TikTok
Controls Management Specialist - Governance Risk and Compliance
TikTok, Washington, District of Columbia, us, 20022
Controls Management Specialist - Governance Risk and Compliance
The mission of TikTok’s Global Security Organization (GSO) is to build and earn trust by reducing risk and securing our businesses and products. GSO is the foundation of TikTok’s efforts to keep the platform safe, secure, and operating at scale for over 1 billion people worldwide. We work to ensure that the TikTok platform remains safe, that users’ experience and data remain protected from external or internal threats, and that we comply with global regulations wherever TikTok operates. Trust is one of TikTok’s biggest initiatives, and security is integral to our success. Whether users watch videos on their For You page, interact with Live videos, or purchase from TikTok Shop, GSO protects their data and privacy so they can enjoy a secure and trustworthy experience.
Ideal Candidate Profile
Strong security controls and compliance mindset with experience evaluating and testing controls against leading security frameworks such as ISO 27001, SOC 2, PCI DSS, and others.
Experience fostering collaboration with multi‑disciplinary, cross‑functional teams to solve challenging cybersecurity risks with product, engineering, and business teams.
Thrives in dynamic, global environments and enjoys engineering automated solutions to complex problems.
Strong appetite for acquiring new knowledge and staying up‑to‑date on emerging cybersecurity trends.
Excellent at analyzing complex systems and making them easy to understand.
Capable of providing candid, clear feedback on critical cybersecurity initiatives from policy to application design.
Responsibilities
Support the scoping and maturity of the cybersecurity compliance program to align with industry best practices and regulatory requirements including ISO 27001, PCI DSS, and SOC 2.
Lead control design walkthroughs and tests of operating effectiveness for product and business‑line controls against security requirements and compliance obligations.
Prepare and support control owners and process owners for internal and external audits by conducting thorough examinations of people, processes, technologies, and key system configurations, and helping identify best‑in‑class evidence.
Influence and collaborate with key stakeholders to support, track, and report on remediation efforts for identified security control gaps.
Design and engineer solutions to automate control testing, security control compliance, and control maturity reporting.
Maintain a global security controls library, including periodic updates and validation of security controls and owners.
Communicate with technical and non‑technical stakeholders on cybersecurity risk and control topics and program‑specific reporting.
Qualifications Minimum Qualifications
Experience supporting cybersecurity controls management programs with in‑depth knowledge of frameworks such as ISO 27001, PCI‑DSS, SOC 2, and other regulatory requirements.
Collaborated closely with engineers, business teams, and security partners (incident response, red teams, architects) to seamlessly incorporate cybersecurity controls and risk management processes into daily operations.
Experience with the entire controls monitoring lifecycle, including identifying, assessing, monitoring, and remediating controls.
Excellent communication skills with the ability to document, communicate, and report security assessments and the status of implementation, effectiveness, and remediation of controls with product and business leaders.
Strong project management skills with the ability to lead and execute security assessment projects and initiatives on time with multiple stakeholders.
Ability to work in the New York or D.C. office five days per week and be willing to travel to other offices as required.
Preferred Qualifications
Minimum of five years in IT or information security compliance and controls programs in a global organization with in‑depth knowledge of ISO 27001, PCI‑DSS, SOC 2, and other regulatory requirements.
Experience supporting complex audit projects in a cloud‑centric environment and understanding emerging technologies to meet regulatory and compliance requirements.
Experience engineering governance, risk, and compliance solutions to automate testing and compliance workflows.
Relevant certifications such as CISM, CISA, CISSP, CCSP, SecurityX, CySA+, Security+, CRISC, CGEIT, GSEC, QSA, or others.
About TikTok TikTok is the leading destination for short‑form mobile video. At TikTok, our mission is to inspire creativity and bring joy. TikTok’s global headquarters are in Los Angeles and Singapore, with offices worldwide including New York City, London, Dublin, Paris, Berlin, Dubai, Jakarta, Seoul, and Tokyo.
Why Join Us Inspiring creativity is at the core of TikTok’s mission. Our innovative product is built to help people authentically express themselves, discover, and connect. Our diverse, global teams make that possible. We embrace curiosity, humility, and a desire to make impact in a rapidly growing tech company, fostering an “Always Day 1” mindset and continuous iteration.
Diversity & Inclusion TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. We celebrate diverse voices and work to build an environment that reflects the many communities we reach.
TikTok Accommodation TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs, or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://tinyurl.com/RA-request.
