Compliance Management Specialist - Governance Risk and Compliance
TikTok
Compliance Management Specialist - Governance Risk and Compliance
Location: Washington D.C.
Employment Type: Regular
Job Code: A184823
Responsibilities
The mission of TikTok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep TikTok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the TikTok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever TikTok operates. Trust is one of TikTok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us whether they're watching videos on their For You page, interacting with a Live video, or buying products on TikTok Shop GSO protects their data and privacy, so they can have a secure and trustworthy experience. The Security Strategy, Risk, and Resilience (SRR) team is responsible for TikTok's Governance, Risk and Compliance function working closely with cross-functional partners to manage security risks, mature security operations, and build organizational resilience. We support our partners in meeting industry cybersecurity compliance standards and government regulations by developing and driving the organization's cybersecurity strategy, establishing and maintaining a comprehensive business continuity management program, creating and maintaining governing security policies, implementing our security control framework, conducting regular security risk and control assessments, and staying up-to-date on global compliance initiatives and evolving regulatory requirements. The Security Strategy, Risk and Resilience (SRR) Controls Management Specialist is an experienced individual contributor responsible for driving the lifecycle of TikTok's cybersecurity risks and controls. This includes assessing cybersecurity risk, control testing and monitoring, identification and treatment of risks and/or control gaps, and facilitating internal and external audits. In addition, this individual will drive compliance engineering projects to improve our compliance program maturity. You would be a great fit for this role if you:
- Have a strong security risk, controls, and compliance mindset with experience in evaluating and testing controls against leading security frameworks such as ISO 27001, SOC 2, PCI DSS, and others
- Enjoy fostering collaboration with multi-disciplinary, cross-functional partnerships to solve challenging and unique cybersecurity risks with product, engineering and other business teams
- Thrive in dynamic, global environments and enjoy engineering an automated solution to a problem
- Possess a strong appetite for acquiring new knowledge and skills in cybersecurity and staying up-to-date on emerging trends
- Excel at analyzing complex systems and ideas and making these easy to understand
- Can provide candid and clear feedback on critical cybersecurity initiatives from policies to application designs and much more!
Responsibilities
As a SRR Compliance Management Specialist, you will be responsible for:
- Supporting the scoping and maturity of the cybersecurity compliance program to align with industry best practices and regulatory requirements including but not limited to ISO 27001, PCI DSS, and SOC 2
- Identifying and assessing cybersecurity risks, working with risk owners to develop risk treatment plans, monitoring and reporting on cybersecurity risks, and maintaining a cybersecurity risk register
- Leading control design walkthroughs and tests of operating effectiveness for product and business line controls against security requirements and compliance obligations
- Preparing and supporting control owners and process owners for internal and external audits by conducting thorough examinations of people, processes, technologies and key system configurations and helping identify best-in-class evidence
- Influencing and collaborating with key stakeholders to support, track, and report on remediation efforts for identified security control gaps
- Maintaining a global security controls library to include periodic updates and validation of security controls and owners
- Communicating with technical and non-technical stakeholders on cybersecurity risk and control topics and program-specific reporting
Qualifications
Minimum Qualifications:
- Experience supporting cybersecurity risk controls management programs with in-depth knowledge and experience of cybersecurity frameworks including ISO 27001, PCI-DSS, SOC 2, and other regulatory requirements
- Experience collaborating closely with engineers, business teams, and security partners, including incident response, red teams, and architects to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations
- Experience with the entire risk and controls monitoring lifecycle, including identifying, assessing, monitoring, and treating risk and control gaps
- Excellent communication skills with the ability to document, communicate, and report security assessments as well as the status of the implementation, effectiveness, and remediation of cybersecurity controls with product and business leaders
- Strong project management skills with the ability to lead and execute security assessment projects and initiatives on time with multiple stakeholders
- Ability to work in D.C. office for 5 days per week and be willing to travel to other offices with the flexibility to conduct virtual meetings, including international locations, as required to support business needs
Preferred Qualifications:
- Minimum of 5 years in Information Technology (IT) or Information Security (IS) compliance and controls programs in a global organization with in-depth knowledge and experience of cybersecurity frameworks such as ISO 27001, PCI-DSS, SOC 2, and other regulatory requirements
- Experience supporting complex audit projects in a cloud-centric environment with a strong aptitude to understand emerging technologies to assure regulatory and compliance requirements are met
- Experience engineering governance, risk and compliance solutions to help automate testing and compliance workflows
- CISM, CISA, CISSP, CCSP, SecurityX, CySA+, Security+, CRISC, CGEIT, GSEC, QSA, or other relevant certifications
