Security Strategy, Risk and Resilience (SRR) Senior Third Party Security Analyst - Global Security Organization

he Security Governance, Risk, and Compliance team is responsible for working closely with cross-functional partners to manage security risks to ensure we meet all industry cybersecurity compliance standards and government regulations through developing governing policies, implementing the security control framework, conducting security risk and control assessments, and staying up-to-date on global compliance initiatives.
Role
This role is for a strategic and hands-on cybersecurity practitioner who will be a key player in securing our company's vendor ecosystem. You'll work on the front lines of third-party risk management, moving beyond checkbox assessments to proactively identify, assess, and mitigate risks from our critical vendors and partners. Your work will directly protect our users and business operations.

If you are a curious, driven, and collaborative security professional who wants to build and mature a world-class third-party security program, this is the role for you.

We're looking for someone who can thrive in a fast-paced environment and isn't afraid to take on complex challenges.

Responsibilities
As Security Strategy, Risk, and Resilience (SRR) Third Party Security Senior Analyst, you will be responsible for:

• Conduct In-Depth Security Assessments: Lead technical and procedural security assessments of our third-party vendors, partners, and suppliers. This includes reviewing security documentation and performing technical due diligence to identify potential vulnerabilities and control gaps.
• Develop and Manage Strategic Risk Mitigation: Partner with stakeholders (e.g., Legal, Procurement, IT, and business units) to develop and implement innovative, risk-based mitigation and remediation strategies for identified issues.
• Mature the Third-Party Security Program: Play a critical role in enhancing our third-party security management program, incorporating best practices for due diligence, continuous monitoring, and offboarding. Drive program maturity through automation and process improvements.
• Proactive Threat & Vulnerability Monitoring: Utilize and integrate leading security tools to continuously monitor our third-party ecosystem, providing dynamic risk reporting and early alerts to stakeholders.
• Be a Security Champion: Advocate for and educate

Qualifications

Minimum Qualifications:

• Demonstrated experience in developing and managing cybersecurity risk frameworks such as NIST CSF, ISO 27001, SOC 2, and others
• Proficiency in conducting technical and procedural security assessments. You know what to look for and can articulate complex security issues to both technical and non-technical audiences
• Strong project management skills with a proven ability to manage multiple projects simultaneously, meet deadlines, and work effectively with diverse teams
• Ability to articulate complex security risks and recommendations clearly and concisely to leadership and stakeholders
• Deep understanding of how cybersecurity impacts business operations. You can connect technical risks to business outcomes
• Ability to work a hybrid schedule from the Washington, D.C. TikTok Office at least 3 times a week

Preferred Qualifications

• 5 years of hands-on experience in a cybersecurity role, with a strong focus on third-party risk management, risk assessments, controls assessments, or vendor risk
• Experience in the technology industry
• Relevant industry certifications such as CISSP, CISM, CISA, CRISC, or similar
• A bachelor's degree in a relevant field (e.g., Cybersecurity, Computer Science, Information Systems) or equivalent practical experience
• Experience with GRC (Governance, Risk, and Compliance) platforms and automation tools used for third-party risk management
• A solid understanding of cloud security principles (e.g., AWS, Azure, GCP) and how they apply to third-party risk