InfoSec & Incident Response Counsel - USDS
Washington D.C., District of Columbia, United States
⚠️ We'll shut down after Aug 1st - try foo🦍 for all jobs in tech ⚠️
About the Team:
The TikTok USDS Legal & Compliance team oversees legal, regulatory, and data protection matters for TikTok’s U.S. Data Security operations. We work cross-functionally with technical and business stakeholders to tackle complex issues at the intersection of law, cybersecurity, and national security.
We are seeking a senior counsel to lead our legal response to information security incidents and support broader security compliance initiatives. This attorney will work closely with our Product, Privacy, Security, and Public Policy teams to strengthen incident response readiness, ensure regulatory compliance, and safeguard user trust.
In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.
Responsibilities:
- Serve as the lead attorney for information security incidents impacting USDS, coordinating legal response efforts across internal stakeholders and external partners.
- Counsel internal teams through the full incident lifecycle—detection, investigation, containment, remediation, and post-incident review—with a focus on legal risk mitigation and regulatory exposure.
- Oversee legal strategy for incident-related communications, including drafting and reviewing breach notifications to regulators and affected users.
- Develop and maintain USDS-specific incident response playbooks and escalation pathways in collaboration with Security, Risk, and Executive teams.
- Support and lead legal input for incident simulations, tabletop exercises, and after-action reviews.
- Advise on privilege considerations and lead efforts to preserve and document incident-related evidence.
- Monitor and interpret evolving U.S. and global cybersecurity regulations to inform compliance strategy and incident response protocols.
- Partner with Product Legal, Security, and Procurement to identify and mitigate security risks in contracts, vendor engagements, and product design.
- Deliver training to cross-functional teams on legal obligations and best practices related to incident response, regulatory reporting, and privilege.
- Support integration of incident data and trends into broader compliance and risk management processes, including third-party risk, audits, and internal controls.
The TikTok USDS Legal & Compliance team oversees legal, regulatory, and data protection matters for TikTok’s U.S. Data Security operations. We work cross-functionally with technical and business stakeholders to tackle complex issues at the intersection of law, cybersecurity, and national security.
We are seeking a senior counsel to lead our legal response to information security incidents and support broader security compliance initiatives. This attorney will work closely with our Product, Privacy, Security, and Public Policy teams to strengthen incident response readiness, ensure regulatory compliance, and safeguard user trust.
In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.
Responsibilities:
- Serve as the lead attorney for information security incidents impacting USDS, coordinating legal response efforts across internal stakeholders and external partners.
- Counsel internal teams through the full incident lifecycle—detection, investigation, containment, remediation, and post-incident review—with a focus on legal risk mitigation and regulatory exposure.
- Oversee legal strategy for incident-related communications, including drafting and reviewing breach notifications to regulators and affected users.
- Develop and maintain USDS-specific incident response playbooks and escalation pathways in collaboration with Security, Risk, and Executive teams.
- Support and lead legal input for incident simulations, tabletop exercises, and after-action reviews.
- Advise on privilege considerations and lead efforts to preserve and document incident-related evidence.
- Monitor and interpret evolving U.S. and global cybersecurity regulations to inform compliance strategy and incident response protocols.
- Partner with Product Legal, Security, and Procurement to identify and mitigate security risks in contracts, vendor engagements, and product design.
- Deliver training to cross-functional teams on legal obligations and best practices related to incident response, regulatory reporting, and privilege.
- Support integration of incident data and trends into broader compliance and risk management processes, including third-party risk, audits, and internal controls.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
0
0
0
Categories:
Compliance Jobs
Incident Response Jobs
Tags: Audits Compliance Incident response Privacy Risk management Strategy
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Systems Engineer jobsInformation System Security Officer jobsSystems Administrator jobsSenior Security Analyst jobsSenior Cybersecurity Engineer jobsSenior Cloud Security Engineer jobsSecurity Operations Engineer jobsCyber Security Specialist jobsInformation System Security Officer (ISSO) jobsSenior Product Security Engineer jobsSecurity Consultant jobsInformation Security Manager jobsSenior Information Security Engineer jobsSenior Network Security Engineer jobsChief Information Security Officer jobsInformation Systems Security Engineer jobsSecurity Specialist jobsSenior Cyber Security Engineer jobsIT Security Engineer jobsSenior Software Engineer jobsSenior IT Auditor jobsSoftware Engineer jobsNetwork Engineer jobsCyber Threat Intelligence Analyst jobsCybersecurity Specialist jobs
TS/SCI jobsEDR jobsBash jobsJava jobsEncryption jobsSDLC jobsRMF jobsSplunk jobsTerraform jobsIDS jobsThreat detection jobsCompTIA jobsTop Secret jobsMalware jobsOWASP jobsDocker jobsITIL jobsIPS jobsSQL jobsForensics jobsActive Directory jobsGIAC jobsFinance jobsSOC 2 jobsClearance Required jobs
MITRE ATT&CK jobsOSCP jobsDoDD 8570 jobsIntrusion detection jobsTCP/IP jobsVPN jobsHIPAA jobsIndustrial jobsData Analytics jobsCRISC jobsSOAR jobsZero Trust jobsJavaScript jobsDNS jobsIT infrastructure jobsCCSP jobsNIST 800-53 jobsMachine Learning jobsKPIs jobsAnsible jobsBanking jobsSANS jobsSOX jobsJira jobsUNIX jobs