Governance, Risk, & Compliance (GRC) Security Risk Management Senior Analyst - Global Security Organization

The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates.

Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us — whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop — GSO protects their data and privacy, so they can have a secure and trustworthy experience.

The Security Governance, Risk, and Compliance team is responsible for working closely with cross-functional partners to manage security risks to ensure we meet all industry cybersecurity compliance standards and government regulations through developing governing policies, implementing the security control framework, conducting security risk and control assessments, and staying up-to-date on global compliance initiatives.

The Governance, Risk, & Compliance (GRC) Security Risk Management Senior Analyst involves performing comprehensive cybersecurity risk assessments to identify, assess, treat, and monitor cybersecurity risks throughout our products and enterprise. You will be responsible for working closely with cross-functional partners to evaluate risks and develop innovative mitigation strategies, provide ongoing compliance risk mitigation support, and lead various risk management projects. You would be a great fit for this role if you are enthusiastic about:
1. Maturing an industry-leading security risk management program alongside a team of outstanding individuals
2. Thriving in fast-paced environments and pivoting priorities while demonstrating the ability to quickly adapt in the face of constantly evolving cybersecurity challenges
3. Learning quickly and often with a strong appetite for acquiring new knowledge in the realm of cybersecurity and staying up-to-date on current emerging trends
4. Fostering collaboration and cross-functional partnerships to help spread awareness and drive the implementation of a strong security risk management program in order to mitigate risks faced by our organization

Responsibilities
As a Governance, Risk, & Compliance (GRC) Risk Management Senior Analyst, you will be responsible for:
- Planning, developing, implementing, maintaining, and managing Cybersecurity Risk Management framework based on industry best practices (including ISO 31000, ISO 27005, and NIST 800-39)
- Implementing and supporting scalable processes and procedures for the security risk management lifecycle including risk assessments, treatment, and monitoring
- Collaborating with risk owners to ensure risk mitigation plans are developed and completed, tracking and reporting on the progress of the remediation plans on a regular basis
- Continuously monitoring the Risk Register by assessing and re-assessing likelihood, impact, and the risk rating of all items in the Risk Register on a regular basis to maintain up-to-date status
- Maintaining exception and acceptance processes to calculate residual business risk after weighing application security gaps, compensating controls, and inherent risk scores against established security risk appetite and tolerance criteria per business line
- Mentor, coach, and train security staff and security risk analysts