Privacy Program Manager, Compliance

Responsibilities

About the team:
PDPO (Privacy and Data Protection Office) is the organization to lead, supervise, and empower all TikTok's privacy work in an accountable way and eventually become overall industry leading. This team is the expert in the landscape of privacy risks and passionate about consulting across the company on implementing the proper safeguards and technical mitigations to ensure that our users' privacy is honored across the TikTok's products and platforms.

About the Role:
We are seeking a Privacy Program Manager to join our PDPO team, to serve as the primary bridge and gatekeeper between the TikTok product team and the Compliance Teams. In this role you will act as a custodian and translator responsible for harmonizing and improving processes, ensuring good and consistent regulatory compliance standards are met within the product team. If you are passionate about privacy, data protection, and possess the expertise to assess and enhance our privacy practices, we invite you to join our team and contribute to our mission of maintaining the highest standard of data privacy and security.

Key Responsibilities:
- Liaison & Communication: Serve as the primary liaison between TikTok's platform responsibility product teams and the regulatory compliance and legal departments. Translate complex regulatory requirements into actionable operational workflows.
- Audit & Compliance: Facilitate external audits by attending control design walkthroughs and tests of operating effectiveness. Support the maintenance and enhancement of the privacy control framework to align with current regulations and industry standards.
- Project Management: Lead privacy-related projects from conception to execution. Develop comprehensive project plans and collaborate with a wide range of technical and non-technical stakeholders to ensure timely completion.
- Program Development: Create and maintain essential program documentation, including process flows, policies, frameworks, and management reports.
- Training & Enablement: Develop and deliver internal training materials on privacy controls, certifications, and best practices to enhance organizational awareness and compliance.
- Continuous Improvement: Stay current with the latest privacy trends, digital regulations, and industry best practices to continuously strengthen the program.

Qualifications

Minimum Qualifications
- Bachelor's degree in Information Technology, Cybersecurity, Law, Business, or a related field. Proven experience in conducting audits or facilitating external audits.
- 3+ years of governance risk and compliance (GRC) or related privacy, compliance, and security experience
- Professional working proficiency in both English and Mandarin Chinese. Fluency in written and spoken Chinese is needed to manage stakeholders in the China market.
- Strong project management skills, with the ability to manage multiple projects simultaneously, with the ability to translate legal and regulatory requirements into actionable plans.
- Experience collaborating closely with engineers, business teams, and security partners, including incident response, red teams, and architects to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations.
- Familiarity with core privacy concepts such as data minimization, purpose limitation, data sovereignty, transparency, and data retention. Experience with privacy by design principles and engineering in a privacy program.
- Familiarity with privacy laws and regulations such as GDPR, CCPA, DSA, DMA

Preferred Qualifications:
- Strong understanding of digital regulations, content moderation laws, and online safety frameworks (i.e. Digital Services Act).
- A highly motivated individual, with strong communication and relationship-building skills, and demonstrate a record of ongoing accomplishment and commitment to excellence.