hy experience.
About This Role:
SecOps Validation Team (STOV) is responsible for the tools and technologies that support the TikTok infrastructure. STOV oversees technical validation, security operations, and drives engineering enhancements, including the deployment, configuration, and maintenance of security technologies across various domains.
The role will be responsible for design and development of Product Security technical controls required by security policy and regulations. The validation targets include product security of TikTok product family and Secure SDLC process. It will provide a solid foundation to evaluate maturity for TikTok product family and Secure SDLC. This role ensures product security governance is embedded into every stage of development, enabling scalable compliance while fostering collaboration across teams.
Responsibilities:
- Establish and operate a governance committee, aligning cross-functional stakeholders to define unified process strategies.
- Develop and implement accountability frameworks (e.g., RACI) to clarify roles, validation mechanisms, and execution ownership across the product security lifecycle.
- Design and maintain a centralized inventory of product security controls, documenting ownership, integration points, and compliance gaps.
- Drive automated metrics monitoring and reporting mechanisms to ensure adherence to standards.
- Embed product security validation service into business development lifecycle, maintain daily operation, and iterate process flow continuously.
- Assess governance effectiveness, identify optimization opportunities, and integrate controls into existing workflows.
Qualifications
Minimum Qualifications
- Bachelor's or Master's degree in Computer Science, Cybersecurity, or related fields
- 3+ years of experience in cybersecurity technologies or operations, including areas such as penetration testing, secure SDLC, security development, compliance, and governance.
- Strong cross-functional communication and consensus-building skills; ability to drive complex initiatives.
- Excellent problem-solving and analytical skills.
- Excellent data analysis and insight extraction skills.
Preferred Qualifications
- Proven track record in building governance committees, governance frameworks, or control inventories.
- Deep knowledge of security standards (e.g., ISO 27001, NIST) and translating regulatory requirements into operational processes.
- Certifications such as CISSP, CSSLP, CEH, or equivalent.