CommunityJobsAdviceEventsReviewsFor EmployersFor ClientsCoach Connect
CommunityJobsAdviceEvents
JOB SEARCH

Governance Risk & Compliance, Senior Third Party Security Analyst - Global Security Organization

TikTok

4.5

(6)

Washington, DC

Why you should apply for a job to TikTok:

  • 4.5/5 in overall job satisfaction
  • 4.5/5 in supportive management
  • 100% say women are treated fairly and equally to men
  • 100% would recommend this company to other women
  • 100% say the CEO supports gender diversity
    • Ratings are based on anonymous reviews by Fairygodboss members.
  • Employee well-being is supported via hybrid work, short-term counseling through our EAP and a premium subscription to Headspace.
  • We embrace diversity across all dimensions and provide employees with 9 employee resource groups globally, including our WOMEN ERG.
  • Comprehensive parental leave policy as well as fertility treatment through healthcare providers with a $20,000 lifetime maximum.

    • #7483595545916803346

    Position summary

    Security Governance, Risk, and Compliance team is responsible for working closely with cross-functional partners to manage security risks to ensure we meet all industry cybersecurity compliance standards and government regulations through developing governing policies, implementing the security control framework, conducting security risk and control assessments, and staying up-to-date on global compliance initiatives.

    The Governance, Risk, & Compliance (GRC) Third Party Security Senior Analyst role involves performing comprehensive cybersecurity risk assessments to reduce security risks related to ByteDance's use of third parties. You will have the opportunity to both conduct third party security assessments and monitor and reduce third party security risk for the company. You will work closely with cross-functional partners to evaluate third party risks and develop innovative mitigation and remediation strategies, provide ongoing compliance risk mitigation support, and lead various third party risk management projects. You would be a great fit for this role if you are enthusiastic about:

    1. Maturing an industry-leading third party security management program alongside a team of outstanding individuals
    2. Thriving in fast-paced environments and pivoting priorities while demonstrating the ability to quickly adapt in the face of constantly evolving cybersecurity challenges
    3. Learning quickly and often with a strong appetite for acquiring new knowledge and staying up-to-date on current emerging trends
    4. Fostering collaboration and cross-functional partnerships to help spread awareness and drive the implementation of a strong security risk management program in order to mitigate third party risks

    Responsibilities
    As a Governance, Risk, & Compliance (GRC) Third Party Security Senior Analyst, you will be responsible for:

    • Conducting security assessments of ByteDance's third parties, which involves evaluating potential security risks before engaging with third-party vendors
    • Support third-party monitoring and offboarding operations by implementing processes for ongoing security monitoring
    • Assess, monitor, and manage the security risks associated with external vendors, suppliers, or service providers and report findings to various stakeholders
    • Mature the process for handling security incidents related to third parties and assist with investigating and responding to security incidents
    • Collaborate with Procurement, Legal, Compliance, IT, and Business Units to ensure a consistent and effective security risk management approach, including enhancing third-party contract management with risk-related clauses and SLAs
    • Drive automation and efficiency in risk assessments, monitoring, and reporting by leveraging technology solutions

    Qualifications

    Minimum Qualifications:

    • Experience in planning, designing, implementing and managing cyber security risk management frameworks such as ISO 31000, ISO 27005, and NIST 800-39
    • Strong project management skills with the ability to lead and execute third party security risk management processes
    • Excellent verbal and written communication skills with the ability to document, communicate, and report third party security assessments and issues
    • Ability to work hands-on with cross-functional teams including legal, procurement, information security, business continuity, privacy, and IT engineering
    • Ability to work at the London, New York City, Washington DC or San Jose office for 3 days per week and be willing to travel to other offices, including international locations, as required to support business needs

    Preferred Qualifications

    • Minimum of 5 years experience related to working on projects and teams related to security risk management, audit, compliance, information security, or other related fields
    • Bachelor's degree in risk or equivalent privacy, security, compliance, project management, or like discipline from an accredited college or university or measurable knowledge/experience from proven industry, military, defense, or government operations.
    • CISM, CISA, CISSP, CCSP, CASP, Security+, CRISC, CGEIT, GSEC, or other relevant certifications

    Why you should apply for a job to TikTok:

  • 4.5/5 in overall job satisfaction
  • 4.5/5 in supportive management
  • 100% say women are treated fairly and equally to men
  • 100% would recommend this company to other women
  • 100% say the CEO supports gender diversity
    • Ratings are based on anonymous reviews by Fairygodboss members.
  • Employee well-being is supported via hybrid work, short-term counseling through our EAP and a premium subscription to Headspace.
  • We embrace diversity across all dimensions and provide employees with 9 employee resource groups globally, including our WOMEN ERG.
  • Comprehensive parental leave policy as well as fertility treatment through healthcare providers with a $20,000 lifetime maximum.