fessional? Have you successfully worked with organizations to ensure compliance with international laws, regulations, and standards to safeguard information and maintain confidentiality, integrity and availability of data?
If yes, then you may be a great fit in a new and challenging environment where you will be involved in every aspect of Data Center information security management, Globally!
As a Risk & Compliance professional, you are responsible for ensuring Data-System-Infrastructure Engineering procedures and processes comply with regulatory, security and privacy standards (such as ISO 27001, PCI-DSS and GDPR).
This role determines whether SOPs, processes and controls sufficiently safeguard information, maintain data integrity, and allow organizational goals to be achieved effectively.
Since TikTok provides services on a global scale, this role requires a global view and approach in its day to day operations.
- Adherence to compliance requirements of ISO27001, PCI-DSS, GDPR and other applicable Federal, State, and international regulations.
- Work with the Infrastructure Engineering teams to define and refine a security strategy and Information Security framework, tailored to the risks that we manage across our data systems landscape
- Assessing and enforcing security policies, standards, procedures, and guidelines to protect information assets and systems
- Support periodic risk assessments and identify strategic opportunities to adopt industry-leading security and compliance standards
- Support implementation of security controls and best practices to strengthen the security posture of the entire Edge product stack across our data systems engineering landscape.
- Working with IT teams to identify vulnerabilities, implement security measures, and establishing risk management frameworks to protect the organization's information assets.
- Interacting with auditors on matters related to audits of the organization's internal controls.
- Translating non-compliant findings and control requirements into easy-to-understand and actionable items for business and process owners.
- Collaborating with cross-functional teams to facilitate remediation of control gaps.
- Serving as a point-of-contact for violations or non-conformance to regulations, policy, and procedures.
- Developing and maintaining governance, risk, and compliance documentation.
- Leading Data-System-Infrastructure Engineering Informational/training sessions on topics related to compliance and best practice information security management
- Efficiently and accurately establish metrics and deliver against them in a robust validated, consistent and repeatable process
- Provide regular reporting on the current status of the information security program
- Bachelor's degree in Business, Risk Management, Computer Science or Information Security
- A minimum of 5-7 years' experience in risk and information security management or similar position.
- Holds a CRISC /CISSP qualification
- Applied knowledge of the Edge product stack and architecture and the logical and network layers of data center systems and how to secure them - e.g. the effective management of Vulnerability and Patch management programs; implementation of safeguards at the logical layer such as ACL, WAF and API gateway management
- Outstanding communication and interpersonal abilities
- Strong managerial, planning and communication skills
- A strong delivery and project management background
- Extensive knowledge of ISO 27001, PCI-DSS and their application
- 10+ years technology, Information Security experience, Information risk management, consulting, or related experience.
- CISA / CISM qualification a plus
- Knowledge in the following areas: Data Centers and their operations, Business Impact Analysis (BIA), Risk Assessment (RA), Incident Response (IR), Business Process Improvement/Reengineering (BPI/BPR)
- Excellent verbal and written communication skills; especially centered around translation of business requirements to technical requirements
- Independently manage multiple priorities and complex program components
- Ensure strong oversight of all information security risks and provide Business Partners visibility of existing and emerging risks
- Build and maintain strong influencing relationships with Business Partners and SMEs such as Edge product teams, SRE, global security, Security Assurance, Legal, Compliance, BCP, Audit and BRCM
- Lead / Support other risk function initiatives as the subject matter expert for IS
- Ensure Information Security Risk Management activities conform to Regulatory, Group Policy and Local Procedures
- Proactively work with cross functional teams and business partners to identify areas of risk and reduce, mitigate or eliminate information security risk across data systems
- Collaborating on risk management efforts between various risk functions within the Infrastructure Engineering teams
- Takes a proactive, self-starter approach, can communicate at all levels, and negotiate with diplomacy
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at [email protected]
[For Pay Transparency] Compensation Description (annually)
The base salary range for this position in the selected city is $150000 - $238000 annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.
Our company benefits are designed to convey company culture and values, to create an efficient and inspiring work environment, and to support our employees to give their best in both work and life. We offer the following benefits to eligible employees:
We cover 100% premium coverage for employee medical insurance, approximately 75% premium coverage for dependents and offer a Health Savings Account(HSA) with a company match. As well as Dental, Vision, Short/Long term Disability, Basic Life, Voluntary Life and AD&D insurance plans. In addition to Flexible Spending Account(FSA) Options like Health Care, Limited Purpose and Dependent Care.
Our time off and leave plans are: 10 paid holidays per year plus 17 days of Paid Personal Time Off (PPTO) (prorated upon hire and increased by tenure) and 10 paid sick days per year as well as 12 weeks of paid Parental leave and 8 weeks of paid Supplemental Disability.
We also provide generous benefits like mental and emotional health benefits through our EAP and Lyra. A 401K company match, gym and cellphone service reimbursements. The Company reserves the right to modify or change these benefits programs at any time, with or without notice.