Security Certifications Specialist - USDS (DC)

About TikTok TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices including Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul and Tokyo.

Why Join Us Creation is the core of TikTok's purpose. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible. Together, we inspire creativity and bring joy - a mission we all believe in and aim towards achieving every day. To us, every challenge, no matter how difficult, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always. At TikTok, we create together and grow together. That's how we drive impact - for ourselves, our company, and the communities we serve. Join us.

About USDS At TikTok, we're committed to a process of continuous innovation and improvement in our user experience and safety controls. We're proud to be able to serve a global community of more than a billion people who use TikTok to creatively express themselves and be entertained, and we're dedicated to giving them a platform that builds opportunity and fosters connection. We also take our responsibility to safeguard our community seriously, both in how we address potentially harmful content and how we protect against unauthorized access to user data.

https://U.S. Data Security (“USDS”) is a standalone department of TikTok in the https://U.S. This new security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep https://U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and user data in the https://U.S., so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained. The teams within USDS that deliver on this commitment daily span Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more.

Team Intro The USDS Security - Risk & Compliance team is responsible for managing USDS security compliance in accordance with US compliance requirements and objectives, and providing industry leading governance, risk, and compliance services. The core service offerings include: Compliance & Security Risk Management, Controls & Compliance Framework, Security Compliance Policies, Charters, & Protocols, Vendor Program & Third-Party Risk Management, Governance, Risk, & Compliance (GRC) Platform, and Security & Compliance Behavior & Culture. Responsibilities TikTok is seeking a Security Certifications Specialist to be part of the USDS Security Risk and Compliance team that will lead planning and strategy, readiness, and coordination for security certifications and attestations (ISO, SOC, PCI, etc.) and help manage the control environment. You will be responsible for collaborating with cross-functional control owners to consult and provide guidance for the design and implementation of key security and compliance controls. The team is also responsible for documenting security control and processes to provide transparency to internal and external stakeholders. The team is also responsible for collecting evidence, testing, and monitoring the control environment, to ensure the ongoing effectiveness of controls. You will work with compliance and external audit teams to ensure that the controls satisfy requirements. You will also collaborate with the Risk team to support remediation efforts. The candidate must have skills in controls evaluation and design and working knowledge of industry leading security standards (https://i.e., ISO 27001, NIST CSF, ISO 27701, etc). It is preferred that the candidate have familiarity with cybersecurity technologies across multiple domains (https://i.e., access management, data loss prevention, threat monitoring, etc.). The candidate must also have the ability to communicate well. Qualifications:

• Minimum 4+ years of IT risk and security controls experience
• Experience in a security and/or IT risk management role
• Experience in fulfilling or working with external security certification auditors
• Strong writing and documentation skills; you are clear, concise, confident, and unafraid to present your ideas
• Foundational knowledge in IT and security domains (Identity and Access Management, Configuration Management, Vulnerability Management, Incident Management, etc.) and familiarity with technologies and tool stacks across these domains
• Experience performing internal/external control testing as security control assessor or supporting security compliance as internal compliance resources of physical and cloud infrastructure
• Experience in gathering technical control evidence from stakeholders, coordinating review, and analyzing artifacts received to ensure they meet the intent of the control requirements and demonstrate compliance
• Foundational knowledge of IT and security control frameworks (https://e.g., NIST-CSF, NIST 800-53, PCI-DSS, CIS Security Controls, ISO 27001, ISO 27017, etc.)
• Familiar with the usage of modern GRC tooling (https://i.e., Archer, ServiceNow)
• Demonstrated teamwork and collaboration skills, in particular in working with or contributing to multi-functional teams Bonus Points:
• One of the following certifications, or equivalent certifications: CISA, CDPSE, CISSP, CISM, CRISC, etc.
• Previous experience working with engineering teams to help them understand control requirements
• Contribute to, maintain, and update cybersecurity control library
• Experience testing technical controls D&I Statement TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

Accommodation Statement TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://usds.accommodations@https://tiktokusds.com #LI-DS4