Job Information 【For Pay Transparency】 Compensation Description (Annually) – Washington, DC The base salary range for this position in the selected city is 132,480 – 242,820 annually. Compensation may vary outside this range depending on a number of factors, including a candidate’s qualifications, skills, competencies, and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses, incentives, and restricted stock units. Benefits may vary depending on the nature of employment and the country work location. Employees have day‑one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short‑term and long‑term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year, and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure). The Company reserves the right to modify or change these benefits programs at any time, with or without notice.
Seniority level Associate
Employment type Full‑time
Job function Accounting/Auditing and Finance
Industries Computer and Network Security
#J-18808-Ljbffr
Ideal Candidate Profile
Strong security controls and compliance mindset with experience evaluating and testing controls against leading security frameworks such as ISO 27001, SOC 2, PCI DSS, and others.
Experience fostering collaboration with multi‑disciplinary, cross‑functional teams to solve challenging cybersecurity risks with product, engineering, and business teams.
Thrives in dynamic, global environments and enjoys engineering automated solutions to complex problems.
Strong appetite for acquiring new knowledge and staying up‑to‑date on emerging cybersecurity trends.
Excellent at analyzing complex systems and making them easy to understand.
Capable of providing candid, clear feedback on critical cybersecurity initiatives from policy to application design.
Responsibilities
Support the scoping and maturity of the cybersecurity compliance program to align with industry best practices and regulatory requirements including ISO 27001, PCI DSS, and SOC 2.
Lead control design walkthroughs and tests of operating effectiveness for product and business‑line controls against security requirements and compliance obligations.
Prepare and support control owners and process owners for internal and external audits by conducting thorough examinations of people, processes, technologies, and key system configurations, and helping identify best‑in‑class evidence.
Influence and collaborate with key stakeholders to support, track, and report on remediation efforts for identified security control gaps.
Design and engineer solutions to automate control testing, security control compliance, and control maturity reporting.
Maintain a global security controls library, including periodic updates and validation of security controls and owners.
Communicate with technical and non‑technical stakeholders on cybersecurity risk and control topics and program‑specific reporting.
Qualifications Minimum Qualifications
Experience supporting cybersecurity controls management programs with in‑depth knowledge of frameworks such as ISO 27001, PCI‑DSS, SOC 2, and other regulatory requirements.
Collaborated closely with engineers, business teams, and security partners (incident response, red teams, architects) to seamlessly incorporate cybersecurity controls and risk management processes into daily operations.
Experience with the entire controls monitoring lifecycle, including identifying, assessing, monitoring, and remediating controls.
Excellent communication skills with the ability to document, communicate, and report security assessments and the status of implementation, effectiveness, and remediation of controls with product and business leaders.
Strong project management skills with the ability to lead and execute security assessment projects and initiatives on time with multiple stakeholders.
Ability to work in the New York or D.C. office five days per week and be willing to travel to other offices as required.
Preferred Qualifications
Minimum of five years in IT or information security compliance and controls programs in a global organization with in‑depth knowledge of ISO 27001, PCI‑DSS, SOC 2, and other regulatory requirements.
Experience supporting complex audit projects in a cloud‑centric environment and understanding emerging technologies to meet regulatory and compliance requirements.
Experience engineering governance, risk, and compliance solutions to automate testing and compliance workflows.
Relevant certifications such as CISM, CISA, CISSP, CCSP, SecurityX, CySA+, Security+, CRISC, CGEIT, GSEC, QSA, or others.
About TikTok TikTok is the leading destination for short‑form mobile video. At TikTok, our mission is to inspire creativity and bring joy. TikTok’s global headquarters are in Los Angeles and Singapore, with offices worldwide including New York City, London, Dublin, Paris, Berlin, Dubai, Jakarta, Seoul, and Tokyo.
Why Join Us Inspiring creativity is at the core of TikTok’s mission. Our innovative product is built to help people authentically express themselves, discover, and connect. Our diverse, global teams make that possible. We embrace curiosity, humility, and a desire to make impact in a rapidly growing tech company, fostering an “Always Day 1” mindset and continuous iteration.
Diversity & Inclusion TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. We celebrate diverse voices and work to build an environment that reflects the many communities we reach.
TikTok Accommodation TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs, or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://tinyurl.com/RA-request.
Job Information 【For Pay Transparency】 Compensation Description (Annually) – Washington, DC The base salary range for this position in the selected city is 132,480 – 242,820 annually. Compensation may vary outside this range depending on a number of factors, including a candidate’s qualifications, skills, competencies, and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses, incentives, and restricted stock units. Benefits may vary depending on the nature of employment and the country work location. Employees have day‑one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short‑term and long‑term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year, and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure). The Company reserves the right to modify or change these benefits programs at any time, with or without notice.
Seniority level Associate
Employment type Full‑time
Job function Accounting/Auditing and Finance
Industries Computer and Network Security
#J-18808-Ljbffr