Governance, Risk, & Compliance Services Lead - USDS at TikTok

• Job Location Washington, DC
• Seniority Executive
• Type Full-time

Share on:

Description

Responsibilities TikTok is seeking a Governance, Risk, & Compliance ("GRC") Services Lead to be part of the US Security & Privacy Risk and Compliance team.

This role will have a significant impact on mitigating regulatory compliance risk, and maturing GRC operations.

The primary focus of this role will be to strategically mature three Risk & Compliance services: 1) Controls & Certifications 2) Policy Management 3) Third-Party Risk Management.

The GRC Services Lead must have a "business first" mindset, working to achieve levels of maturity and efficiency, without sacrificing compliance.

On-site presence across teams allows the company to operate with greater speed, alignment, and agility — especially in areas like real-time decision-making, team development, and integrated execution.

As such, the company is shifting from a hybrid work model to a fully in-person schedule up to 5 days a week.

Responsibilities include but are not limited to: - Partner with Controls & Certifications, Policy Management, and Third-Party Risk Management ("TPRM") team leads to oversee day-to-day operations - Quickly understand current ways of working to identify maturity and efficiency gaps for each service - Develop strategic plans and underlying OKRs to achieve these initiatives - Challenge status-quo of manual operations and work to implement technology driven solutions to achieve greater coverage (i.e., control testing) and lower manual efforts (i.e., policy development, TPRM assessments) - Partner across the Security & Privacy organization and business teams to proactively align GRC operations to changing business priorities and objectives; work closely with business teams to develop ongoing compliance testing strategies - Develop metrics and reporting to communicate business initiatives and risks to the broader security and compliance organization - Collaborate with compliance assurance and compliance reporting functions to support regulatory reporting initiatives Qualifications Minimum Qualifications: - Experience managing multiple teams and services, to align to consistent objectives, and ability to develop talent - Experience performing internal/external control testing as security control assessor or supporting security compliance as internal compliance resources of physical and cloud infrastructure - Experience in gathering technical control evidence from stakeholders, coordinating review, and analyzing artifacts received to ensure they meet the intent of the control requirements and demonstrate compliance - Expert knowledge of IT and security control frameworks (e.g., NIST-CSF, NIST 800-53, PCI-DSS, CIS Security Controls, ISO 27001, ISO 27017, etc.) - Excellent organizational direction, time management, problem-solving, prioritization, goal setting, leadership, motivation, negotiation, and interpersonal skills while proactively seeking input - Ability to collaborate with operations and engineering teams, easily partner and forge relationships with cross-functional teams and stakeholders, communicate technical concepts to a broad range of technical and non-technical staff, provide compliant solutions, and communicate appropriately to a wide-range of audiences, with a collaborative mindset - Familiar with the usage of modern GRC tooling (i.e., Archer, ServiceNow) Preferred Qualifications: - Start-up high-tech experience - One of the following certifications, or equivalent certifications: CISA, CDPSE, CISSP, CISM, CRISC, etc.

- Experience with risk and controls frameworks including (ISO 27001, NIST CSF, NIST RMF, FAIR, COBIT, NIST RMF, ISO 31000 etc.) About USDS TikTok is the leading destination for short-form mobile video.