Governance, Risk, & Compliance (GRC) Security Risk Senior Analyst

TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices including Los Angeles, New York, London, Paris, Berlin, Dubai, Singapore, Jakarta, Seoul and Tokyo.

Why Join UsCreation is the core of TikTok's purpose. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible.

Together, we inspire creativity and bring joy - a mission we all believe in and aim towards achieving every day. To us, every challenge, no matter how difficult, is an opportunity;

to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always. At TikTok, we create together and grow together.

That's how we drive impact - for ourselves, our company, and the communities we serve. Join us. The Global Security Organization provides industry-leading cybersecurity and business protection services to TikTok globally.

Our organization employs four principles that guide our strategic and tactical operations. Firstly, we Champion Transparency & Trust by leading the charge in organizational transparency, prioritizing customer trust, and placing user needs first.

Secondly, we aim to maintain Best in Class Global Security by proactively identifying and reducing risks while enabling innovative product development.

We constantly work towards a sustainable world-class security capability. Thirdly, we strive to be a Business Catalyst & Enabler by embodying the DNA of technical innovation and ensuring our Global Security operations are fast and agile.

Finally, we Drive Empowered & Risk-Informed Decision Making by providing our leaders with the necessary information to make agile decisions based on risk.

In order to enhance collaboration and cross-functional partnerships, our organization follows a hybrid work schedule that requires employees to work in the office for 3 days a week, as directed by their manager.

We regularly review our hybrid work model, and the specific requirements may change at any time. The Security Governance, Risk, and Compliance team is responsible for working closely with cross-functional partners to manage security risks to ensure we meet all industry cybersecurity compliance standards and government regulations through developing governing policies, implementing the security control framework, conducting security risk and control assessments, and staying up-to-date on global compliance initiatives.

The Governance, Risk, & Compliance (GRC) Security Risk Management Senior Analyst involves performing comprehensive cybersecurity risk assessments to identify, assess, treat, and monitor cybersecurity risks throughout our products and enterprise.

You will be responsible for working closely with cross-functional partners to evaluate risks and develop innovative mitigation strategies, provide ongoing compliance risk mitigation support, and lead various risk management projects.

You would be a great fit for this role if you are enthusiastic about : 1. Maturing an industry-leading security risk management program alongside a team of outstanding individuals 2.

Thriving in fast-paced environments and pivoting priorities while demonstrating the ability to quickly adapt in the face of constantly evolving cybersecurity challenges3.

Learning quickly and often with a strong appetite for acquiring new knowledge in the realm of cybersecurity and staying up-to-date on current emerging trends4.

Fostering collaboration and cross-functional partnerships to help spread awareness and drive the implementation of a strong security risk management program in order to mitigate risks faced by our organization ResponsibilitiesAs a Governance, Risk, & Compliance (GRC) Risk Management Senior Analyst, you will be responsible for : - Planning, developing, implementing, maintaining, and managing Cybersecurity Risk Management framework based on industry best practices (including ISO 31000, ISO 27005, and NIST 800-39)- Implementing and supporting scalable processes and procedures for the security risk lifecycle management including risk assessments, treatment, and monitoring- Collaborating with risk owners to ensure risk mitigation plans are developed and completed, tracking and reporting on the progress of the remediation plans on a regular basis- Continuously monitoring the Risk Register by assessing and re-assessing likelihood, impact, and the risk rating of all items in the Risk Register on a regular basis to maintain up-to-date status- Maintaining exception and acceptance processes to calculate residual business risk after weighing application security gaps, compensating controls, and inherent risk scores against established security risk appetite and tolerance criteria per business line- Mentor, coach, and train security staff and security risk analysts

Minimum Qualifications : - Experience collaborating closely with security partners, including incident response, red teams, architects, and engineers to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations- Team player and motivated self-starter who is resourceful and has the ability to work collaboratively with multiple stakeholders across different products, business lines, and regions- Excellent verbal communication skills with the ability to translate complex technical concepts into business language- Strong project management skills with the ability to lead and execute security risk and control projects and initiatives on time with multiple stakeholders- Ability to work at the San Jose office for 3 days per week and be willing to travel to other offices, including international locations, as required to support business needs Preferred Qualifications- Minimum of 5 years of experience in planning, designing, implementing and managing cyber security risk management frameworks such as ISO 31000, ISO 27005, and NIST 800-39.

• Minimum of 5 years of cybersecurity experience related to working on projects and teams related to security risk management, audit, compliance, information security, or other related fields- Familiarity with Governance, Risk, and Compliance (GRC) technologies such as RSA Archer or ServiceNow- CISM, CISA, CISSP, CCSP, CASP, Security+, CRISC, CGEIT, GSEC, or other relevant certifications
28 days ago