Inside Risk Investigator - Global Security Organization

TikTok's Insider Risk team is seeking a regionally focused Insider Risk Investigator to lead high-impact internal investigations in the AMS (US, Canada, LATAM) region. In this role, you will investigate threats related to, but not limited to, data misuse, policy violations, dual employment, and reputational risk stemming from TikTok personnel or operations.
This role demands strong technical acumen, investigative instincts, and the ability to navigate sensitive matters across multiple jurisdictions. You will work independently but collaboratively, serving as the key point of contact for insider risk cases originating in the Americas. Candidates must have experience operating within a large-scale tech, platform, or media environment.

Responsibilities
- Lead regional insider risk investigations from intake to closure involving sensitive matters such as: Data exfiltration or misuse, unauthorized platform access or privilege abuse, dual employment and conflict of interest concerns, misconduct with potential public or regulatory exposure and tampering with intellectual property
- Analyze telemetry data and indicators across regional infrastructure: DLP alerts, endpoint logs, VPN activity, and internal collaboration platform signals.
- Conduct interviews with employees and stakeholders across regions, exercising sound judgment and cultural sensitivity.
- Write thorough, region-specific investigation reports, ensuring alignment with global protocols while reflecting local legal and business context (e.g., U.S. state privacy laws, PIPEDA, LGPD).
- Collaborate with Legal, HR, Engineering, PR, and Policy teams across the region to coordinate investigative outcomes and support remediation or disciplinary action.
- Monitor and assess external threats and public disclosures originating from internal actions that may affect TikTok's brand, especially in high-visibility markets.
- Identify and address regional detection gaps, contribute to threat modeling, and help shape alerting logic in partnership with detection, analysis, and engineering teams.
- Maintain complete discretion and proper handling of sensitive employee, operational, and company data in accordance with regional privacy laws and regulatory requirements.

Qualifications

Minimum Qualifications
- Experience conducting investigations in the Americas, with working knowledge of relevant privacy, employment, and data handling standards (e.g., U.S. state privacy laws, CPRA/CCPA, Canadian PIPEDA, Brazil's LGPD).
- Strong technical understanding of and hands-on experience working with: Log data analysis, security principles (CIA, defense in depth, least privilege), IAM/SSO (Okta, AD, etc.), Cloud services (GCP, AWS, Azure), Endpoint detection and response (EDR), Collaboration platform logs (Slack, Microsoft Teams, etc.)
- Proven ability to handle confidential interviews and manage sensitive HR-legal matters professionally.
- Strong written communication skills and experience producing investigation reports suitable for internal counsel, executives, and auditors.
- Experience using case management platforms and maintaining defensible documentation standards.

Preferred Qualifications
- 5+ years in corporate investigations, insider risk, digital forensics, incident response, or a related security function
- Experience working in a global tech company or social platform with operations in the Americas.
- Bachelor's degree in Cybersecurity, Criminology, Computer Science, Psychology, or a related field.
- Familiarity with GDPR or equivalent privacy frameworks; bonus for knowledge of CPRA/CCPA, PIPEDA, LGPD, and other Americas-specific regulations.
- Prior involvement in investigations that resulted in external visibility, public scrutiny, or regulatory engagement (e.g., AG inquiries, federal regulators, provincial/state labor boards).
- Familiarity with insider threat frameworks and risk modeling.

Job Information

[For Pay Transparency] Compensation Description (annually)

The base salary range for this position in the selected city is $147200 - $269800 annually.

Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.

Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).

The Company reserves the right to modify or change these benefits programs at any time, with or without notice.

For Los Angeles County (unincorporated) Candidates:

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Our company believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment:

1. Interacting and occasionally having unsupervised contact with internal/external clients and/or colleagues;

2. Appropriately handling and managing confidential information including proprietary and trade secret information and access to information technology systems; and

3. Exercising sound judgment.

Client-provided location(s): New York, NY

Job ID: TikTok-7556300224713459986

Employment Type: OTHER

Posted: 2025-10-02T20:19:55