Insider Threat Lead, Security Governance and Compliance

Responsibilities

About the Team
The Internal Threat Management team is responsible for managing and mitigating information security risks posed within the organisation. To ensure that the company's risk management and governance strategies are up to date and aligned across the organisation, this team is responsible for regular industry benchmarking and working with stakeholders from cross-functional teams to perform regular risk assessments and align risk mitigation strategies. This team is also responsible for managing the optimization, operation, training, and data analysis of the internal threat platform and UEBA (User and Entity Behavior Analytics) and DLP (Data Loss Prevention) platforms within the company.

Responsibilities
1. Maintain a robust risk governance framework that supports internal threat management, ensuring it is aligned with the organization’s overall risk management and compliance strategies.
2. Establish and manage processes for risk assessment, control testing, and risk mitigation related to internal threats, ensuring that these processes are effective and aligned with industry best practices.
3. Develop and define key risk metrics to assess the effectiveness of internal threat detection and mitigation strategies
4. Continuously monitor and analyze internal threat data, identifying emerging trends, patterns, and areas of concern related to insider threats
5. Develop and deliver regular risk reports for senior management, providing insights on the status and effectiveness of internal threat programs, key risk indicators, and threat trends.
6. Work closely with internal stakeholders to ensure that policies and procedures are properly followed and that risk management processes are integrated across departments.

Qualifications

Minimum Qualifications
1. Bachelor's degree or above, with a preference for majors in Information Security, Computer Science, Information Technology, privacy, risk or a related field. Professional certifications such as CISSP, CISM, CRISC, or CGEIT are highly desirable.
2. Minimum of 5 years of work experience, with at least 3 years of team management experience and a preference for experience in risk management and insider threat program.
3. Strong experience in data analysis and the ability to extract insights from complex risk data to identify patterns and trends. Expertise in developing dashboards and reports that clearly communicate complex risk data to senior management and non-technical stakeholders.
4. Proficient in risk governance frameworks and best practices for internal threat management, including risk assessments, control testing, and compliance.
5. Solid understanding of insider threat risks, including data exfiltration, privilege abuse, policy violations, and insider fraud.
6. Strong communication skills, with the ability to translate complex risk-related information into clear, actionable insights for diverse audiences.

Preferred Qualifications
1. Familiarity with regulatory requirements related to data protection and internal threat management (e.g., GDPR, CCPA, HIPAA).
2. Experience with designing, implementation and operation of commercial or in-house UBA/UEBA solutions (e.g., Splunk, Exabeam) are highly desirable
3. Experience with threat modeling methodologies (e.g., STRIDE, PASTA) to analyze and assess security threats within software applications, systems, and networks.

Job Information

About Us

Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Lemon8, CapCut and Pico as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.​

Inspiring creativity is at the core of ByteDance's mission. Our innovative products are built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and enrich life - a mission we work towards every day.​

As ByteDancers, we strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our Company, and our users. When we create and grow together, the possibilities are limitless. Join us.​

Diversity & Inclusion​

ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.​