Risk Management and Third Party Assurance Analyst – USDS

TikTok logo
  • Individual Contributor
  • TSPA Members
  • Washington, D.C., US
  • Experience level: 3+ years
This content was reproduced from the employer’s website on January 30, 2022. Please visit their website below for the most up-to-date information about this position.
At TikTok, we’re committed to a process of continuous innovation and improvement in our user experience and safety controls. We’re proud to be able to serve a global community of more than a billion people who use TikTok to creatively express themselves and be entertained, and we’re dedicated to giving them a platform that builds opportunity and fosters connection. We also take our responsibility to safeguard our community seriously, both in how we address potentially harmful content and how we protect against unauthorized access to user data. U.S. Data Security (“USDS”) is a standalone department of TikTok in the U.S. This new security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and user data in the U.S., so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained.
The teams within USDS that deliver on this commitment daily span Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more. You will be a part of the Risk & Compliance team as part of the U.S. Security and Privacy Operations Organization. You will be primarily responsible for defining security risk processes, coordinating risk assessments, and developing risk metrics. You will also be responsible for implementing and operating a process to prioritize, monitor, remediate, or accept risk. Additionally, the Analyst will be involved in proactively managing risks introduced by third parties, business partners, and strategic investments. In this role, you will have the ability to participate in developing the U.S. Third Party Risk Management (TPRM) program that has end-to-end strategic, operational, and functional responsibilities.
You will be responsible for conducting third-party risk assessments including assessing, mitigating, monitoring, and reporting on third-party-related risks while enabling the business to meet its objectives across the enterprise.
– Performing risk assessments, managing the risk inventory, assigning ownership, tracking risk items, and prioritizing risks
– Perform risk monitoring, managing the risk remediation process, ensuring risk treatment plans are executed effectively
– Manage risk reporting, creating reports to inform stakeholders and risk owners
– Facilitate third party risk lifecycle including conducting assessments, reporting results, developing findings and recommended remediation plan while maintaining excellent customer service
– Help develop business-driven risk profiles of third parties detailing service relationships to best assess the risks and impact of the relationship
– Monitor and assess third party performance to ensure compliance with the TPRM program, regulatory requirements, and service level agreements
– Assist in developing innovative solutions to help evaluate complex business, technology, and risk issues in a fast paced environment


– Bachelor’s degree in risk or equivalent privacy, security, compliance, project management, or like discipline from an accredited college or university or measurable knowledge/experience from proven industry, military, defense, or government operations.
– 3+ years of risk management experience
– Experience reporting risk within a global enterprise, developing a culture of risk informed decision making
– Experience with enterprise risk management
– Experience with risk management principles including risk identification, mitigation, prioritization, treatment, classification, and monitoring
– Experience conducting risk assessments
– Experience with M&A and/or third party risk management experience
– Experience executing control evaluation and management processes in a fast paced, technical environment
– A highly motivated individual, with strong communication and relationship-building skills, and demonstrating a record of ongoing accomplishment and commitment to excellence
– Experience working hands-on with cross-functional teams including legal, procurement, information security, business continuity, privacy, and IT engineering while assessing processes, risks, and implementing controls to develop a culture of risk-informed decision making

Preferred Qualifications

– Relevant industry experience including technology, entertainment, etc.
– Competent in the usage of modern GRC tooling
– Knowledge of controls frameworks and industry standard frameworks (FAIR, COBIT, NIST CSF, SOC, ISO, etc.)
– Industry relevant certification (CISA, CISSP, etc.)

To apply for this job please visit careers.tiktok.com.