TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices, including Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul, and Tokyo.

The Global Security Organization provides industry leading security and privacy services to TikTok globally. Our organization uses four principles that guide our strategic and tactical operations. First, we champion trust and transparency, leading the charge in organizational transparency and execution of security and privacy capabilities that drive customer trust. Second, we are a business catalyst and enabler, embodying the DNA of technical innovation. Third, we drive risk informed and empowered decision making, giving our business leaders the information needed to make key decisions. Finally, we proactively identify and reduce risk while enabling innovative product development – to consistently build sustainable world-class security capabilities.

As a direct report to the Principal of Data Defense and Access Assurance Engineer within the Business Operations team, you will be a part of the Data Defense team responsible for Enterprise Data Defense and Access Assurance Operations. The Data Defense and Access Assurance team's primary focus is TikTok's global data protection operations across servers, endpoints, and cloud. As the Data Protection Operations Senior Analyst, you will be responsible for supporting the Principal Data Defense and Access Assurance Engineer in leading a team of cross-functional cyber, privacy, engineering, and data protection analysts to define, implement, manage, and measure controls to protect data in accordance with relevant geographical regulations, contractual commitments, and confidentiality requirements.

In your capacity as a key contributor and team leader within Enterprise Data Defense and Access Assurance Operations, you are part of a team that manages the security of TikTok data through the entire data lifecycle, from creation to destruction. This will include identification, classification, and protection of data across consumer data, employee data, business sensitive data and intellectual property. Further, you and your team will create a strategy for the control environment that protects TikTok data. This will entail understanding requirements, designing controls, and ultimately managing the on-going operation of those controls. Your team will also be responsible for investigating and resolving incidents that involve theft or loss of intellectual property.

The candidate must be skilled in conducting technical analysis of data, security, and business problems, as well as threats, incidents, investigations, workforce protection, and other general security-related issues. The candidate must also have the ability to communicate well, motivate and lead cross-functional and individual contributor teams independently, participate in coordinating response and defensive actions over a variety of security disciplines, and disseminate security information as appropriate in support of TikTok's critical business, go to market, and operational infrastructure needs. The candidate will develop, select, and motivate highly effective employees to execute TikTok's business model.

Tasks and Responsibilities
- Guide the development and selection of data protection technologies to meet business objectives and operational efficiencies
- Apply appropriate security measures, controls, and protections in the design of data defense processes and procedures
- Design, implement and operate technical security programs (people, process, and technology) to mitigate security threats and risks that may impact business data through a holistic global program-oriented approach
- Design and implement processes for triage and analysis of data output from data protection technologies and tools
- Support interactions with Risk and Compliance to understand control requirements and provide information to support findings for non-compliance with internal security policies
- Responsible for designing and reporting key metrics and visualizations for weekly, monthly and bimonthly cadences across multiple audiences

Knowledge and Skills:
- Excellent analytical and problem-solving skills
- Excellent communication skills (verbal and written), ability to influence without authority
- Works well under pressure within time/budget constraints to solve problems, adjust quickly to shifting priorities, and make decisions with limited information
- Ability to balance risks in ambiguous and complex situations
- Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and cross-functional teams
- Highly motivated to contribute and grow within a complex area of emerging importance
- Ability to communicate technical concepts to a broad range of technical and non-technical staff
Strong understanding of:
- Data security tools, processes, and procedures
- Data lifecyle and protection of data throughout
- Interpretation of numeric data and statistical principles
- IP and Source Code protection tools, policies, and procedures
- Industry standard frameworks
- Data classification, labelling, and data usage

Minimum Qualifications:
- Bachelors’ Degree or industry equivalent work experience in cybersecurity, international security architecture, and/or engineering in a converged security program
- 5+ years applicable experience
- High degree of integrity and trustworthiness and the ability to lead and inspire change
- Demonstrate ability to quickly assimilate to new knowledge and remain current on new developments in cybersecurity capabilities and industry knowledge
- Experience building and growing a team to meet strategic and tactical objectives; mentoring and coaching staff
- In-depth experience in designing and deploying data protection technologies and controls in enterprise-class organizations, including the following:
- Microservices architecture
- Data leakage/content monitoring and filtering
- Data classification and privacy policies
- Logging, monitoring, and security event management
- Secure information storage
- Data classification, labelling, and data usage
- Identification of data security risks

Preferred Qualifications:
- CISSP, SSCP, CAP, CCSP, CISM or applicable experience in the Information Security field
- Experience using one or more programming/scripting languages (e.g., Python, Go, Java, etc.)
- Familiarity with source code management tools (e.g., Github, Bitbucket)
- Familiarity with securing data across SaaS and IaaS cloud platforms (e.g., AWS, Google Cloud Platform)
- Familiarity with database technologies such as Graph databases, Kafka queues, Redis, Mongo and other non-relational databases
- Be able to handle ambiguity and collaborate with a global team
- Be comfortable communicating with business executives and technical teams
- Be able to motivate junior staff and contractors

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We believe individuals shouldn't be disadvantaged because of their background or identity, but instead should be considered based on their strengths and experience. We are passionate about this and hope you are too.

TikTok is committed to providing reasonable accommodations during our recruitment process. If you need assistance or accommodation, please reach out to us at USCR@tiktok.com.