing comprehensive cybersecurity risk assessments to reduce security risks related to ByteDance's use of third parties. You will have the opportunity to both conduct third party security assessments and monitor and reduce third party security risk for the company. You will work closely with cross-functional partners to evaluate third party risks and develop innovative mitigation and remediation strategies, provide ongoing compliance risk mitigation support, and lead various third party risk management projects. You would be a great fit for this role if you are enthusiastic about: 1. Maturing an industry-leading third party security management program alongside a team of outstanding individuals 2. Thriving in fast-paced environments and pivoting priorities while demonstrating the ability to quickly adapt in the face of constantly evolving cybersecurity challenges 3. Learning quickly and often with a strong appetite for acquiring new knowledge and staying up-to-date on current emerging trends 4. Fostering collaboration and cross-functional partnerships to help spread awareness and drive the implementation of a strong security risk management program in order to mitigate third party risks Responsibilities As a Governance, Risk, & Compliance (GRC) Third Party Security Senior Analyst, you will be responsible for: - Conducting security assessments of ByteDance's third parties, which involves evaluating potential security risks before engaging with third-party vendors - Support third-party monitoring and offboarding operations by implementing processes for ongoing security monitoring - Assess, monitor, and manage the security risks associated with external vendors, suppliers, or service providers and report findings to various stakeholders - Mature the process for handling security incidents related to third parties and assist with investigating and responding to security incidents - Collaborate with Procurement, Legal, Compliance, IT, and Business Units to ensure a consistent and effective security risk management approach, including enhancing third-party contract management with risk-related clauses and SLAs - Drive automation and efficiency in risk assessments, monitoring, and reporting by leveraging technology solutions

Qualifications

Minimum Qualifications: - Experience in planning, designing, implementing and managing cyber security risk management frameworks such as ISO 31000, ISO 27005, and NIST 800-39 - Strong project management skills with the ability to lead and execute third party security risk management processes - Excellent verbal and written communication skills with the ability to document, communicate, and report third party security assessments and issues - Ability to work hands-on with cross-functional teams including legal, procurement, information security, business continuity, privacy, and IT engineering - Ability to work at the Washington DC office for 3 days per week and be willing to travel to other offices, including international locations, as required to support business needs Preferred Qualifications - Bachelor’s degree in risk or equivalent privacy, security, compliance, project management, or like discipline from an accredited college or university or measurable knowledge/experience from proven industry, military, defense, or government operations. - CISM, CISA, CISSP, CCSP, CASP, Security+, CRISC, CGEIT, GSEC, or other relevant certifications

Job Information