Governance, Risk, & Compliance Services Manager - USDS

Responsibilities

TikTok is seeking a Governance, Risk, & Compliance ("GRC") Services Lead to be part of the US Security & Privacy Risk and Compliance team. This role will have a significant impact on mitigating regulatory compliance risk, and maturing GRC operations. The primary focus of this role will be to strategically elevate three Risk & Compliance services: 1) Controls & Certifications 2) Policy Management 3) Third-Party Risk Management. The GRC Services Lead must have a "business first" mindset, working to achieve levels of maturity and efficiency, without sacrificing compliance.

Responsibilities include but are not limited to:
- Partner with Controls & Certifications, Policy Management, and Third-Party Risk Management ("TPRM") team leads to oversee day-to-day operations
- Quickly understand current ways of working to identify maturity and efficiency gaps for each service
- Develop strategic plans and underlying OKRs to achieve these initiatives
- Challenge status-quo of manual operations and work to implement technology driven solutions to achieve greater coverage (i.e., control testing) and lower manual efforts (i.e., policy development, TPRM assessments)
- Partner across the Security & Privacy organization and business teams to proactively align GRC operations to changing business priorities and objectives; work closely with business teams to develop ongoing compliance testing strategies
- Develop metrics and reporting to communicate business initiatives and risks to the broader security and compliance organization
- Collaborate with compliance assurance and compliance reporting functions to support regulatory reporting initiatives

Qualifications

Minimum Qualifications:
- Experience managing multiple teams and services, to align to consistent objectives, and ability to develop talent
- Experience performing internal/external control testing as security control assessor or supporting security compliance as internal compliance resources of physical and cloud infrastructure
- Experience in gathering technical control evidence from stakeholders, coordinating review, and analyzing artifacts received to ensure they meet the intent of the control requirements and demonstrate compliance
- Expert knowledge of IT and security control frameworks (e.g., NIST-CSF, NIST 800-53, PCI-DSS, CIS Security Controls, ISO 27001, ISO 27017, etc.)
- Excellent organizational direction, time management, problem-solving, prioritization, goal setting, leadership, motivation, negotiation, and interpersonal skills while proactively seeking input
- Ability to collaborate with operations and engineering teams, easily partner and forge relationships with cross-functional teams and stakeholders, communicate technical concepts to a broad range of technical and non-technical staff, provide compliant solutions, and communicate appropriately to a wide-range of audiences, with a collaborative mindset