- ...Records Management & Compliance Analyst ProSidian is a Management And Operations Consulting Services... ...enterprise services/solutions for Risk Management | Compliance | Business Process... ...& Business Intelligence - Data Governance & Privacy [NSF0122122] for Program Support...SuggestedFull timeContract workH1bWork at office
- ...nCompany Description ProSidian is a Management And Operations Consulting Services firm... ...enterprise services/solutions for Risk Management | Compliance | Business Process | IT... ...public and private, defense and civilian government, and non-profit organizations. Our solution...SuggestedFull timeContract workTemporary workFor contractorsH1bWork at officeFlexible hours
$5,000 per month
...ProSidian is a Management and Operations Consulting Services firm... ...services/solutions for Risk Management, Compliance, Business Process, IT Effectiveness... ...a Regulatory Compliance Specialist for Independent... ...LPO, credit, and program governance stakeholders. Benefits and...SuggestedTemporary workFor contractorsWork at officeLocal areaFlexible hours- ...Partners GRC, Inc. as a Regulatory Compliance Specialist - Content & Product. In this dynamic... ...organizational and project management skills. Analytical mindset with the... ...Inc. helps organizations strengthen governance, manage risk, and build a lasting culture of compliance...SuggestedWork from homeFlexible hours
- GoTo Meeting is seeking a GRC Analyst, Federal & Customer Programs, to manage security governance, risk, and compliance obligations. Responsibilities include analyzing contracts, mapping obligations to compliance frameworks, and producing compliance matrices. The ideal...Suggested
- ...Governance, Risk, & Compliance (GRC) Analyst Washington, DC Remote Full-Time About This Role As a GRC Analyst, you will help organizations navigate... ...complex landscape of cybersecurity compliance and risk management. You will work directly with clients to assess their security...Full timeRemote work
- ...Compliance & Risk Specialist ProSidian is a Management And Operations Consulting Services firm that focuses on providing value to clients through tailored... ...Compliance [NSF0082082] candidates with relevant Government And Public Services Sector Experience (functional...Contract workH1bWork at office
$189k - $225k
...documentation, and operational execution of the company's security governance, risk, and compliance obligations. This role sits at the intersection of... ...to work effectively with legal, sourcing, program management, engineering, and security operations stakeholders. Key...Ongoing contractContract workFor contractorsFor subcontractorWork at office3 days per week- ...Description ProSidian is a Management and Operations Consulting... ...enterprise services/solutions for Risk Management, Compliance, Business Process, IT... ..., defense and civilian government, and non-profit organizations... ...a Regulatory Compliance Specialist | Compliance / Risk /...Contract workFor contractorsWork at officeLocal areaRemote work
$136k - $253k
...mission-critical decisions across government and highly regulated... ...seeking a Lead Governance & Compliance Analyst to join our Operations... ...products such as Legal Research and Risk & Fraud. This role is... ...activities, including POA&M management, vulnerability reporting,...Full timeContract workWork at officeLocal areaFlexible hours2 days per week3 days per week- ...Description ProSidian is a Management And Operations Consulting... ...enterprise services/solutions for Risk Management | Compliance | Business Process | IT... ..., defense and civilian government, and non-profit... ...a HR Policy & Compliance Specialist | Human Capital Programmatic...Full timeContract workTemporary workFor contractorsH1bWork at officeFlexible hours
$130k - $180k
...’ll help build a cutting edge security compliance program aligned with FedRAMP, SOC 2, PCI... ...-related inquiries. You will lead and manage the organization's efforts to achieve and... ...compliance program. As a Security Governance Risk & Compliance (GRC) Analyst, your responsibilities...Remote jobLocal areaFlexible hoursShift work- ...Cooley LLP in Washington, D.C. is seeking an Information Governance Compliance Coordinator to enhance service quality within the Information Governance & Privacy team. This position involves managing client file transfers, overseeing information lifecycle activities,...Work at office
- ...Healthcare Compliance Consultant(Full-Time) - Alexandria, VA (Hybrid) Strategic Management is seeking a highly motivated professional with... ...health systems and in the Federal government, including its CEO, Richard... ...compliance and compliance risk areas. Responsibilities Include...Full timeInterim roleWork at office
- ...Security is offering an exciting internship opportunity for a Governance, Risk, and Compliance (GRC) Analyst. This role is perfect for students or... ...-on experience in cybersecurity, compliance, and risk management. The internship provides the potential to convert into a...Full timeInternship
- ...Security is offering an exciting internship opportunity for a Governance, Risk, and Compliance (GRC) Analyst. This role is perfect for students or... ...‑on experience in cybersecurity, compliance, and risk management. The internship provides the potential to convert into a...Remote jobFull timeInternship
- ...Compliance Analyst (GRC/RMF Focused) The Compliance Analyst (GRC/RMF Focused) supports governance, risk, and compliance (GRC) initiatives by developing, maintaining, and managing security documentation and compliance artifacts aligned with federal standards. This role...Full timeMonday to Friday
- ...Job Description Job Description Compliance Analyst Location: Arlington, VA (On-Site... ...-critical cybersecurity support to U.S. Government agencies and critical infrastructure owners... ...to support cybersecurity governance, risk, compliance, and modernization activities...Contract workFor contractors
- ...seeking a Cybersecurity Analyst in Alexandria, VA, focused on governance, risk, and compliance (GRC) activities. The ideal candidate should have a... ...cybersecurity certifications. You will lead compliance efforts, manage security controls, and provide risk analysis reporting to...
