Security Strategy, Risk and Resilience (SRR) Senior Third Party Security Analyst - Global Security Organization

Responsibilities

The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.

Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us - whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop - GSO protects their data and privacy, so they can have a secure and trustworthy experience.

The Security Governance, Risk, and Compliance team is responsible for working closely with cross-functional partners to manage security risks to ensure we meet all industry cybersecurity compliance standards and government regulations through developing governing policies, implementing the security control framework, conducting security risk and control assessments, and staying up-to-date on global compliance initiatives.
Role
This role is for a strategic and hands-on cybersecurity practitioner who will be a key player in securing our company's vendor ecosystem. You'll work on the front lines of third-party risk management, moving beyond checkbox assessments to proactively identify, assess, and mitigate risks from our critical vendors and partners. Your work will directly protect our users and business operations.

If you are a curious, driven, and collaborative security professional who wants to build and mature a world-class third-party security program, this is the role for you.

We're looking for someone who can thrive in a fast-paced environment and isn't afraid to take on complex challenges.

Responsibilities
As Security Strategy, Risk, and Resilience (SRR) Third Party Security Senior Analyst, you will be responsible for:
- Conduct In-Depth Security Assessments: Lead technical and procedural security assessments of our third-party vendors, partners, and suppliers. This includes reviewing security documentation and performing technical due diligence to identify potential vulnerabilities and control gaps.
- Develop and Manage Strategic Risk Mitigation: Partner with stakeholders (e.g., Legal, Procurement, IT, and business units) to develop and implement innovative, risk-based mitigation and remediation strategies for identified issues.
- Mature the Third-Party Security Program: Play a critical role in enhancing our third-party security management program, incorporating best practices for due diligence, continuous monitoring, and offboarding. Drive program maturity through automation and process improvements.
- Proactive Threat & Vulnerability Monitoring: Utilize and integrate leading security tools to continuously monitor our third-party ecosystem, providing dynamic risk reporting and early alerts to stakeholders.
- Be a Security Champion: Advocate for and educate

Qualifications

Minimum Qualifications:
- Demonstrated experience in developing and managing cybersecurity risk frameworks such as NIST CSF, ISO 27001, SOC 2, and others
- Proficiency in conducting technical and procedural security assessments. You know what to look for and can articulate complex security issues to both technical and non-technical audiences
- Strong project management skills with a proven ability to manage multiple projects simultaneously, meet deadlines, and work effectively with diverse teams
- Ability to articulate complex security risks and recommendations clearly and concisely to leadership and stakeholders
- Deep understanding of how cybersecurity impacts business operations. You can connect technical risks to business outcomes