Responsibilities
Team introduction:
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.
Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us - whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop - GSO protects their data and privacy, so they can have a secure and trustworthy experience.
Want more jobs like this?
Get jobs in Singapore delivered to your inbox every week.
About This Role:
SecOps Validation Team (STOV) is responsible for the tools and technologies that support the TikTok infrastructure. STOV oversees technical validation, security operations, and drives engineering enhancements, including the deployment, configuration, and maintenance of security technologies across various domains.
The role will be responsible for design and development of Product Security technical controls required by security policy and regulations. The validation targets include product security of TikTok product family and Secure SDLC process. It will provide a solid foundation to evaluate maturity for TikTok product family and Secure SDLC. This role ensures product security governance is embedded into every stage of development, enabling scalable compliance while fostering collaboration across teams.
Responsibilities:
- Establish and operate a governance committee, aligning cross-functional stakeholders to define unified process strategies.
- Develop and implement accountability frameworks (e.g., RACI) to clarify roles, validation mechanisms, and execution ownership across the product security lifecycle.
- Design and maintain a centralized inventory of product security controls, documenting ownership, integration points, and compliance gaps.
- Drive automated metrics monitoring and reporting mechanisms to ensure adherence to standards.
- Embed product security validation service into business development lifecycle, maintain daily operation, and iterate process flow continuously.
- Assess governance effectiveness, identify optimization opportunities, and integrate controls into existing workflows.
Qualifications
Minimum Qualifications
- Bachelor's or Master's degree in Computer Science, Cybersecurity, or related fields
- 3+ years of experience in cybersecurity technologies or operations, including areas such as penetration testing, secure SDLC, security development, compliance, and governance.
- Strong cross-functional communication and consensus-building skills; ability to drive complex initiatives.
- Excellent problem-solving and analytical skills.
- Excellent data analysis and insight extraction skills.
Preferred Qualifications
- Proven track record in building governance committees, governance frameworks, or control inventories.
- Deep knowledge of security standards (e.g., ISO 27001, NIST) and translating regulatory requirements into operational processes.
- Certifications such as CISSP, CSSLP, CEH, or equivalent.