TikTok
InfoSec & Incident Response Counsel - USDS
TikTok, Washington, District of Columbia, us, 20022
InfoSec & Incident Response Counsel - USDS
We are looking for a senior counsel to lead our legal response to information security incidents and support broader security compliance initiatives in TikTok’s U.S. Data Security (USDS) division.
About the Team The TikTok USDS Legal & Compliance team oversees legal, regulatory, and data protection matters for TikTok’s U.S. Data Security operations. We work cross‑functionally with technical and business stakeholders to tackle complex issues at the intersection of law, cybersecurity, and national security. Hybrid work schedule: 3 days a week in office.
Responsibilities
Serve as the lead attorney for information security incidents impacting USDS, coordinating legal response efforts across internal stakeholders and external partners.
Advise internal teams through the incident lifecycle—detection, investigation, containment, remediation, and post‑incident review—focusing on legal risk mitigation and regulatory exposure.
Oversee legal strategy for incident‑related communications, including drafting and reviewing breach notifications to regulators and affected users.
Develop and maintain USDS‑specific incident response playbooks and escalation pathways in collaboration with Security, Risk, and Executive teams.
Support and lead legal input for incident simulations, tabletop exercises, and after‑action reviews.
Advise on privilege considerations and lead efforts to preserve and document incident‑related evidence.
Monitor and interpret evolving U.S. and global cybersecurity regulations to inform compliance strategy and incident response protocols.
Partner with Product Legal, Security, and Procurement to identify and mitigate security risks in contracts, vendor engagements, and product design.
Deliver training to cross‑functional teams on legal obligations and best practices related to incident response, regulatory reporting, and privilege.
Support integration of incident data and trends into broader compliance and risk management processes, including third‑party risk, audits, and internal controls.
Minimum Qualifications
J.D. from an ABA‑accredited law school.
Active membership in good standing with a U.S. state bar.
5+ years of legal experience advising on information security or privacy issues, ideally within a technology company or fast‑paced in‑house environment.
Experience leading legal response to security incidents and engaging with regulators on breach reporting obligations.
Deep familiarity with U.S. cybersecurity and privacy laws (e.g., GLBA, COPPA, CCPA/CPRA) and awareness of global frameworks (e.g., GDPR).
Demonstrated ability to work across time zones and functions, including Security, Compliance, and Trust & Safety teams.
Strong writing and communication skills, particularly in high‑pressure situations requiring precision, speed, and judgment.
Preferred Qualifications
5+ years of management experience in law firm or in‑house roles supporting enterprise cybersecurity matters.
Background in platform security, content moderation, or user‑generated content risk.
Experience with regulatory enforcement, audits, or litigation related to cybersecurity or privacy.
Familiarity with technical concepts relevant to platform architecture, threat detection, and digital forensics.
Ability to manage high‑stakes, time‑sensitive matters while balancing legal risk with practical considerations.
Experience closely partnering with business stakeholders and operationalizing legal frameworks through playbooks, training, and controls.
About USDS U.S. Data Security (“USDS”) is a subsidiary of TikTok in the U.S., created to bring heightened focus and governance to our data protection policies and content assurance protocols. Our teams deliver oversight and protection of the TikTok platform and U.S. user data, ensuring millions of Americans can safely engage on TikTok.
Why Join Us TikTok’s mission is to inspire creativity and bring joy. We build products that allow people to express themselves, discover, and connect. As part of a rapidly growing tech company, you’ll have opportunities to learn, innovate, and make a tangible impact on how people experience digital media.
Diversity & Inclusion TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. We celebrate diverse voices and strive to build an environment that reflects the many communities we serve.
Reasonable Accommodation USDS is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other protected conditions. If you need assistance or a reasonable accommodation, please reach out to us at https://tinyurl.com/USDS-RA.
Job Information Compensation Annual salary range: $191,700 - $338,580 in Washington, DC. Base pay is one part of the total package and may be supplemented by discretionary bonuses, restricted stock units, and other benefits. Employees receive medical, dental, and vision insurance; 401(k) plan with company match; paid parental leave; short‑term and long‑term disability coverage; life insurance; wellbeing benefits; 10 paid holidays; 10 paid sick days; and 17 days of paid personal time.