- ...providers with expert financial, engineering, management, operational, regulatory, and strategic... ...to solve complex challenges, mitigate risk, and help clients navigate the intricate... ...and timely advice on state and federal compliance requirements across the full spectrum of...Work at officeRemote workShift work
$64k - $80k
...detail-oriented and proactive Privacy Compliance Specialist to join our team. In this role, you will... ...comply with privacy laws and regulations, manage data protection initiatives, and ensure... .... Monitor and track privacy risks, incidents, and compliance metrics; support...Full timeTemporary workWork at officeRemote workMonday to FridayFlexible hours- MDAEdge is looking for a Human Resources Benefits & Compliance Analyst to ensure compliance with employment laws and internal policies. This role is essential for managing the HR Compliance Program and providing guidance on HR best practices to business partners. The ideal...
- A property management company is seeking a Property Compliance Specialist in Washington, D.C. to ensure compliance in affordable housing. This role involves maintaining tenant files, determining eligibility for admissions, and monitoring compliance with regulations. Ideal...
$99k - $225k
...Hamilton is seeking an experienced Enterprise Cybersecurity GRC Governance Analyst in McLean, Virginia. In this role, you will bridge... ...actionable guidance. Your expertise in business process and change management will ensure critical workflows are streamlined and automated....Remote job- People, Technology & Processes, LLC is seeking an Asset Management Specialist I based in Arlington, Virginia. The role involves conducting inventories of government-owned equipment, maintaining asset records, and supporting audit processes. Candidates should possess strong...
- A leading management solutions company is seeking a full-time Records Management Specialist in Washington, DC. This role involves overseeing and ensuring compliance with regulations, developing procedures, conducting audits, and providing guidance on records management...Full timeRelocation
- ...involves providing essential guidance to NIH staff and grantee representatives, maintaining organized documentation, and managing grant compliance. Ideal candidates will have at least two years of related experience and a Bachelor's degree. The role includes monitoring...Full time
$95.5k - $149.2k
...). Professionals in project management are responsible for planning... ...coordinate resources, manage risks, and achieve project... ...comprehensive export controls compliance program to be managed within... ...work with a broad range of government agencies in the defense, intelligence...Full timeContract workPart timeInterim roleLocal areaRemote work- ...Authority, Inc. is seeking a Corporate Governance Specialist for its Washington, DC office. In this role, you will provide legal and compliance support to enhance governance and election... ...research, drafting documents, and managing governance databases. A Bachelor's degree...Work at office
- ...Senior Associate Compliance Officer Bring your expertise to JPMorgan Chase. As part of Risk Management and Compliance, you are at the center of keeping JPMorgan Chase strong... ...prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands...Work at office
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Compliance Management Specialist - Governance Risk and Compliance. Be the first to apply!
- regulatory officer Washington DC
- regulatory compliance specialist Washington DC
- senior compliance officer Washington DC
- research compliance officer Washington DC
- coding compliance specialist Washington DC
- trade compliance specialist Washington DC
- legal compliance analyst Washington DC
- medicare compliance specialist Washington DC
- entry level compliance analyst Washington DC
- aml compliance analyst Washington DC


