Responsibilities
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.
Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us - whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop - GSO protects their data and privacy, so they can have a secure and trustworthy experience.
Want more jobs like this?
Get jobs in New York, NY delivered to your inbox every week.
The Security Strategy, Risk, and Resilience (SRR) team is responsible for working closely with cross-functional partners to manage security risks, mature security operations, and build organizational resilience. We support our partners in meeting industry cybersecurity compliance standards and government regulations by developing and driving the organization's cybersecurity strategy, establishing and maintaining a comprehensive business continuity management program, creating and maintaining governing security policies, implementing our security control framework, conducting regular security risk and control assessments, and staying up-to-date on global compliance initiatives and evolving regulatory requirements.
As a Security Strategy Solutions Architect, you will be responsible for designing scalable and sustainable security solutions that align with the organization's strategic objectives, regulatory requirements, and operational constraints. You will work cross-functionally with engineering, security operations, risk, and compliance teams to drive the technical realization of our security policy framework and governance initiatives.
This role requires both strategic acumen and technical depth, with the ability to translate complex policies, regulations, and risks into practical security architectures and design patterns. It demands sound decision-making on build-versus-buy strategies, accurate implementation of solutions, and the ability to guide other IT professionals through expert knowledge, continuous learning, and adaptability to evolving technologies.
Responsibilities
As a Security Strategy Solutions Architect, you will:
- Architect enterprise-wide security solutions that align with the organization's strategic security goals and regulatory obligations (e.g., NIS2, GDPR, ISO 27001, SOC 2).
- Demonstrate a strong understanding of core IT security technologies-including networking, encryption, authentication, and access control-and the ability to apply them effectively in alignment with organizational strategy and business goals.
- Translate high-level security policies, standards, and frameworks into actionable technical control designs and implementation plans.
- Partner with infrastructure, security engineering, DevSecOps, and product teams to ensure architectural alignment and successful execution of security strategy initiatives.
- Develop and maintain security reference architectures, design patterns, and implementation guidance that support secure innovation and operational scalability.
- Perform security architecture reviews and assessments to evaluate adherence to policy and identify opportunities for improvement.
- Provide input into the design and governance of technology roadmaps, tool selection, and strategic technology planning.
- Serve as a subject matter expert on control implementation, technical security standards, and risk mitigation strategies across hybrid and cloud environments.
- Work closely with the Security Policy team to ensure that new and evolving policy requirements are technically feasible and effectively embedded into systems and processes.
Qualifications
Minimum Qualifications:
- Strong understanding of cybersecurity domains and frameworks (e.g., NIST CSF, ISO 27001, MITRE ATT&CK) and how to translate them into measurable objectives
- Experience designing and operationalizing metrics or performance programs in a cross-functional environment
- Strong analytical and project management skills with the ability to lead initiatives and drive results with multiple stakeholders
- Excellent verbal and written communication skills, with the ability to translate complex data and strategy into business-relevant narratives
- Ability to work at the Washington DC or New York office for 3 days per week and willingness to travel to other offices, including international locations, as required to support business needs
Preferred Qualifications:
- Minimum of 5 years of experience in security strategy, cybersecurity operations, metrics programs, consulting, or related areas
- Experience working with data visualization tools such as Tableau, Power BI, or internal dashboards
- Relevant certifications (e.g., CISSP, CRISC, CISM, PMP, or other strategy or security-related certifications)
- Candidates should have several years of experience in cybersecurity. They should have experience with designing and implementing accurate technical solutions, and guiding cross functional partners by continuously adapting to changing technologies.
Job Information
[For Pay Transparency] Compensation Description (annually)
The base salary range for this position in the selected city is $118800 - $196000 annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.
Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).
The Company reserves the right to modify or change these benefits programs at any time, with or without notice.
For Los Angeles County (unincorporated) Candidates:
Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Our company believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment:
1. Interacting and occasionally having unsupervised contact with internal/external clients and/or colleagues;
2. Appropriately handling and managing confidential information including proprietary and trade secret information and access to information technology systems; and
3. Exercising sound judgment.