3rd Party Compliance Analyst
ResponsibilitiesTikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices, including Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul, and Tokyo. The Global Security Organization provides industry leading security and privacy services to ByteDance, globally. Our organization uses four principles that guide our strategic and tactical operations. First, we champion trust and transparency, leading the charge in organizational transparency and execution of security and privacy capabilities that drive customer trust. Second, we are a business catalyst and enabler, embodying the DNA of technical innovation. Third, We drive risk informed and empowered decision making, giving our business leaders the information needed to make key decisions. Finally, we proactively identify and reduce risk while enabling innovative product development -to consistently build sustainable world-class security capabilities.TikTok is seeking a 3rd Party Compliance Analyst to be part of a team that will proactively manage risks introduced by third party vendors and business partners.This team will gather requirements from key business stakeholders, ie IT Security, Global Procurement, etc.You and the team will establish and manage third party risk assessment process, including tiering mechanisms for intake and decision outputs. You will configure and operationalize third party risk assessment tools. Part of the responsibility will include educating business stakeholders on risk outputs and driving business decisions. Your team will support audits as well as remediation of risks introduced by third parties.The candidate must have expert skills in controls evaluation and design. The candidate must also have the ability to communicate well, motivate and lead cross functional and individual contributor teams independently, participate in coordinating response and corrective actions over a variety of security disciplines, and disseminate technical information as appropriate in support of TikTok's critical business, go to market, and operational infrastructure needs.* Manages 3rd party risk assessment results, develops third party security requirements, drafts contract language and third party reports, and owns the list of approved vendors.* Manages 3rd party risk reporting and continuously updates inventory of top risks to TikTok.* Manage 3rd party compliance and audit findings reporting, providing support to compliance assessments. Collaborates on internal audit finding management, and manages external audit findings.QualificationsEducation:Bachelor's degree in Security or equivalent privacy, audit, compliance, project management or like discipline from an accredited college or university or measurable knowledge / experience from proven industry, military, defense, or government operations.Experience:* 3 years of third party controls experience* Industry relevant certification (CISA, CISSP, Etc.)* Experience in a risk management role in a global enterprise* Experience reporting within a global enterprise, developing a culture of risk informed decision making* Experience executing control evaluation and management processes in a fast paced, technical environmentTechnical Skills (desired):* Expert knowledge of controls frameworks* Competent in the usage of modern GRC tooling* Excellent fundamental knowledge of industry standard frameworks (FAIR, COBIT,NIST CSF,SOC2, ISO27001,etc.)* Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and multi-functional teamsTikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We believe individuals shouldn't be disadvantaged because of their background or identity, but instead should be considered based on their strengths and experience. We are passionate about this and hope you are too.