Governance, Risk, & Compliance (GRC) Compliance Assurance Specialist

TikTok

4.5

(6)

Washington, DC

Why you should apply for a job to TikTok:

  • 4.5/5 in overall job satisfaction
  • 4.5/5 in supportive management
  • 100% say women are treated fairly and equally to men
  • 100% would recommend this company to other women
  • 100% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Employee well-being is supported via hybrid work, short-term counseling through our EAP and a premium subscription to Headspace.
  • We embrace diversity across all dimensions and provide employees with 9 employee resource groups globally, including our WOMEN ERG.
  • Comprehensive parental leave policy as well as fertility treatment through healthcare providers with a $20,000 lifetime maximum.
  • #A171197A

    Position summary

    des industry-leading cybersecurity and business protection services to TikTok globally. Our organization employs four principles that guide our strategic and tactical operations. Firstly, we Champion Transparency & Trust by leading the charge in organizational transparency, prioritizing customer trust, and placing user needs first. Secondly, we aim to maintain Best in Class Global Security by proactively identifying and reducing risks while enabling innovative product development. We constantly work towards a sustainable world-class security capability. Thirdly, we strive to be a Business Catalyst & Enabler by embodying the DNA of technical innovation and ensuring our Global Security operations are fast and agile. Finally, we Drive Empowered & Risk-Informed Decision Making by providing our leaders with the necessary information to make agile decisions based on risk. In order to enhance collaboration and cross-functional partnerships, our organization follows a hybrid work schedule that requires employees to work in the office for 3 days a week, as directed by their manager. We regularly review our hybrid work model, and the specific requirements may change at any time.

    The Security Governance, Risk, and Compliance team is responsible for working closely with cross-functional partners to manage security risks to ensure we meet all industry cybersecurity compliance standards and government regulations through developing governing policies, implementing the security control framework, conducting security risk and control assessments, and staying up-to-date on global compliance initiatives.

    The Compliance Assurance Specialist will be a key member of the Governance, Risk, & Compliance (GRC) team, responsible for numerous compliance initiatives with a specific focus on leading and continuously improving the issues management program. This role will also involve performing comprehensive scoping, control assessments, and audit facilitation to ensure the organization's adherence to cybersecurity frameworks and regulatory requirements. You would be a great fit for this role if you are enthusiastic about:

    • Creating and implementing an industry-leading issues management program with comprehensive reporting. - Maturing an industry-leading cybersecurity compliance management program for individual product lines and business initiatives, which includes monitoring of controls and remediation of gaps
    • Determining issue severity and impact on business based on quantitative metrics
    • Ensuring the successful resolution of findings identified through internal and external audits, risk and control assessments, incidents, and other remediation efforts within the organization
    • Collaborating with exceptional compliance team members in effectively identifying, assessing, and managing cybersecurity risk and control frameworks
    • Coordinating with external auditors, process/control owners, and other key stakeholders to streamline the audit process for gained efficiencies and reporting over the audit life cycle.

    Responsibilities

    • Leading and coordinating the organization's response to cybersecurity issues identified through various inputs, such as control gaps, external and internal audits, and incidents
    • Managing and owning the issues management lifecycle, which includes identifying, validating, mitigating, and reporting on the progress of remediation
    • Providing strategic guidance to remediation owners, fostering a culture of proactive risk management
    • Supporting the scoping and implementation of the cybersecurity compliance management program for individual product lines and business initiatives, ensuring readiness and alignment with industry best practices and regulatory requirements (ISO 27001, PCI-DSS, SOC 2, etc.)
    • Performing control design and operating effectiveness reviews to identify changes impacting security operations and supporting continuous control monitoring
    • Monitoring business activities by collaborating with cross-functional team leaders to ensure the organization maintains compliance with external certifications

    Qualifications

    Minimum Qualifications:

    • Previous experience building and/or leading an issues management program
    • Experience in overseeing risk management programs, including cyber risk assessments, exception processes, and third-party risk assessments
    • In-depth knowledge and experience of cybersecurity frameworks such as ISO 27001, PCI-DSS, SOC 2, NIST CSF, and other regulatory requirements
    • Experience collaborating with engineering, business, and security partners, including incident response, red teams, architects, and other product teams
    • Excellent written communication skills for documenting, communicating, and reporting security assessments
    • Strong project management skills with the ability to lead security assessment projects on time with multiple stakeholders
    • Ability to work at the D.C. office for 3 days per week and travel to other offices as required

    Preferred Qualifications

    • Experience leading strategic initiatives and driving security compliance programs end-to-end
    • Has technical expertise to provide remediation recommendations to security partners that include architects, engineers, and product teams
    • Familiarity with Governance, Risk, and Compliance (GRC) technologies such as RSA Archer or ServiceNow
    • CISM, CISA, CISSP, CCSP, CASP, Security+, CRISC, CGEIT, GSEC, or other relevant certifications

    TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

    TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://shorturl.at/cdpT2

    Why you should apply for a job to TikTok:

  • 4.5/5 in overall job satisfaction
  • 4.5/5 in supportive management
  • 100% say women are treated fairly and equally to men
  • 100% would recommend this company to other women
  • 100% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Employee well-being is supported via hybrid work, short-term counseling through our EAP and a premium subscription to Headspace.
  • We embrace diversity across all dimensions and provide employees with 9 employee resource groups globally, including our WOMEN ERG.
  • Comprehensive parental leave policy as well as fertility treatment through healthcare providers with a $20,000 lifetime maximum.