Tik Tok
Overview
The USDS Security - Risk & Compliance team manages USDS security compliance in accordance with US requirements and provides governance, risk, and compliance services. The organization follows a hybrid work model requiring in-office presence 3 days a week, or as directed by management. Responsibilities
Be part of the US Security Risk and Compliance team, managing and overseeing the control environment. Collaborate with cross-functional control owners to consult on the design and implementation of key security and compliance controls. Collect evidence, test, and monitor the control environment to ensure ongoing effectiveness of controls. Qualifications
Minimum Qualifications
2+ years of IT risk and security controls experience with knowledge of and experience with IT and security control frameworks (e.g., NIST-CSF, PCI-DSS, ISO 27001, SOC 2). Bachelors degree in IT Security, Information Security, Cybersecurity or equivalent discipline, or measurable knowledge/experience from proven industry, military, defense, or government operations. Experience in controls evaluation and design and working knowledge of industry security standards (ISO 27001, NIST CSF, SOC 2, etc.). Experience performing internal/external control testing as a security control assessor or supporting security compliance as internal compliance or performing control maturity assessments. Experience gathering technical control evidence from stakeholders, coordinating reviews, and analyzing artifacts to demonstrate compliance. Demonstrated teamwork and collaboration skills, especially in working with multi-functional teams. Preferred Qualifications
Foundational knowledge in IT and security domains (IAM, Configuration Management, Vulnerability Management, Incident Management) and familiarity with related tools and technologies. Familiarity with modern GRC tooling (e.g., Archer, ServiceNow). One of the following certifications or equivalents: CISA, CISSP, CISM, CRISC. Experience working with engineering teams and communicating control requirements to diverse audiences. Strong writing and documentation skills: clear and concise. About USDS
TikTok is the leading destination for short-form mobile video. U.S. Data Security (USDS) is a TikTok subsidiary in the U.S. created to provide heightened governance for data protection policies and content assurance protocols to keep U.S. users safe. The teams within USDS span Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions, and more. Data Security Statement
This role requires the ability to work with and support systems designed to protect sensitive data and information and is subject to strict national security-related screening. Reasonable Accommodation
USDS provides reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs, or other legally protected reasons. If you need assistance, please reach out to us at https://tinyurl.com/USDS-RA. #J-18808-Ljbffr
The USDS Security - Risk & Compliance team manages USDS security compliance in accordance with US requirements and provides governance, risk, and compliance services. The organization follows a hybrid work model requiring in-office presence 3 days a week, or as directed by management. Responsibilities
Be part of the US Security Risk and Compliance team, managing and overseeing the control environment. Collaborate with cross-functional control owners to consult on the design and implementation of key security and compliance controls. Collect evidence, test, and monitor the control environment to ensure ongoing effectiveness of controls. Qualifications
Minimum Qualifications
2+ years of IT risk and security controls experience with knowledge of and experience with IT and security control frameworks (e.g., NIST-CSF, PCI-DSS, ISO 27001, SOC 2). Bachelors degree in IT Security, Information Security, Cybersecurity or equivalent discipline, or measurable knowledge/experience from proven industry, military, defense, or government operations. Experience in controls evaluation and design and working knowledge of industry security standards (ISO 27001, NIST CSF, SOC 2, etc.). Experience performing internal/external control testing as a security control assessor or supporting security compliance as internal compliance or performing control maturity assessments. Experience gathering technical control evidence from stakeholders, coordinating reviews, and analyzing artifacts to demonstrate compliance. Demonstrated teamwork and collaboration skills, especially in working with multi-functional teams. Preferred Qualifications
Foundational knowledge in IT and security domains (IAM, Configuration Management, Vulnerability Management, Incident Management) and familiarity with related tools and technologies. Familiarity with modern GRC tooling (e.g., Archer, ServiceNow). One of the following certifications or equivalents: CISA, CISSP, CISM, CRISC. Experience working with engineering teams and communicating control requirements to diverse audiences. Strong writing and documentation skills: clear and concise. About USDS
TikTok is the leading destination for short-form mobile video. U.S. Data Security (USDS) is a TikTok subsidiary in the U.S. created to provide heightened governance for data protection policies and content assurance protocols to keep U.S. users safe. The teams within USDS span Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions, and more. Data Security Statement
This role requires the ability to work with and support systems designed to protect sensitive data and information and is subject to strict national security-related screening. Reasonable Accommodation
USDS provides reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs, or other legally protected reasons. If you need assistance, please reach out to us at https://tinyurl.com/USDS-RA. #J-18808-Ljbffr