TikTok
Overview
The Privacy Risk Analyst role contributes to key operational functions ensuring the privacy of US user data on the TikTok platform. The ideal candidate possesses a deep understanding of security and privacy risk concepts, experience deploying and maintaining risk management frameworks, and performing privacy risk assessments and control alignments. This is a hybrid role, with in-office requirements as directed by the manager/department. Responsibilities
Perform privacy impact assessments and external information sharing privacy reviews to drive risk identification and reduction associated with product and feature launches and third-party engagements. Support the development, implementation, and documentation of the privacy risk management framework and corresponding processes in adherence with security principles and industry frameworks. Draft operating procedures and document the engagement model with internal partners to drive effective collaboration. Champion privacy risk management for USDS, ensuring TikTok products and operations align with applicable global, US and state privacy regulations. Partner with global legal, R&D, security, data protection and privacy risk management teams to advance sound privacy practices through continuous risk reduction. Support the management of the privacy risk register through prioritization and tracking of risk materiality, and communication of privacy risk findings and mitigation strategies with partner teams and leadership. Perform risk monitoring, managing the risk remediation process, ensuring risk treatment plans are executed effectively. Support risk reporting and socialization to inform stakeholders and risk owners. Understand enterprise business relationships and processes to ensure privacy risks are identified and managed throughout the business lifecycle. Engage in special projects and assume additional responsibilities as the team expands and capabilities are enhanced. Qualifications
Minimum Qualifications: Bachelor’s degree in Information Security, Computer Science, Law, or a related field. Relevant experience can substitute for a formal degree. 5+ years of relevant technical experience in risk management, product compliance management, privacy compliance, or related fields. Hands-on experience with control validation, risk assessments, and remediation tracking. Knowledge of global and US privacy regulations (e.g., GDPR, COPPA, CCPA). Strong knowledge of industry standards frameworks (NIST Privacy Framework, ISO/IEC 27701, NIST RMF, ISO 31000, COBIT, IAPP guidelines). Analytical, problem-solving, teamwork, and collaboration skills in leading or contributing to multi-functional teams. Preferred Qualifications: CISSP, CIPP, CIPT, CIPM, or CRISC certifications. Cybersecurity, information security, or privacy engineering experience in R&D settings. Strong cyber security and risk management experience is welcomed even if privacy risk management experience is not present. Security or privacy engineering experience is highly desired. About USDS
TikTok is the leading destination for short-form mobile video. U.S. Data Security (USDS) is a subsidiary of TikTok in the U.S. This security-focused division provides governance over data protection policies and content assurance protocols to safeguard U.S. users. Teams span Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more. Job Information
Compensation:
The base salary range for this position in the selected city is $98,800 - $196,000 annually. Compensation may vary based on qualifications, skills, competencies, experience, and location. Base pay may be eligible for bonuses/incentives and restricted stock units. Benefits vary by location and employment type. Day-one benefits include medical, dental, and vision insurance, 401(k) with company match, parental leave, disability coverage, life insurance, wellbeing benefits, and paid time off as applicable. The company reserves the right to modify or change these programs at any time, with or without notice. USDS is committed to providing reasonable accommodations in recruitment for candidates with disabilities or other protected statuses. If you need assistance, please reach out to us.
#J-18808-Ljbffr
The Privacy Risk Analyst role contributes to key operational functions ensuring the privacy of US user data on the TikTok platform. The ideal candidate possesses a deep understanding of security and privacy risk concepts, experience deploying and maintaining risk management frameworks, and performing privacy risk assessments and control alignments. This is a hybrid role, with in-office requirements as directed by the manager/department. Responsibilities
Perform privacy impact assessments and external information sharing privacy reviews to drive risk identification and reduction associated with product and feature launches and third-party engagements. Support the development, implementation, and documentation of the privacy risk management framework and corresponding processes in adherence with security principles and industry frameworks. Draft operating procedures and document the engagement model with internal partners to drive effective collaboration. Champion privacy risk management for USDS, ensuring TikTok products and operations align with applicable global, US and state privacy regulations. Partner with global legal, R&D, security, data protection and privacy risk management teams to advance sound privacy practices through continuous risk reduction. Support the management of the privacy risk register through prioritization and tracking of risk materiality, and communication of privacy risk findings and mitigation strategies with partner teams and leadership. Perform risk monitoring, managing the risk remediation process, ensuring risk treatment plans are executed effectively. Support risk reporting and socialization to inform stakeholders and risk owners. Understand enterprise business relationships and processes to ensure privacy risks are identified and managed throughout the business lifecycle. Engage in special projects and assume additional responsibilities as the team expands and capabilities are enhanced. Qualifications
Minimum Qualifications: Bachelor’s degree in Information Security, Computer Science, Law, or a related field. Relevant experience can substitute for a formal degree. 5+ years of relevant technical experience in risk management, product compliance management, privacy compliance, or related fields. Hands-on experience with control validation, risk assessments, and remediation tracking. Knowledge of global and US privacy regulations (e.g., GDPR, COPPA, CCPA). Strong knowledge of industry standards frameworks (NIST Privacy Framework, ISO/IEC 27701, NIST RMF, ISO 31000, COBIT, IAPP guidelines). Analytical, problem-solving, teamwork, and collaboration skills in leading or contributing to multi-functional teams. Preferred Qualifications: CISSP, CIPP, CIPT, CIPM, or CRISC certifications. Cybersecurity, information security, or privacy engineering experience in R&D settings. Strong cyber security and risk management experience is welcomed even if privacy risk management experience is not present. Security or privacy engineering experience is highly desired. About USDS
TikTok is the leading destination for short-form mobile video. U.S. Data Security (USDS) is a subsidiary of TikTok in the U.S. This security-focused division provides governance over data protection policies and content assurance protocols to safeguard U.S. users. Teams span Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more. Job Information
Compensation:
The base salary range for this position in the selected city is $98,800 - $196,000 annually. Compensation may vary based on qualifications, skills, competencies, experience, and location. Base pay may be eligible for bonuses/incentives and restricted stock units. Benefits vary by location and employment type. Day-one benefits include medical, dental, and vision insurance, 401(k) with company match, parental leave, disability coverage, life insurance, wellbeing benefits, and paid time off as applicable. The company reserves the right to modify or change these programs at any time, with or without notice. USDS is committed to providing reasonable accommodations in recruitment for candidates with disabilities or other protected statuses. If you need assistance, please reach out to us.
#J-18808-Ljbffr