Internal Security Risk Management & Governance Manager

About the Company

Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Helo, and Resso, as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.

Why Join Us

Creation is the core of ByteDance's purpose. Our products are built to help imaginations thrive. This is doubly true of the teams that make our innovations possible.

Together, we inspire creativity and enrich life - a mission we aim towards achieving every day.

To us, every challenge, no matter how ambiguous, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always.

At ByteDance, we create together and grow together. That's how we drive impact - for ourselves, our company, and the users we serve.

Join us.

About the Team

The Internal Security Risk Management & Governance team is responsible for managing and mitigating information security risks posed within the organisation. To ensure that the company's risk management and governance strategies are up to date and aligned across the organisation, this team is responsible for regular industry benchmarking and working with stakeholders from cross-functional teams to perform regular risk assessments and align risk mitigation strategies. This team is also responsible for managing the optimization, operation, training, and data analysis of the internal threat platform and UEBA (User and Entity Behavior Analytics) platform within the company.

Responsibilities

- Develop and maintain the organization's insider risk security governance framework, including policies, procedures, and standards that align with industry best practices and regulatory requirements.

- Conduct regular security risk assessments to identify vulnerabilities and risks, and work with relevant departments to develop mitigation strategies.

- Provide guidance and support for compliance with data protection laws, regulations, and standards (e.g., GDPR, ISO 27001, SOC 2).

- Coordinate with IT and business units to ensure insider threat security measures are integrated into technology projects and business processes.

- Translate business and technology requirements into relevant insider threat rules for operational teams to implement

- Monitor and report on the effectiveness of security controls and the status of security risks to senior management.

- Develop and lead security awareness training programs to educate employees on security best practices and emerging threats.

- Stay abreast of the latest security trends, threats, and technologies to continuously improve the organization's insider threat security posture.

Minimum Qualifications

- Bachelor's or master's degree in Information Security, Computer Science, Information Technology, or a related field.

- Professional certifications such as CISSP, CISM, CRISC, or CGEIT are highly desirable.

- A minimum of 5 years of experience in information security, risk management, or IT governance, with at least 2 years in a leadership role.

- Strong knowledge of information security principles, frameworks (e.g., NIST, ISO 27001), and regulations (e.g., GDPR, CCPA).

- Experience with security risk assessment methodologies and tools.

- Familiarity with data analysis tools and software to support risk analysis and reporting efforts, ensuring data-driven decision-making in the risk management process.

- Skilled in creating and maintaining risk registers, developing risk treatment plans, and effectively communicating risk posture to stakeholders at all levels of the organization.

- Excellent communication and interpersonal skills, with the ability to engage and influence stakeholders at all levels.

- Strong analytical and problem-solving skills.

- Proven ability to manage and prioritize multiple projects and tasks.

Preferred Qualifications

- Experience with designing, implementation and operation of commercial or in-house UBA/UEBA solutions (e.g., Splunk, Exabeam) are highly desirable

- Experience with threat modeling methodologies (e.g., STRIDE, PASTA) to analyze and assess security threats within software applications, systems, and networks.

ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.