Security Strategy, Risk and Resilience (SRR) Senior Third Party Security Analyst - Global Security Organization

The Security Strategy, Risk, and Resilience (SRR) team is responsible for working closely with cross-functional partners to manage security risks, mature security operations, and build organizational resilience. We support our partners in meeting industry cybersecurity compliance standards and government regulations by developing and driving the organization's cybersecurity strategy, establishing and maintaining a comprehensive business continuity management program, creating and maintaining governing security policies, implementing our security control framework, conducting regular security risk and control assessments, and staying up-to-date on global compliance initiatives and evolving regulatory requirements.

The Security Strategy, Risk and Resilience (SRR) Third Party Security Senior Analyst role involves performing comprehensive cybersecurity risk assessments to reduce security risks related to ByteDance's use of third parties. You will have the opportunity to both conduct third party security assessments and monitor and reduce third party security risk for the company. You will work closely with cross-functional partners to evaluate third party risks and develop innovative mitigation and remediation strategies, provide ongoing compliance risk mitigation support, and lead various third party risk management projects. You would be a great fit for this role if you are enthusiastic about:
1. Maturing an industry-leading third party security management program alongside a team of outstanding individuals
2. Thriving in fast-paced environments and pivoting priorities while demonstrating the ability to quickly adapt in the face of constantly evolving cybersecurity challenges
3. Learning quickly and often with a strong appetite for acquiring new knowledge and staying up-to-date on current emerging trends
4. Fostering collaboration and cross-functional partnerships to help spread awareness and drive the implementation of a strong security risk management program in order to mitigate third party risks

Responsibilities
As a Governance, Risk, & Compliance (GRC) Third Party Security Senior Analyst, you will be responsible for:
- Conducting security assessments of ByteDance's third parties, which involves evaluating potential security risks before engaging with third-party vendors
- Support third-party monitoring and offboarding operations by implementing processes for ongoing security monitoring
- Assess, monitor, and manage the security risks associated with external vendors, suppliers, or service providers and report findings to various stakeholders
- Mature the process for handling security incidents related to third parties and assist with investigating and responding to security incidents
- Collaborate with Procurement, Legal, Compliance, IT, and Business Units to ensure a consistent and effective security risk management approach, including enhancing third-party contract management with risk-related clauses and SLAs
- Drive automation and efficiency in risk assessments, monitoring, and reporting by leveraging technology solutions

Qualifications

Minimum Qualifications:
- Experience in planning, designing, implementing and managing cyber security risk management frameworks such as ISO 31000, ISO 27005, and NIST 800-39
- Strong project management skills with the ability to lead and execute third party security risk management processes
- Excellent verbal and written communication skills with the ability to document, communicate, and report third party security assessments and issues
- Ability to work hands-on with cross-functional teams including legal, procurement, information security, business continuity, privacy, and IT engineering
- Ability to work at the New York City office for 3 days per week and be willing to travel to other offices, including international locations, as required to support business needs

Preferred Qualifications
- Bachelor's degree in risk or equivalent privacy, security, compliance, project management, or like discipline from an accredited college or university or measurable knowledge/experience from proven industry, military, defense, or government operations.
- CISM, CISA, CISSP, CCSP, CASP, Security+, CRISC, CGEIT, GSEC, or other relevant certifications

Job Information

[For Pay Transparency] Compensation Description (annually)

The base salary range for this position in the selected city is $118800 - $196000 annually.

Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.

Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).

The Company reserves the right to modify or change these benefits programs at any time, with or without notice.

For Los Angeles County (unincorporated) Candidates:

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Our company believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment:

1. Interacting and occasionally having unsupervised contact with internal/external clients and/or colleagues;

2. Appropriately handling and managing confidential information including proprietary and trade secret information and access to information technology systems; and

3. Exercising sound judgment.