TikTok
Third Party Risk Management Analyst - USDS
TikTok, Washington, District of Columbia, us, 20022
Third Party Risk Management Analyst - USDS
The USDS Security - Risk & Compliance team manages security compliance and provides industry‑leading governance, risk, and compliance services. The core service offerings include: Compliance & Security Risk Management, Controls & Compliance Framework, Security Compliance Policies, Charters & Protocols, Vendor Program & Third‑Party Risk Management, GRC Platform, and Security & Compliance Behavior & Culture.
Responsibilities
Act as a subject matter expert and liaison between USDS and lines of business for vendor compliance screening, issues, and vulnerability management.
Own and manage daily operations of assigned vendor compliance assessment coordination, technical writing, and USDS Vendor Lifecycle management.
Coordinate with USDS Procurement, Legal, Risk Management, and Global Security Organization on vendor lifecycle management, contract clauses verification, compliance assessment procedures, and unresolved findings.
Validate vendor compliance screening assessments and report vendor security risk assessments for authorized and rejected vendors.
Enhance USDS TPRM standard operating procedures and validate security standard controls and audits.
Manage assessment lifecycles, dashboard reporting, and conduct site visit assessments (physical and remote).
Minimum Qualifications
Bachelor’s degree in risk management or an equivalent privacy, security, compliance, project management, or related discipline.
3+ years of third party risk management or related security experience.
Fundamental understanding of Third Party Risk Management and direct experience partnering with Procurement and Legal functions.
Technical writing and verbal communication skills that enable executive reporting on Third Party Risk metrics.
Findings and vulnerability management experience related to resolution and/or remediation of web vulnerabilities and cybersecurity vulnerabilities.
Critical thinking and analytical decision‑making skills to forecast issues, events, and/or risks pertaining to TPRM.
Preferred Qualifications
Supply chain risk management experience related to software and hardware solutions/tooling including Bill of Materials (BOM) analysis.
Contract clause verification pertaining to security, privacy, and business resilience controls.
Experience implementing vendor lifecycle procedures including onboarding, ongoing monitoring, and offboarding requirements.
Experience with TPRM incident event management, policy development, enhancement, and awareness.
Experience with OFAC sanctions and foreign ownership compliance assessments.
Data Security Statement This role requires the ability to work with and support systems designed to protect sensitive data and information. As such, this role will be subject to strict national security‑related screening.
#J-18808-Ljbffr
Responsibilities
Act as a subject matter expert and liaison between USDS and lines of business for vendor compliance screening, issues, and vulnerability management.
Own and manage daily operations of assigned vendor compliance assessment coordination, technical writing, and USDS Vendor Lifecycle management.
Coordinate with USDS Procurement, Legal, Risk Management, and Global Security Organization on vendor lifecycle management, contract clauses verification, compliance assessment procedures, and unresolved findings.
Validate vendor compliance screening assessments and report vendor security risk assessments for authorized and rejected vendors.
Enhance USDS TPRM standard operating procedures and validate security standard controls and audits.
Manage assessment lifecycles, dashboard reporting, and conduct site visit assessments (physical and remote).
Minimum Qualifications
Bachelor’s degree in risk management or an equivalent privacy, security, compliance, project management, or related discipline.
3+ years of third party risk management or related security experience.
Fundamental understanding of Third Party Risk Management and direct experience partnering with Procurement and Legal functions.
Technical writing and verbal communication skills that enable executive reporting on Third Party Risk metrics.
Findings and vulnerability management experience related to resolution and/or remediation of web vulnerabilities and cybersecurity vulnerabilities.
Critical thinking and analytical decision‑making skills to forecast issues, events, and/or risks pertaining to TPRM.
Preferred Qualifications
Supply chain risk management experience related to software and hardware solutions/tooling including Bill of Materials (BOM) analysis.
Contract clause verification pertaining to security, privacy, and business resilience controls.
Experience implementing vendor lifecycle procedures including onboarding, ongoing monitoring, and offboarding requirements.
Experience with TPRM incident event management, policy development, enhancement, and awareness.
Experience with OFAC sanctions and foreign ownership compliance assessments.
Data Security Statement This role requires the ability to work with and support systems designed to protect sensitive data and information. As such, this role will be subject to strict national security‑related screening.
#J-18808-Ljbffr