Identity and Access Management Analyst - USDS

Join us.

About USDS
At TikTok, we're committed to a process of continuous innovation and improvement in our user experience and safety controls. We're proud to be able to serve a global community of more than a billion people who use TikTok to creatively express themselves and be entertained, and we're dedicated to giving them a platform that builds opportunity and fosters connection. We also take our responsibility to safeguard our community seriously, both in how we address potentially harmful content and how we protect against unauthorized access to user data.

U.S. Data Security ("USDS") is a standalone department of TikTok in the U.S. This new security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and user data in the U.S., so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained. The teams within USDS that deliver on this commitment daily span Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more.

About the Team :
The Global Security Organization provides industry leading security and privacy services to ByteDance globally. Our organization uses four principles that guide our strategic and tactical operations. First, we champion trust and transparency, leading the charge in organizational transparency and execution of security and privacy capabilities that drive customer trust. Second, we are a business catalyst and enabler, embodying the DNA of technical innovation. Third, we drive risk informed and empowered decision making, giving our business leaders the information needed to make key decisions. Finally, we proactively identify and reduce risk while enabling innovative product development - to consistently build sustainable world-class security capabilities.

Responsibilites
- Define strategy for the execution of Identity and Access Management program
- Onboard application to the IAM tool and support access management and assurance needs
- Build and review technical and functional requirements for in-house or external technologies
- Design and implement access management and assurance programs (people, process, and technology) to mitigate security threats and risks related to access that may impact business data through a holistic global program-oriented approach
- Develop and maintain identity residency and identity access requirements and controls as necessitated by business needs and regulations
- Design and implement the identity review process, ensuring that identities and access is reviewed regularly both for appropriateness of access as well as privilege levels for all users
- Guide the team in developing use cases and integrating access management technologies with related cybersecurity technologies (e.g., security incident and event management, data classification, vulnerability management)
- Develop and maintain policies and procedures that support identity management (e.g., access assurance, access monitoring and reporting, authentication requirements)
- Implement and enforce mechanism to proactively monitor, respond and report on inappropriate data access events
- Develop and implement MFA policies and procedures for enterprise applications
- Develop identity and access procedures for enterprise physical assets and BYOD
- Implement SSO for enterprise applications

Qualifications

- Technologist and visionary who can architect the solution vision and roadmap by understanding various technologies
- Excellent communication skills (verbal and written), ability to influence without authority
- Works well under pressure within time/budget constraints to solve problems, adjust quickly to shifting priorities, and make decisions with limited information
- Ability to balance risks in ambiguous and complex situations
- Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and cross-functional teams
- Highly motivated to contribute and grow within a complex area of emerging importance
- Ability to communicate technical concepts to a broad range of technical and non-technical staff
- Able to work in a multi-timezone environment and collaborate with clients globally
- Hands on experience integrating IGA tool to various IDPs including Oracle, Active Directory, Google, Azure AD and web service connectors
- Working knowledge of Active Directory and LDAP concepts
- Working knowledge of AD and Azure AD implementation and synchronization
- Strong understanding of:
- Access management tools, processes, and procedures
- User access administration, role and policy-based access controls, including identity management, provisioning and de-provisioning access
- Privileged access management (PAM) tools
- Identity and Access Management (IAM) tools
- Access reviews for appropriateness and authorization
- Interpretation of numeric data and statistical principles
- Industry standard frameworks
- MFA technologies and vendors and capabilities
- Federation protocols like SAML, OAuth
- Various API protocols including Rest, SOAP and API tools
- IDPs like Active Directory, Azure AD, Google
Minimum Qualifications:
- Bachelors' Degree or industry equivalent work experience in identity and access management, security architecture, and/or engineering in a converged security program
- 5-8 years applicable experience
- Demonstrate ability to quickly assimilate to new knowledge and remain current on new developments in access management tools and capabilities and industry knowledge
- In-depth experience in designing and deploying access management technologies and controls in enterprise-class organizations, including the following:
- Access management on Windows and Linux operating systems
- Access monitoring, remediation, and escalation
- Role and policy-based access controls to enforce the principle of least privilege
- Configuration of access permissions and roles, provisioning, modifying, and de-provisioning account access
Preferred Qualifications:
- CISSP, SSCP, CAP, CCSP, CISM or applicable experience in the Information Security field
- Familiarity with securing identity across SaaS and IaaS cloud platforms (e.g., AWS, Google Cloud Platform)
- Be able to deliver both detailed technical reports to enable access remediation and business friendly reports to demonstrate progress and track risk
- Be able to handle ambiguity and collaborate with a global team
- Be comfortable communicating with business executives and technical teams
- SailPoint experience is a plus

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

In the spirit of reconciliation, TikTok acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.