Third Party Risk Management Lead




New York, NY


Position summary

TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices including Los Angeles, New York, London, Paris, Berlin, Dubai, Singapore, Jakarta, Seoul and Tokyo.

Why Join Us Creation is the core of TikTok's purpose. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible. Together, we inspire creativity and bring joy - a mission we all believe in and aim towards achieving every day. To us, every challenge, no matter how difficult, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always. At TikTok, we create together and grow together. That's how we drive impact - for ourselves, our company, and the communities we serve. Join us.

The Global Security Organization provides industry-leading cyber-security and business protection services to TikTok globally. Our organization employs four principles that guide our strategic and tactical operations. Firstly, we Champion Transparency & Trust by leading the charge in organizational transparency, prioritizing customer trust, and placing user needs first. Secondly, we aim to maintain Best in Class Global Security by proactively identifying and reducing risks while enabling innovative product development. We constantly work towards a sustainable world-class security capability. Thirdly, we strive to be a Business Catalyst & Enabler by embodying the DNA of technical innovation and ensuring our Global Security operations are fast and agile. Finally, we Drive Empowered & Risk-Informed Decision Making by providing our leaders with the necessary information to make agile decisions based on risk. In order to enhance collaboration and cross-functional partnerships, our organization follows a hybrid work schedule that requires employees to work in the office for 2 to 3 days a week, as directed by their manager. We regularly review our hybrid work model, and the specific requirements may change at any time.

As a direct report to the Global Third Party Security Management (TPSM) Lead, you will join a dynamic team that is responsible for reducing the security risk related to ByteDance's use of third parties. In support of that responsibility, you will have the unique opportunity to oversee and mature third party security operations and lead influential projects that further third party risk management objectives.


  • Coordinate with the EMEA TPSM Senior Specialist on operational oversight and performance management of the Third Party Security Management team. This includes:
    • Further development of internal operating procedures and SLAs to foster efficiency and consistent performance across third party onboarding, monitoring and offboarding assessments
    • Prioritize and assign security assessment requests amongst the team, across timezones
    • Executive presence in reporting program accomplishments and challenges in order to further mature and integrate with centralized risk management functions
    • Review, supervise and approve third party security assessments
    • Develop solutions for complex security and third party matters
    • Managing, administering and optimizing the use of industry leading security tools
    • Collaborate with stakeholders to determine risk tolerance and develop risk mitigation strategies
  • Operationalize partnerships with cross-functional teams through the sharing of data, augmentation of procedure and formalization of processes
  • Lead and execute strategic projects that further the mission of the GSO
  • Advocate GSO capabilities to business stakeholders by demonstrating value and fostering awareness
  • Develop innovative solutions to help evaluate complex business, technology, and risk issues in a fast paced environment
  • 6+ years of third party risk management or related security experience
  • Expert understanding of:
    • Information Security leading practices
    • Third party relationships and the interdependencies of technology and risk
    • Risk management leading practices
    • Control frameworks and industry standards (FAIR, COBIT, NIST CSF, SOC, ISO, etc.)
  • The ability to influence cross-organizational change with departments like legal, procurement, information security, business continuity, privacy, and IT engineering
  • Experience leading high performing multi-national teams
  • Experience managing projects to completion and demonstrating successful outcomes
  • Experience balancing security leading practice with business objectives
  • A highly motivated individual, with strong communication and relationship-building skills that demonstrates a record of ongoing accomplishments and commitment to excellence
  • Accustomed to working in a highly dynamic, startup-like environment. Adaptable to changing and/or emerging priorities
  • Industry relevant certification (CISSP, CISA, Security+, etc.)

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://gprd.accommodations@

#LI-Hybrid The base salary range for this position in the selected city is $147200 - $269800 annually.​Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.​At ByteDance/TikTok our benefits are designed to convey company culture and values, to create an efficient and inspiring work environment, and to support ByteDancers to give their best in both work and life. We offer the following benefits to eligible employees: ​We cover 100% premium coverage for employee medical insurance, approximately 75% premium coverage for dependents and offer a Health Savings Account(HSA) with a company match. As well as Dental, Vision, Short/Long term Disability, Basic Life, Voluntary Life and AD&D insurance plans. In addition to Flexible Spending Account(FSA) Options like Health Care, Limited Purpose and Dependent Care. ​Our time off and leave plans are: 10 paid holidays per year plus 17 days of Paid Personal Time Off(PPTO) (prorated upon hire and increased by tenure) and 10 paid sick days per year as well as 12 weeks of paid Parental leave and 8 weeks of paid Supplemental Disability. ​We also provide generous benefits like mental and emotional health benefits through our EAP and Lyra. A 401K company match, gym and cellphone service reimbursements. The Company reserves the right to modify or change these benefits programs at any time, with or without notice.​

Why you should apply for a job to TikTok:

  • 4.5/5 in overall job satisfaction

  • 4.5/5 in supportive management

  • 100% say women are treated fairly and equally to men

  • 100% would recommend this company to other women

  • 100% say the CEO supports gender diversity

  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Employee well-being is supported via hybrid work, short-term counseling through our EAP and a premium subscription to Headspace.

  • We embrace diversity across all dimensions and provide employees with 9 employee resource groups globally, including our WOMEN ERG.

  • Comprehensive parental leave policy as well as fertility treatment through healthcare providers with a $20,000 lifetime maximum.