Employment type Full‑time, Mid‑Senior level.
#J-18808-Ljbffr
About the Team The TikTok USDS Legal & Compliance team oversees legal, regulatory, and data protection matters for TikTok’s U.S. Data Security operations. We work cross‑functionally with technical and business stakeholders to tackle complex issues at the intersection of law, cybersecurity, and national security. Hybrid work schedule: 3 days a week in office.
Responsibilities
Serve as the lead attorney for information security incidents impacting USDS, coordinating legal response efforts across internal stakeholders and external partners.
Advise internal teams through the incident lifecycle—detection, investigation, containment, remediation, and post‑incident review—focusing on legal risk mitigation and regulatory exposure.
Oversee legal strategy for incident‑related communications, including drafting and reviewing breach notifications to regulators and affected users.
Develop and maintain USDS‑specific incident response playbooks and escalation pathways in collaboration with Security, Risk, and Executive teams.
Support and lead legal input for incident simulations, tabletop exercises, and after‑action reviews.
Advise on privilege considerations and lead efforts to preserve and document incident‑related evidence.
Monitor and interpret evolving U.S. and global cybersecurity regulations to inform compliance strategy and incident response protocols.
Partner with Product Legal, Security, and Procurement to identify and mitigate security risks in contracts, vendor engagements, and product design.
Deliver training to cross‑functional teams on legal obligations and best practices related to incident response, regulatory reporting, and privilege.
Support integration of incident data and trends into broader compliance and risk management processes, including third‑party risk, audits, and internal controls.
Minimum Qualifications
J.D. from an ABA‑accredited law school.
Active membership in good standing with a U.S. state bar.
5+ years of legal experience advising on information security or privacy issues, ideally within a technology company or fast‑paced in‑house environment.
Experience leading legal response to security incidents and engaging with regulators on breach reporting obligations.
Deep familiarity with U.S. cybersecurity and privacy laws (e.g., GLBA, COPPA, CCPA/CPRA) and awareness of global frameworks (e.g., GDPR).
Demonstrated ability to work across time zones and functions, including Security, Compliance, and Trust & Safety teams.
Strong writing and communication skills, particularly in high‑pressure situations requiring precision, speed, and judgment.
Preferred Qualifications
5+ years of management experience in law firm or in‑house roles supporting enterprise cybersecurity matters.
Background in platform security, content moderation, or user‑generated content risk.
Experience with regulatory enforcement, audits, or litigation related to cybersecurity or privacy.
Familiarity with technical concepts relevant to platform architecture, threat detection, and digital forensics.
Ability to manage high‑stakes, time‑sensitive matters while balancing legal risk with practical considerations.
Experience closely partnering with business stakeholders and operationalizing legal frameworks through playbooks, training, and controls.
About USDS U.S. Data Security (“USDS”) is a subsidiary of TikTok in the U.S., created to bring heightened focus and governance to our data protection policies and content assurance protocols. Our teams deliver oversight and protection of the TikTok platform and U.S. user data, ensuring millions of Americans can safely engage on TikTok.
Why Join Us TikTok’s mission is to inspire creativity and bring joy. We build products that allow people to express themselves, discover, and connect. As part of a rapidly growing tech company, you’ll have opportunities to learn, innovate, and make a tangible impact on how people experience digital media.
Diversity & Inclusion TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. We celebrate diverse voices and strive to build an environment that reflects the many communities we serve.
Reasonable Accommodation USDS is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other protected conditions. If you need assistance or a reasonable accommodation, please reach out to us at https://tinyurl.com/USDS-RA.
Job Information Compensation Annual salary range: $191,700 - $338,580 in Washington, DC. Base pay is one part of the total package and may be supplemented by discretionary bonuses, restricted stock units, and other benefits. Employees receive medical, dental, and vision insurance; 401(k) plan with company match; paid parental leave; short‑term and long‑term disability coverage; life insurance; wellbeing benefits; 10 paid holidays; 10 paid sick days; and 17 days of paid personal time.
Employment type Full‑time, Mid‑Senior level.
#J-18808-Ljbffr