Privacy Architect - USDS

Responsibilities

About the Team
The USDS Privacy and Integrated Security team is responsible for overseeing and governing all activities of privacy impacts to TikTok USDS' operations.
- We address complex and cutting-edge challenges, aiming to build the world's most trusted social media platform.
- We partner with TikTok global legal, R&D, privacy and security organizations in advancing our privacy practices.
- We oversee, govern and support the integration and optimization of operational privacy capabilities including data inventory, data classification, data retention/deletion, and incident response, etc., to ensure scalable and compliant privacy and data protection practices.

We seek a highly motivated, experienced, and dynamic professional to join our team. This is an opportunity to work on the most innovative platform in the industry, strengthening security and privacy, in our mission to Inspire Creativity and Enrich Lives.

In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.

Responsibilities
We are seeking a technically-minded and business-savvy Privacy Architect to join the Privacy and Integrated Security Team at TikTok USDS. This is a strategic role in an operational environment focused on providing the technical and architectural expertise needed to execute TikTok privacy policies.
This role will be a critical partner to both USDS operation teams and business lines who are responsible for operational privacy controls, and our global privacy organizations who are responsible for privacy controls at the product or platform level. The ideal candidate will serve as our on-the-ground technical expert, responsible for applying a systematic framework to ensure that all privacy related services, business processes, and local data flows align with our privacy policies.

Reporting Structure:
This role will report to the functional pillar lead within the privacy organization. The reporting structure may evolve as the capability grows.

Key Responsibilities:
- Develop and implement a systematic framework to manage privacy at the operational level across the entire TikTok US landscape. This includes discovering and creating privacy architectural artifacts to establish baselines and conduct gap analyses.
- Actively engage with USDS teams to understand their objectives, and operational processes.
- Conduct in-depth technical analysis and create or assemble documentation to articulate how and why the business collects and uses private data inside and outside of our platforms and systems.
- Creating and maintain documentation that visually maps data flows and identifies key control points, such as focusing on systems and data sharing.
- Develop compliant operational solutions and strategies to address privacy risks identified in technology, people and processes. Produce detailed, technical reports for the risk team outlining newly identified architectural gaps, shadow data, or data exposure risks.
- Collaborate with business teams to find reasonable and compliant trade-offs between their operational needs and global privacy requirements.
- Provide hands-on architectural guidance to operational teams on how to correctly implement privacy controls and address identified technical risks. Create practical, step-by-step guidance and playbooks for operating teams on how to handle common privacy-centric tasks, such as securely exporting data or managing access to a new system.
- Provide guidance and support ongoing technical reviews and spot audits of live services and business systems to verify that their configuration and operation are aligned with policies. Deliver findings from technical reviews that confirm a service's configuration (e.g., access controls, data retention settings) is aligned with privacy policies.
- Lead and support the effort of developing operational specifications. Provide feedback to global teams to refine and improve privacy policies and solutions based on USDS operations.
- Engagement in special projects and additional responsibilities may be needed as the team expands and capabilities are enhanced.

Qualifications

Minimum Qualifications:
- Bachelor's degree in Computer Science, Data Science, Information Technology, or a related field, or equivalent practical experience.
- 5+ years of experience in a technical role such as product engineering, systems architecture, or data engineering, with a focus on privacy or security. Demonstrated knowledge of major privacy regulations such as GDPR and CCPA.
- Must be proficient in creating and interpreting architectural diagrams to communicate holistic design and principles. Demonstrated ability to develop and maintain architectural diagrams (e.g., data flow diagrams, system diagrams) that visually represent data lifecycles, identify areas of privacy risk, and illustrate the implementation of privacy controls in alignment with organizational standards and regulatory requirements.