InfoSec & Incident Response Counsel - USDS

- Oversee legal strategy for incident-related communications, including drafting and reviewing breach notifications to regulators and affected users.
- Develop and maintain USDS-specific incident response playbooks and escalation pathways in collaboration with Security, Risk, and Executive teams.
- Support and lead legal input for incident simulations, tabletop exercises, and after-action reviews.
- Advise on privilege considerations and lead efforts to preserve and document incident-related evidence.
- Monitor and interpret evolving U.S. and global cybersecurity regulations to inform compliance strategy and incident response protocols.
- Partner with Product Legal, Security, and Procurement to identify and mitigate security risks in contracts, vendor engagements, and product design.
- Deliver training to cross-functional teams on legal obligations and best practices related to incident response, regulatory reporting, and privilege.
- Support integration of incident data and trends into broader compliance and risk management processes, including third-party risk, audits, and internal controls.

Qualifications

Minimum Qualifications
- J.D. from an ABA-accredited law school
- Active membership in good standing with a U.S. state bar
- 5+ years of legal experience advising on information security or privacy issues, ideally within a technology company or fast-paced in-house environment
- Experience leading legal response to security incidents and engaging with regulators on breach reporting obligations
- Deep familiarity with U.S. cybersecurity and privacy laws (e.g., GLBA, COPPA, and CCPA/CPRA) and awareness of global frameworks (e.g., GDPR)
- Demonstrated ability to work across time zones and functions, including Security, Compliance, and Trust and Safety teams
- Strong writing and communication skills, particularly in high-pressure situations requiring precision, speed, and judgment

Preferred Qualifications:
- 5+ years of management experience in law firm or in-house roles supporting enterprise cybersecurity matters
- Background in platform security, content moderation, or user-generated content risk
- Experience with regulatory enforcement, audits, or litigation related to cybersecurity or privacy
- Familiarity with technical concepts relevant to platform architecture, threat detection, and digital forensics
- Ability to manage high-stakes, time-sensitive matters while balancing legal risk with practical considerations
- Experience closely partnering with business stakeholders and operationalizing legal frameworks through playbooks, training, and controls

Client-provided location(s): Washington, DC

Job ID: TikTok-7530811565865175303

Employment Type: OTHER

Posted: 2025-08-02T04:41:10