Governance, Risk, & Compliance Services Manager - USDS

TikTok is seeking a Governance, Risk, & Compliance ("GRC") Services Lead to be part of the US Security & Privacy Risk and Compliance team. This role will have a significant impact on mitigating regulatory compliance risk, and maturing GRC operations. The primary focus of this role will be to strategically elevate three Risk & Compliance services : 1) Controls & Certifications 2) Policy Management 3) Third-Party Risk Management. The GRC Services Lead must have a "business first" mindset, working to achieve levels of maturity and efficiency, without sacrificing compliance. Responsibilities include but are not limited to :

• Partner with Controls & Certifications, Policy Management, and Third-Party Risk Management ("TPRM") team leads to oversee day-to-day operations
• Quickly understand current ways of working to identify maturity and efficiency gaps for each service
• Develop strategic plans and underlying OKRs to achieve these initiatives
• Challenge status-quo of manual operations and work to implement technology driven solutions to achieve greater coverage (., control testing) and lower manual efforts (., policy development, TPRM assessments)
• Partner across the Security & Privacy organization and business teams to proactively align GRC operations to changing business priorities and objectives; work closely with business teams to develop ongoing compliance testing strategies
• Develop metrics and reporting to communicate business initiatives and risks to the broader security and compliance organization
• Collaborate with compliance assurance and compliance reporting functions to support regulatory reporting initiatives

Minimum Qualifications :

• Experience managing multiple teams and services, to align to consistent objectives, and ability to develop talent
• Experience performing internal / external control testing as security control assessor or supporting security compliance as internal compliance resources of physical and cloud infrastructure
• Experience in gathering technical control evidence from stakeholders, coordinating review, and analyzing artifacts received to ensure they meet the intent of the control requirements and demonstrate compliance
• Expert knowledge of IT and security control frameworks (., NIST-CSF, NIST 800-53, PCI-DSS, CIS Security Controls, ISO 27001, ISO 27017, - Excellent organizational direction, time management, problem-solving, prioritization, goal setting, leadership, motivation, negotiation, and interpersonal skills while proactively seeking input
• Ability to collaborate with operations and engineering teams, easily partner and forge relationships with cross-functional teams and stakeholders, communicate technical concepts to a broad range of technical and non-technical staff, provide compliant solutions, and communicate appropriately to a wide-range of audiences, with a collaborative mindset
• Familiar with the usage of modern GRC tooling (., Archer, ServiceNow) Preferred Qualifications :
• Start-up high-tech experience
• One of the following certifications, or equivalent certifications : CISA, CDPSE, CISSP, CISM, CRISC, etc.
• Experience with risk and controls frameworks including (ISO 27001, NIST CSF, NIST RMF, FAIR, COBIT, NIST RMF, ISO 31000