Responsibilities

About the Team: The TikTok USDS Legal & Compliance team oversees legal, regulatory, and data protection matters for TikTok’s U.S. Data Security operations. We work cross-functionally with technical and business stakeholders to tackle complex issues at the intersection of law, cybersecurity, and national security. We are seeking a senior counsel to lead our legal response to information security incidents and support broader security compliance initiatives. This attorney will work closely with our Product, Privacy, Security, and Public Policy teams to strengthen incident response readiness, ensure regulatory compliance, and safeguard user trust. In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time. Responsibilities: - Serve as the lead attorney for information security incidents impacting USDS, coordinating legal response efforts across internal stakeholders and external partners. - Counsel internal teams through the full incident lifecycle—detection, investigation, containment, remediation, and post-incident review—with a focus on legal risk mitigation and regulatory exposure. - Oversee legal strategy for incident-related communications, including drafting and reviewing breach notifications to regulators and affected users. - Develop and maintain USDS-specific incident response playbooks and escalation pathways in collaboration with Security, Risk, and Executive teams. - Support and lead legal input for incident simulations, tabletop exercises, and after-action reviews. - Advise on privilege considerations and lead efforts to preserve and document incident-related evidence. - Monitor and interpret evolving U.S. and global cybersecurity regulations to inform compliance strategy and incident response protocols. - Partner with Product Legal, Security, and Procurement to identify and mitigate security risks in contracts, vendor engagements, and product design. - Deliver training to cross-functional teams on legal obligations and best practices related to incident response, regulatory reporting, and privilege. - Support integration of incident data and trends into broader compliance and risk management processes, including third-party risk, audits, and internal controls.

Qualifications

Minimum Qualifications - J.D. from an ABA-accredited law school - Active membership in good standing with a U.S. state bar - 5+ years of legal experience advising on information security or privacy issues, ideally within a technology company or fast-paced in-house environment - Experience leading legal response to security incidents and engaging with regulators on breach reporting obligations - Deep familiarity with U.S. cybersecurity and privacy laws (e.g., GLBA, COPPA, and CCPA/CPRA) and awareness of global frameworks (e.g., GDPR) - Demonstrated ability to work across time zones and functions, including Security, Compliance, and Trust and Safety teams - Strong writing and communication skills, particularly in high-pressure situations requiring precision, speed, and judgment Preferred Qualifications: - 5+ years of management experience in law firm or in-house roles supporting enterprise cybersecurity matters - Background in platform security, content moderation, or user-generated content risk - Experience with regulatory enforcement, audits, or litigation related to cybersecurity or privacy - Familiarity with technical concepts relevant to platform architecture, threat detection, and digital forensics - Ability to manage high-stakes, time-sensitive matters while balancing legal risk with practical considerations - Experience closely partnering with business stakeholders and operationalizing legal frameworks through playbooks, training, and controls

Job Information