ByteDance

Responsibilities

About Us

Internal Audit is a global function responsible for providing independent assurance and evaluating the company's risk management, governance and internal control processes to determine if they are designed and operating effectively. The Internal Audit team plans and executes audit projects according to our risk-based audit plan by evaluating financial, compliance, operational, and IT processes and controls. We work with business functions in addressing risks and improving the control environment through timely and comprehensive audit work and tracking of remediation actions until completion.

Hybrid Work Model: We are back to the office with a hybrid work model, with employees working in the office three days per week.

About the team

We are looking for an experienced technology audit lead that will contribute to the ongoing development of the Global Technology Audit function and to ByteDance's efforts to enhance its risk management capabilities in support of the company's business objectives. The individual will be part of the Global Technology Audit team and innovative assurance methods to impact and influence positive business outcomes across products such as TikTok, TikTok Shop and Lemon8.

Responsibilities

• Technology Audit Delivery: Lead planning and execution of operational audit programs and complex technology control assessments: Information Security, Infrastructure, AI, Privacy technology. Leverage data analytics to detect risk signals and unearth insights. Communicate issues and recommendations to senior management.
• Integrated Audit Delivery: Lead planning and execution of integrated audits supporting operations and technology for business functions and productions (Trust & Safety, Monetization, FinTech etc.).
• Technology Risk Assessment: Assist in analysis and identification of emerging technology risks for TikTok. Develop and maintain subject matter expertise in one or more technology domains.
• Stakeholder Relationships: Develop and maintain collaborative working relationships with management, understand the business to provide value-added services, and establish credibility as a management consultant and internal controls resource. Partner with engineering and product teams to advise on design and implementation of technology solutions.
• Professional Development: Continually expand knowledge of the audit profession, industry, and company products through self-study, research, and continuing education efforts. Develop innovative methodologies for auditing new technologies and services.
• Quality Assurance: Ensure the overall quality and consistency of audit work, adhering to department and professional standards. Continuously seek opportunities for audit process improvement.

Qualifications

Minimum Qualifications

• Experience: Minimum 5 years of relevant experience in Technology and Operational audits, Risk Management, Cyber Security Compliance or Security Engineering preferably within the technology sector (Social Media, eCommerce, Fintech etc.), and/or Big4 consulting.
• Education: Bachelor's degree in Information Systems, Computer Science or any other related field.
• Portfolio Management: Demonstrated experience managing a portfolio of audits, with concurrent oversight and execution of multiple projects.
• Integrated Audits: Experience managing integrated audits that address a combination of financial/operational and technology objectives.
• Industry Experience: Proven ability to work in a fast-paced environment with a product centric culture. Experience of working at a startup company or tech/fintech company is a plus.
• Analytical Skills: Proven analytical ability to assess complex technology environments against risk assessment outcomes, industry best practices, internal standards and external regulatory requirements.
• Communication Skills: Ability to write at a publication quality level in order to communicate findings and recommendations to the senior management team.

Preferred Qualifications

• Knowledge of external leading risk and controls frameworks such as COBIT (Control Objectives for Information and related Technology), ISO27000, NIST etc.
• Professional certifications such as CISSP, GIAC, CCNA, CISA, or CIA.
• Experience working in a global organization and managing projects across different time zones.
• Passion for emerging technologies, products and standards. Strong critical thinking skills combined with the ability to provide a credible technical challenge to the business.