IT Security Risk Manager - New York

Responsibilities

Team Introduction:
The IT Security team plays a pivotal role in safeguarding ByteDance's global office network and IT infrastructure. We work closely with cross-functional partners to manage security risks and ensure compliance with industry cybersecurity standards and government regulations. Our responsibilities include managing security risks, developing governing policies, implementing security control frameworks, and driving remediation efforts within the IT scope.

Responsibilities:
- Developing, implementing and maintaining a comprehensive Cybersecurity Risk Management framework for IT, based on industry best practices (including ISO 31000, ISO 27005, and NIST 800-39).
- Establishing scalable processes and procedures for managing the security risk lifecycle, including risk identification, assessments, remediation, and continuous monitoring.
- Creating and maintaining a Risk Register based on business requirements, consistently tracking, re-assessing and updating risks while providing leadership with data-driven insights on security trends.
- Managing exception and acceptance processes to evaluate residual risks, balancing security gaps, compensating controls, and business risk tolerance.
- Collaborating with risk owners to ensure that risk mitigation plans are developed, tracked, and completed on time, while regularly reporting on remediation progress.
- Work closely with security engineers, IT teams and XFN stakeholders to implement technical security controls, enhance security configurations, and remediate high-risk vulnerabilities.
- Oversee vulnerability identification, assessment, and remediation efforts, ensuring that security patches and updates are applied effectively to minimize risk exposure.
- Ensure adherence to compliance standards by facilitating audits, developing governance policies, implementing security control frameworks, and conducting risk assessments.
- Preparing and presenting regular executive reports on security risks and compliance status, and remediation progress to leadership, providing strategic insights into the current landscape.

Qualifications

Minimum Qualifications:
- At least 5 years of experience in Governance, Risk, and Compliance (GRC) within the cybersecurity industry.
- A minimum of 3 years of experience in cybersecurity risk management, including developing cybersecurity risk management frameworks, processes for security risk lifecycle management and Risk Register.
- Proven experience collaborating with security teams (incident response, red teams, architects, engineers) to incorporate cybersecurity controls and risk management into day-to-day operations.
- A team player and motivated self-starter, resourceful with the ability to collaborate effectively with multiple stakeholders across XFN teams, business lines, and regions. Comfortable engaging in cross-regional meetings.
- Exceptional verbal and written communication skills, with the ability to translate complex technical concepts into business language.
- Strong project management skills with the ability to lead and execute security risk remediation and compliance projects and initiatives on time with multiple stakeholders
- Ability to work on-site at ByteDance offices 5 days a week and willingness to travel to international locations as needed to support business needs.

Preferred Qualifications
- Minimum of 5 years experience related to working on projects and teams related to security risk management, audit, compliance, information security, or other related fields
- Familiarity with Governance, Risk, and Compliance (GRC) technologies
- Experienced in implementing technical security controls with XFN teams
- CISM, CISA, CISSP, CCSP, CASP, ISO27001 Lead Implementer/Audit, Security+, CRISC, CGEIT, GSEC, or other relevant certifications

Job Information

【For Pay Transparency】Compensation Description (Annually)

The base salary range for this position in the selected city is $147200 - $374400 annually.​

Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.​

Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).​

The Company reserves the right to modify or change these benefits programs at any time, with or without notice.​

For Los Angeles County (unincorporated) Candidates:​

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Our company believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment:​

1. Interacting and occasionally having unsupervised contact with internal/external clients and/or colleagues;​

2. Appropriately handling and managing confidential information including proprietary and trade secret information and access to information technology systems; and​

3. Exercising sound judgment.​

About Us

Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Lemon8, CapCut and Pico as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.​

Why Join ByteDance

Inspiring creativity is at the core of ByteDance's mission. Our innovative products are built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and enrich life - a mission we work towards every day.​

As ByteDancers, we strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our Company, and our users. When we create and grow together, the possibilities are limitless. Join us.​

Diversity & Inclusion​

ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.​

Reasonable Accommodation

ByteDance is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at https://tinyurl.com/RA-request​