The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates. Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience. TikTok is seeking a highly motivated and detail-oriented Governance and Compliance Senior Analyst with a solid background in Cybersecurity, IT GRC (Governance, Risk, and Compliance), and a keen interest in EU digital regulations. Responsibilities: Compliance Leadership: - Serve as a key internal resource on EU regulations (such as the Digital Services Act (DSA)), monitoring their implementation, executing on specific compliance requirements, and providing detailed input and analysis to relevant teams (Product, Engineering, Legal, Trust & Safety) on compliance obligations. - Contribute significantly to the development and implementation of comprehensive compliance programs, policies, and internal controls specifically tailored to meet EU requirements. - Assist in drafting and refining clear, actionable communication strategies to effectively disseminate compliance requirements and updates across the entire organization. Cybersecurity & IT GRC Oversight: - Support the development and maintenance of IT governance frameworks, policies, and procedures aligned with industry best practices (e.g., NIST, ISO 27001) and global regulatory requirements. - Actively participate in cybersecurity compliance initiatives, including performing security control validation activities across our IT infrastructure and systems. - Conduct and document proactive risk assessments related to IT systems, data processing, and platform operations, identifying potential vulnerabilities and proposing effective mitigation strategies. - Support the coordination of internal and external IT/cybersecurity audits, assisting in evidence gathering, responding to auditor requests, and ensuring timely and thorough remediation of any findings. Algorithmic Accountability & Transparency: - Contribute significantly to the development and implementation of frameworks for assessing algorithmic fairness, transparency, and accountability, particularly as they relate to content recommendation systems, search functionalities, and overall user experience. - Work closely with our AI/ML engineering teams to embed "compliance by design" and "ethics by design" principles into the entire development lifecycle of our algorithmic systems. Cross-Functional Collaboration & Strategic Advisory: - Collaborate closely with Legal, Engineering, Product, Privacy, Public Policy, and Trust & Safety teams to seamlessly embed compliance requirements into all stages of product development and operational processes. - Provide practical guidance and support for internal training and awareness programs on evolving regulatory compliance, cybersecurity best practices, and critical ethical considerations. - Support compliance managers in preparing for and participating in discussions with regulatory bodies, industry associations, and external stakeholders on matters pertaining to digital regulation and compliance.
Minimum Qualifications - Solid understanding and practical experience in EU digital regulations, including practical experience in their application. - Proven track record in successfully developing, implementing, and managing comprehensive compliance programs at scale. - Strong foundational understanding of leading cybersecurity frameworks (e.g., NIST, ISO 27001) and robust control environments. - Exceptional analytical, critical thinking, and problem-solving skills, coupled with the ability to translate complex legal and technical concepts into clear, actionable advice for diverse technical and non-technical audiences. - Demonstrated ability to work independently, effectively manage multiple competing priorities, and thrive in a fast-paced, dynamic, and often ambiguous environment. Preferred Qualifications - Industry experience in technology or social media. - Bachelor's degree in Law, Computer Science, Information Security, Business Administration, or a closely related field. - Minimum of 3-5 years of progressive experience in governance, risk, and compliance (GRC) roles, with a demonstrable strong focus on cybersecurity and IT compliance. - Relevant professional certifications such as CISA, CISM, CRISC, CISSP, or CIPP/E. - Familiarity with the unique challenges and opportunities related to algorithmic governance, fairness, and transparency in large-scale online platforms.
Read Full Description