Responsibilities

The mission of Tik Tok's Global Security Organization is to build and earn trust by reducing risk and securing our businesses and products. Also known as "GSO", this team is the foundation of our efforts to keep Tik Tok safe, secure, and operating at scale for over 1 billion people around the world. We work to ensure that the Tik Tok platform is safe and secure, that our users' experience and their data remains safe from external or internal threats, and that we comply with global regulations wherever Tik Tok operates.

• Trust is one of Tik Tok's biggest initiatives, and security is integral to our success. In whatever ways users interact with us - whether they're watching videos on their For You page, interacting with a Live video, or buying products on Tik Tok Shop
• GSO protects their data and privacy, so they can have a secure and trustworthy experience.

Tik Tok is seeking a highly motivated and detail-oriented Governance and Compliance Senior Analyst with a solid background in Cybersecurity, IT GRC (Governance, Risk, and Compliance), and a keen interest in EU digital regulations.

Compliance Leadership

• Serve as a key internal resource on EU regulations (such as the Digital Services Act (DSA)), monitoring their implementation, executing on specific compliance requirements, and providing detailed input and analysis to relevant teams (Product, Engineering, Legal, Trust & Safety) on compliance obligations.
• Contribute significantly to the development and implementation of comprehensive compliance programs, policies, and internal controls specifically tailored to meet EU requirements.
• Assist in drafting and refining clear, actionable communication strategies to effectively disseminate compliance requirements and updates across the entire organization.

Cybersecurity & IT GRC Oversight

• Support the development and maintenance of IT governance frameworks, policies, and procedures aligned with industry best practices (e.g., NIST, ISO 27001) and global regulatory requirements.
• Actively participate in cybersecurity compliance initiatives, including performing security control validation activities across our IT infrastructure and systems.
• Conduct and document proactive risk assessments related to IT systems, data processing, and platform operations, identifying potential vulnerabilities and proposing effective mitigation strategies.
• Support the coordination of internal and external IT/cybersecurity audits, assisting in evidence gathering, responding to auditor requests, and ensuring timely and thorough remediation of any findings.

Algorithmic Accountability & Transparency

• Contribute significantly to the development and implementation of frameworks for assessing algorithmic fairness, transparency, and accountability, particularly as they relate to content recommendation systems, search functionalities, and overall user experience.
• Work closely with our AI/ML engineering teams to embed "compliance by design" and "ethics by design" principles into the entire development lifecycle of our algorithmic systems.

Cross-Functional Collaboration & Strategic Advisory

• Collaborate closely with Legal, Engineering, Product, Privacy, Public Policy, and Trust & Safety teams to seamlessly embed compliance requirements into all stages of product development and operational processes.
• Provide practical guidance and support for internal training and awareness programs on evolving regulatory compliance, cybersecurity best practices, and critical ethical considerations.
• Support compliance managers in preparing for and participating in discussions with regulatory bodies, industry associations, and external stakeholders on matters pertaining to digital regulation and compliance.

Qualifications

Minimum Qualifications

• Solid understanding and practical experience in EU digital regulations, including practical experience in their application.
• Proven track record in successfully developing, implementing, and managing comprehensive compliance programs at scale.
• Strong foundational understanding of leading cybersecurity frameworks (e.g., NIST, ISO 27001) and robust control environments.
• Exceptional analytical, critical thinking, and problem-solving skills, coupled with the ability to translate complex legal and technical concepts into clear, actionable advice for diverse technical and non-technical audiences.
• Demonstrated ability to work independently, effectively manage multiple competing priorities, and thrive in a fast-paced, dynamic, and often ambiguous environment.

Preferred Qualifications

• Industry experience in technology or social media.
• Bachelor's degree in Law, Computer Science, Information Security, Business Administration, or a closely related field.
• Minimum of 3-5 years of progressive experience in governance, risk, and compliance (GRC) roles, with a demonstrable strong focus on cybersecurity and IT compliance.
• Relevant professional certifications such as CISA, CISM, CRISC, CISSP, or CIPP/E.
• Familiarity with the unique challenges and opportunities related to algorithmic governance, fairness, and transparency in large-scale online platforms.

Compensation

The base salary range for this position in the selected city is $118,800 - $196,000 annually.

Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.

Benefits

Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).

The Company reserves the right to modify or change these benefits programs at any time, with or without notice.

Additional Information

For Los Angeles County (unincorporated) Candidates

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Our company believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment:

1. Interacting and occasionally having unsupervised contact with internal/external clients and/or colleagues;
2. Appropriately handling and managing confidential information including proprietary and trade secret information and access to information technology systems; and
3. Exercising sound judgment.