Compliance Technical Security Assurance Analyst - USDS

Why Join Us
Creation is the core of TikTok's purpose. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible.
Together, we inspire creativity and bring joy - a mission we all believe in and aim towards achieving every day.
To us, every challenge, no matter how difficult, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always.
At TikTok, we create together and grow together. That's how we drive impact - for ourselves, our company, and the communities we serve.
Join us.

Team Intro
The USDS Security - Risk & Compliance team is responsible for managing USDS security compliance in accordance with US compliance requirements and objectives, and providing industry leading governance, risk, and compliance services.

The core service offerings include: Compliance & Security Risk Management, Controls & Compliance Framework, Security Compliance Policies, Charters, & Protocols, Vendor Program & Third-Party Risk Management, Governance, Risk, & Compliance (GRC) Platform, and Security & Compliance Behavior & Culture.

In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.

Responsibilities:
As a Compliance Technical Security Analyst within the USDS Security - Risk & Compliance team, you will play a pivotal role in ensuring that our organization adheres to regulatory standards, maintains robust security practices, and facilitates change effectively. You will work closely with various teams, including Advertising and Monetization, Engineering, Legal and Compliance, software and data stewards, and technology experts to ensure that our systems, data, and processes remain compliant and secure. You will be responsible for assessing, implementing, and maintaining security measures, policies, and procedures to safeguard our systems, data, and infrastructure. This role requires a deep understanding of back-end big data processing and various data processing frameworks. You will also help our organization meet various regulatory and compliance standards, business goals and objectives.

1. Compliance Operations & Technology
- Serve as the technical compliance partner who will proactively drive implementation of compliance requirements in relation to strategic planning, new feature releases, and technical builds for our Ads and Monetization business units
- Provide guidance and support to stakeholder teams to address regulatory requirements and compliance standards on new features, product development initiatives and technology architecture modifications
- Identify potential areas of compliance gaps and security risks and vulnerabilities, and collaborate with cross-functional teams to develop and implement risk mitigation and remediation solutions
- Answer business driven OnCall inquiries related to USDS compliance requirements including data security, data governance and escalating as necessary
- Assist in the development and maturity of compliance guidelines and required documentation for stakeholder teams, ensuring adherence to regulatory requirements
2. Deliver Technical Expertise and Program Support
- Data Processing Expertise: Utilize and leverage your understanding and experience with back-end big data processing frameworks like Java, Spark, Flink, Hive, Kafka, Spring Framework, etc. to assess and maintain compliance with data processing and storage
- Business Process and Advertising Systems: Demonstrate familiarity and provide insights and recommendations to ensure compliance with advertising systems and business operations
3. Security Incident Response
- Serve as a liaison between security functions and business units involved in incidents and conduct technical investigations in response to security-related events, partnering with the incident response team to identify root causes, vulnerabilities or non-compliance

Qualifications

Minimum Qualifications
- 2+ years of IT risk and security controls experience with knowledge of and experience with IT and security control frameworks (e.g., NIST-CSF, PCI-DSS, ISO 27001, SOC 2 etc.)
- Bachelor's degree in IT Security, Information Security, Cybersecurity or equivalent privacy, compliance, project management or like discipline from an accredited college or university or measurable knowledge/experience from proven industry, military, defense, or government operations

Preferred Qualifications:
- Strong writing and documentation skills; clear and concise
- Foundational knowledge in IT and security domains (Identity and Access Management, Configuration Management, Vulnerability Management, Incident Management, etc.) and familiarity with technologies and tool stacks across these domains
- Experience performing internal/external control testing as security control assessor or supporting security compliance as internal compliance or performing control maturity assessments
- Experience in gathering technical control evidence from stakeholders, coordinating review, and analyzing artifacts received to ensure they meet the intent of the control requirements and demonstrate compliance
- Familiar with the usage of modern GRC tooling (i.e., Archer, ServiceNow, etc.)
- Demonstrated teamwork and collaboration skills, in particular in working with or contributing to multi-functional teams
- One of the following certifications, or equivalent certifications: CISA, CISSP, CISM, CRISC, etc.
- Previous experience working with engineering teams and the ability to communicate control requirements to a variety of audiences (technical and non-technical)

D&I Statement
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

Accommodation Statement
TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://shorturl.at/ktJP6

Data Security Statement
This role requires the ability to work with and support systems designed to protect sensitive data and information. As such, this role will be subject to strict national security-related screening.

#LI-DS4

Job Information

[For Pay Transparency] Compensation Description (annually)

The base salary range for this position in the selected city is $93860 - $139080 annually.

Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.

Our company benefits are designed to convey company culture and values, to create an efficient and inspiring work environment, and to support our employees to give their best in both work and life. We offer the following benefits to eligible employees:

We cover 100% premium coverage for employee medical insurance, approximately 75% premium coverage for dependents and offer a Health Savings Account(HSA) with a company match. As well as Dental, Vision, Short/Long term Disability, Basic Life, Voluntary Life and AD&D insurance plans. In addition to Flexible Spending Account(FSA) Options like Health Care, Limited Purpose and Dependent Care.

Our time off and leave plans are: 10 paid holidays per year plus 17 days of Paid Personal Time Off (PPTO) (prorated upon hire and increased by tenure) and 10 paid sick days per year as well as 12 weeks of paid Parental leave and 8 weeks of paid Supplemental Disability.

We also provide generous benefits like mental and emotional health benefits through our EAP and Lyra. A 401K company match, gym and cellphone service reimbursements. The Company reserves the right to modify or change these benefits programs at any time, with or without notice.