Information Security Policy and Standards Analyst - USDS

Why Join Us
Creation is the core of TikTok's purpose. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible.
Together, we inspire creativity and bring joy - a mission we all believe in and aim towards achieving every day.
To us, every challenge, no matter how difficult, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always.
At TikTok, we create together and grow together. That's how we drive impact - for ourselves, our company, and the communities we serve.
Join us.

Team Intro
The USDS Security - Risk & Compliance team is responsible for managing USDS security compliance in accordance with US compliance requirements and objectives, and providing industry leading governance, risk, and compliance services.

The core service offerings include: Compliance & Security Risk Management, Controls & Compliance Framework, Security Compliance Policies, Charters, & Protocols, Vendor Program & Third-Party Risk Management, Governance, Risk, & Compliance (GRC) Platform, and Security & Compliance Behavior & Culture.

In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.

Responsibilities
TikTok is seeking a Policy and Standards Analyst to be part of the USDS Security Risk and Compliance team that will support the development and implementation of the USDS cybersecurity and compliance policy program. The Policy and Standards Analyst is responsible for supporting TikTok's cybersecurity and compliance policy efforts on a range of cybersecurity and compliance objectives, including technical policy development, policy framework management, and the development of standards for emerging technologies. The Analyst will be a key partner in the overall Risk and Compliance team's efforts to foster a culture of compliance and further codify TikTok policy, cybersecurity, and compliance requirements.

- Leading end-to-end policy projects, initiatives, and assessments including stakeholder management, deliverable creation and management, and status reporting
- Working with other Risk and Compliance sub-teams to align policies, controls, and risk management practices within a centralized Governance, Risk, and Compliance (GRC) platform
- Collaborating with cross-functional stakeholders to identify policy gaps, areas for improvement, or other necessary changes to existing policy
- Support the development and management of compliance guidelines for USDS business units
- Ensuring TikTok policy is in alignment with industry best practices and regulatory requirements, including but not limited to ISO 27001, PCI-DSS, and NIST CSF
- Intaking and evaluating policy-related exception requests, as well as managing approved exceptions through their lifecycle
- Communicating with technical and non-technical stakeholders and leaders on cybersecurity and compliance policy topics and program-specific reporting
- Staying up-to-date on current cybersecurity global legislation, threats, vulnerabilities, trends, and best practices to proactively evolve the cybersecurity policy program

Qualifications

Minimum Qualifications:
- 1+ years supporting cybersecurity policy programs with first-hand knowledge of and experience with cybersecurity standards, including but not limited to ISO 27001, PCI-DSS, NIST CSF, and region-specific regulations

Preferred Qualifications:
- Experience collaborating closely with security partners, including incident response, data protection, risk management, and engineers to seamlessly develop and formalize effective and risk-based cybersecurity policy
- Team player and motivated self-starter who is resourceful and has the ability to work collaboratively with multiple stakeholders across different products, business lines, and regions
- Excellent written communication skills with the ability to document, communicate, and report on policy development progress to a broad group of stakeholders
- Strong project management, communication, and interpersonal skills
- Experience working within compliance programs; experience with U.S. compliance frameworks
- Strong understanding of industry-specific information security and compliance standards and regulations
- Strong analytical and problem-solving abilities
- Familiarity with Governance, Risk, and Compliance (GRC) technologies such as RSA Archer or ServiceNow
- CISM, CISA, CISSP, CCSP, CASP, Security+, CRISC, CGEIT, GSEC, or other relevant certifications

D&I Statement
TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

Accommodation Statement
TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://shorturl.at/ktJP6

Data Security Statement
This role requires the ability to work with and support systems designed to protect sensitive data and information. As such, this role will be subject to strict national security-related screening.

#LI-DS4