Third Party Risk Management Analyst - USDS
Responsibilities
The USDS Security - Risk & Compliance team is responsible for managing USDS security compliance in accordance with US compliance requirements and objectives, and providing industry leading governance, risk, and compliance services.
The core service offerings include: Compliance & Security Risk Management, Controls & Compliance Framework, Security Compliance Policies, Charters, & Protocols, Vendor Program & Third-Party Risk Management, Governance, Risk, & Compliance (GRC) Platform, and Security & Compliance Behavior & Culture.
In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.
As a Third Party Risk Management (TPRM) analyst, you will be a subject matter expert and liaison between USDS and the lines of business as it pertains to vendor compliance screening, issues and vulnerability management, and cross-functional security and privacy control assurance. You will be responsible for owning and managing daily operations of assigned vendor compliance assessment coordination, technical writing, and USDS Vendor Lifecycle management. Within this role, you will closely coordinate with USDS Procurement and Legal teams to ensure USDS Vendor Program and Procurement Policies requirements are implemented, enforced and communicated to business owners, program managers and other other applicable internal teams.
Other responsibilities include:
- Coordinating between USDS TPRM, Procurement, and Legal operations about vendor lifecycle management, contract clauses verification and compliance assessment procedures
- Technical writing and communication between cross-functional teams and Non-USDS lines of business
- Validating vendor compliance screening assessments
- Reporting vendor security risk assessments for authorized and rejected vendors
- Coordinating between USDS Risk Management, Global Security Organization, and other applicable internal teams on unresolved findings and vulnerability management
- Enhancing USDS TPRM standard operating procedure as it pertains to emerging threats and USDS Vendor Program policy requirements
- Validating security standard controls and audits as applicable to the overall USDS TPRM program and process
- Managing assessment lifecycles and dashboard reporting
- Coordinating and executing assessments for site visit assessments (physical and remote) and reporting related to TikTok USDS data centers and Content Delivery Networks (CDNs)
Qualifications
Minimum Qualifications
- Bachelor's degree in risk management or equivalent privacy, security, compliance, project management, or like discipline from an accredited college
- 3+ years of third party risk management or related security experience
- Fundamental understanding of Third Party Risk Management and direct experience partnering with Procurement and Legal functions
- Technical writing and verbal communication skills that enable executive reporting on Third Party Risk metrics
- Findings and vulnerability management experience related to the resolution and/or remediation of web vulnerabilities, bugs, and cybersecurity vulnerabilities
- Critical thinking and analytical decision making skills to forecast issues, events and/or risks pertaining to TPRM
Preferred Qualifications
- Supply Chain risk management experience related to software and hardware solutions/tooling to include but not limited to Bill of Materials (BOM) analysis
- Contract clause verification pertaining to security, privacy and business resilience controls
Want more jobs like this?
Get jobs in Washington, DC delivered to your inbox every week.
- Experience implementing vendor lifecycle procedures including Onboarding, Ongoing Monitoring and Offboarding requirements
- Experience with TPRM incident event management, policy development, enhancement and awareness
- Experience with OFAC Sanctions and foreign ownership compliance assessments
Perks and Benefits
Health and Wellness
- Health Insurance
- Dental Insurance
- Vision Insurance
- HSA
- Life Insurance
- Fitness Subsidies
- Short-Term Disability
- Long-Term Disability
- On-Site Gym
- Mental Health Benefits
- Virtual Fitness Classes
Parental Benefits
- Fertility Benefits
- Adoption Assistance Program
- Family Support Resources
Work Flexibility
- Flexible Work Hours
- Hybrid Work Opportunities
Office Life and Perks
- Casual Dress
- Snacks
- Pet-friendly Office
- Happy Hours
- Some Meals Provided
- Company Outings
- On-Site Cafeteria
- Holiday Events
Vacation and Time Off
- Paid Vacation
- Paid Holidays
- Personal/Sick Days
- Leave of Absence
Financial and Retirement
- 401(K) With Company Matching
- Performance Bonus
- Company Equity
Professional Development
- Promote From Within
- Access to Online Courses
- Leadership Training Program
- Associate or Rotational Training Program
- Mentor Program
Diversity and Inclusion
- Diversity, Equity, and Inclusion Program
- Employee Resource Groups (ERG)
Company Videos
Hear directly from employees about what it is like to work at TikTok.