Governance, Risk, & Compliance Services Manager - USDS
Washington, DC
Why you should apply for a job to TikTok:
4.5/5 in overall job satisfaction
4.5/5 in supportive management
100% say women are treated fairly and equally to men
100% would recommend this company to other women
100% say the CEO supports gender diversity
Employee well-being is supported via hybrid work, short-term counseling through our EAP and a premium subscription to Headspace.
We embrace diversity across all dimensions and provide employees with 9 employee resource groups globally, including our WOMEN ERG.
Comprehensive parental leave policy as well as fertility treatment through healthcare providers with a $20,000 lifetime maximum.
#7589682806198913285
Position summary
ach service
- Develop strategic plans and underlying OKRs to achieve these initiatives
- Challenge status-quo of manual operations and work to implement technology driven solutions to achieve greater coverage (i.e., control testing) and lower manual efforts (i.e., policy development, TPRM assessments)
- Partner across the Security & Privacy organization and business teams to proactively align GRC operations to changing business priorities and objectives; work closely with business teams to develop ongoing compliance testing strategies
- Develop metrics and reporting to communicate business initiatives and risks to the broader security and compliance organization
- Collaborate with compliance assurance and compliance reporting functions to support regulatory reporting initiatives
Qualifications
Minimum Qualifications:
- Experience managing multiple teams and services, to align to consistent objectives, and ability to develop talent
- Experience performing internal/external control testing as security control assessor or supporting security compliance as internal compliance resources of physical and cloud infrastructure
- Experience in gathering technical control evidence from stakeholders, coordinating review, and analyzing artifacts received to ensure they meet the intent of the control requirements and demonstrate compliance
- Expert knowledge of IT and security control frameworks (e.g., NIST-CSF, NIST 800-53, PCI-DSS, CIS Security Controls, ISO 27001, ISO 27017, etc.)
- Excellent organizational direction, time management, problem-solving, prioritization, goal setting, leadership, motivation, negotiation, and interpersonal skills while proactively seeking input
- Ability to collaborate with operations and engineering teams, easily partner and forge relationships with cross-functional teams and stakeholders, communicate technical concepts to a broad range of technical and non-technical staff, provide compliant solutions, and communicate appropriately to a wide-range of audiences, with a collaborative mindset
- Familiar with the usage of modern GRC tooling (i.e., Archer, ServiceNow)
Preferred Qualifications:
- Start-up high-tech experience
- One of the following certifications, or equivalent certifications: CISA, CDPSE, CISSP, CISM, CRISC, etc.
- Experience with risk and controls frameworks including (ISO 27001, NIST CSF, NIST RMF, FAIR, COBIT, NIST RMF, ISO 31000 etc.)
Why you should apply for a job to TikTok:
4.5/5 in overall job satisfaction
4.5/5 in supportive management
100% say women are treated fairly and equally to men
100% would recommend this company to other women
100% say the CEO supports gender diversity
Employee well-being is supported via hybrid work, short-term counseling through our EAP and a premium subscription to Headspace.
We embrace diversity across all dimensions and provide employees with 9 employee resource groups globally, including our WOMEN ERG.
Comprehensive parental leave policy as well as fertility treatment through healthcare providers with a $20,000 lifetime maximum.