The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates. Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience. The Security Strategy, Risk, and Resilience (SRR) team is responsible for working closely with cross-functional partners to manage security risks, mature security operations, and build organizational resilience. We support our partners in meeting industry cybersecurity compliance standards and government regulations by developing and driving the organization’s cybersecurity strategy, establishing and maintaining a comprehensive business continuity management program, creating and maintaining governing security policies, implementing our security control framework, conducting regular security risk and control assessments, and staying up-to-date on global compliance initiatives and evolving regulatory requirements. As a Security Strategy Solutions Architect, you will be responsible for designing scalable and sustainable security solutions that align with the organization's strategic objectives, regulatory requirements, and operational constraints. You will work cross-functionally with engineering, security operations, risk, and compliance teams to drive the technical realization of our security policy framework and governance initiatives. This role requires both strategic acumen and technical depth, with the ability to translate complex policies, regulations, and risks into practical security architectures and design patterns. It demands sound decision-making on build-versus-buy strategies, accurate implementation of solutions, and the ability to guide other IT professionals through expert knowledge, continuous learning, and adaptability to evolving technologies. Responsibilities As a Security Strategy Solutions Architect, you will: - Architect enterprise-wide security solutions that align with the organization's strategic security goals and regulatory obligations (e.g., NIS2, GDPR, ISO 27001, SOC 2). - Demonstrate a strong understanding of core IT security technologies—including networking, encryption, authentication, and access control—and the ability to apply them effectively in alignment with organizational strategy and business goals. - Translate high-level security policies, standards, and frameworks into actionable technical control designs and implementation plans. - Partner with infrastructure, security engineering, DevSecOps, and product teams to ensure architectural alignment and successful execution of security strategy initiatives. - Develop and maintain security reference architectures, design patterns, and implementation guidance that support secure innovation and operational scalability. - Perform security architecture reviews and assessments to evaluate adherence to policy and identify opportunities for improvement. - Provide input into the design and governance of technology roadmaps, tool selection, and strategic technology planning. - Serve as a subject matter expert on control implementation, technical security standards, and risk mitigation strategies across hybrid and cloud environments. - Work closely with the Security Policy team to ensure that new and evolving policy requirements are technically feasible and effectively embedded into systems and processes.
Minimum Qualifications: - Strong understanding of cybersecurity domains and frameworks (e.g., NIST CSF, ISO 27001, MITRE ATT&CK) and how to translate them into measurable objectives - Experience designing and operationalizing metrics or performance programs in a cross-functional environment - Strong analytical and project management skills with the ability to lead initiatives and drive results with multiple stakeholders - Excellent verbal and written communication skills, with the ability to translate complex data and strategy into business-relevant narratives - Ability to work at the Washington DC or New York office for 3 days per week and willingness to travel to other offices, including international locations, as required to support business needs Preferred Qualifications: - Minimum of 5 years of experience in security strategy, cybersecurity operations, metrics programs, consulting, or related areas - Experience working with data visualization tools such as Tableau, Power BI, or internal dashboards - Relevant certifications (e.g., CISSP, CRISC, CISM, PMP, or other strategy or security-related certifications) - Candidates should have several years of experience in cybersecurity. They should have experience with designing and implementing accurate technical solutions, and guiding cross functional partners by continuously adapting to changing technologies.
Read Full Description