TikTok
Get AI-powered advice on this job and more exclusive features.
Overview The Privacy Risk Analyst role contributes to key operational functions ensuring the privacy of US user data on the TikTok platform. The ideal candidate possesses a deep understanding of security and privacy risk concepts, experience deploying and maintaining risk management frameworks, and performing privacy risk assessments and control alignments.
Responsibilities
Perform privacy impact assessments and external information sharing privacy reviews to drive risk identification and reduction associated with product and feature launches and third party engagements.
Support the development, implementation, and documentation of the privacy risk management framework and corresponding processes in adherence with security principles and industry frameworks. Draft operating procedures and document the engagement model with internal partners to drive effective collaboration.
Champion privacy risk management for USDS, ensuring TikTok products and operations align with applicable global, US and state privacy regulations. Partner with global legal, R&D, security, data protection and privacy risk management teams to advance sound privacy practices through continuous risk reduction.
Support the management of the privacy risk register through prioritization and tracking of risk materiality, and communication of privacy risk findings and mitigation strategies with partner teams and leadership.
Perform risk monitoring and manage the risk remediation process, ensuring risk treatment plans are executed effectively. Support risk reporting and socialization to inform stakeholders and risk owners.
Understand enterprise business relationships and processes to ensure privacy risks are identified and managed throughout the business lifecycle.
Engage in special projects and additional responsibilities as the team expands and capabilities are enhanced.
Qualifications Minimum Qualifications:
Bachelor’s degree in Information Security, Computer Science, Law, or a related field. Significant relevant experience in security, privacy and data protection fields will be considered in lieu of a formal degree.
Hands-on experience conducting control validation, risk assessments and tracking remediation plans. 5+ years of relevant technical experience in risk management, product compliance management, privacy compliance.
Knowledge of global and US privacy regulations (e.g., GDPR, COPPA, CCPA).
Fundamental knowledge of industry standards frameworks (NIST Privacy Framework, ISO/IEC 27701, NIST RMF, ISO 31000, COBIT, IAPP guidelines, etc.).
Analytical, problem-solving, teamwork and collaboration skills in multi-functional teams.
Preferred Qualifications:
CISSP, CIPP, CIPT, CIPM, or CRISC is a plus.
Cyber security, information security, or privacy engineering experience in an R&D setting.
If you do not have privacy risk management experience but have strong cyber security and risk management, you are encouraged to apply.
Security or privacy engineering experience is highly desired.
About USDS TikTok is the leading destination for short-form mobile video. U.S. Data Security (USDS) is a security-focused subsidiary of TikTok in the U.S. focused on data protection policies and content assurance protocols to keep U.S. users safe. Our teams span Trust & Safety, Security & Privacy, Engineering, User & Product Ops, and Corporate Functions.
USDS Reasonable Accommodation USDS is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities or other protected reasons. If you need assistance or a reasonable accommodation, please reach out to us at https://tinyurl.com/USDS-RA
Job Information Compensation details vary by location and candidate qualifications. Base pay is complemented by bonuses/incentives and restricted stock units where applicable. Benefits include health coverage, 401(k) with company match, paid leave, and wellbeing programs. Benefits may vary by location and employment type.
Note:
This description does not include all responsibilities and requirements for the role and may be amended as needed.
#J-18808-Ljbffr
Overview The Privacy Risk Analyst role contributes to key operational functions ensuring the privacy of US user data on the TikTok platform. The ideal candidate possesses a deep understanding of security and privacy risk concepts, experience deploying and maintaining risk management frameworks, and performing privacy risk assessments and control alignments.
Responsibilities
Perform privacy impact assessments and external information sharing privacy reviews to drive risk identification and reduction associated with product and feature launches and third party engagements.
Support the development, implementation, and documentation of the privacy risk management framework and corresponding processes in adherence with security principles and industry frameworks. Draft operating procedures and document the engagement model with internal partners to drive effective collaboration.
Champion privacy risk management for USDS, ensuring TikTok products and operations align with applicable global, US and state privacy regulations. Partner with global legal, R&D, security, data protection and privacy risk management teams to advance sound privacy practices through continuous risk reduction.
Support the management of the privacy risk register through prioritization and tracking of risk materiality, and communication of privacy risk findings and mitigation strategies with partner teams and leadership.
Perform risk monitoring and manage the risk remediation process, ensuring risk treatment plans are executed effectively. Support risk reporting and socialization to inform stakeholders and risk owners.
Understand enterprise business relationships and processes to ensure privacy risks are identified and managed throughout the business lifecycle.
Engage in special projects and additional responsibilities as the team expands and capabilities are enhanced.
Qualifications Minimum Qualifications:
Bachelor’s degree in Information Security, Computer Science, Law, or a related field. Significant relevant experience in security, privacy and data protection fields will be considered in lieu of a formal degree.
Hands-on experience conducting control validation, risk assessments and tracking remediation plans. 5+ years of relevant technical experience in risk management, product compliance management, privacy compliance.
Knowledge of global and US privacy regulations (e.g., GDPR, COPPA, CCPA).
Fundamental knowledge of industry standards frameworks (NIST Privacy Framework, ISO/IEC 27701, NIST RMF, ISO 31000, COBIT, IAPP guidelines, etc.).
Analytical, problem-solving, teamwork and collaboration skills in multi-functional teams.
Preferred Qualifications:
CISSP, CIPP, CIPT, CIPM, or CRISC is a plus.
Cyber security, information security, or privacy engineering experience in an R&D setting.
If you do not have privacy risk management experience but have strong cyber security and risk management, you are encouraged to apply.
Security or privacy engineering experience is highly desired.
About USDS TikTok is the leading destination for short-form mobile video. U.S. Data Security (USDS) is a security-focused subsidiary of TikTok in the U.S. focused on data protection policies and content assurance protocols to keep U.S. users safe. Our teams span Trust & Safety, Security & Privacy, Engineering, User & Product Ops, and Corporate Functions.
USDS Reasonable Accommodation USDS is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities or other protected reasons. If you need assistance or a reasonable accommodation, please reach out to us at https://tinyurl.com/USDS-RA
Job Information Compensation details vary by location and candidate qualifications. Base pay is complemented by bonuses/incentives and restricted stock units where applicable. Benefits include health coverage, 401(k) with company match, paid leave, and wellbeing programs. Benefits may vary by location and employment type.
Note:
This description does not include all responsibilities and requirements for the role and may be amended as needed.
#J-18808-Ljbffr