Apply on Employer Site

TikTok · 15 hours ago

Risk Analyst - USDS

New York, United States

Full-time

Onsite

Entry, Mid Level

$99K/yr - $196K/yr

2+ years exp

TikTok is the leading destination for short-form mobile video, and they are seeking a Risk Analyst to manage security compliance in accordance with US compliance requirements. The role involves partnering with risk owners, supporting risk quantification improvements, and preparing executive leadership risk reporting.

Content CreatorsContent DiscoveryMedia and EntertainmentSocial MediaVideo

H1B Sponsor Likely

Responsibilities

Partner with Risk Owners to manage Security and Compliance related risks in the risk register throughout the risk lifecycle in accordance with leading industry frameworks

Support development and implementation of risk quantification improvements to scale and mature current risk program operations

Drive risk mitigation through building risk treatment plans and build KRIs to monitor risk

Prepare inputs for executive leadership risk reporting providing data-driven insights on top security and compliance risks measured against thresholds to drive decision-making

Partner with business teams to analyze risk exceptions and drive remediation efforts

Qualification

GRC functionsRisk QuantificationEnterprise Risk ManagementFAIR modelISO 31000Technical Security KnowledgeGRC toolingProgramming SkillsStartup ExperienceCertificationsProblem-solvingTeamworkTime ManagementCollaborationCommunication SkillsOrganizational Skills

Required

2+ years applicable experience in relevant GRC functions (Security Risk Management) and implementing industry frameworks and technical programs including: Risk Quantification, FAIR model, ISO 31000

Exhibits strong organizational skills, effective time management, problem-solving abilities in an ambiguous environment, and exceptional teamwork and collaboration skills, particularly in leading or contributing to global and multi-functional teams

Experience identifying and managing security, compliance and enterprise risks in the register throughout the lifecycle

Experience implementing and operating an Enterprise Risk Management program

Basic technical knowledge of the tech stack, architecture, and technical security domains (i.e. SDLC, Identity and Access Management, Supply Chain etc) with the ability to clearly explain complex technical concepts to a non-technical audience

Preferred

Excellent knowledge of industry standard frameworks and experience implementing programs aligned to an industry framework (FAIR, ISO 31000, ISO 27005, and NIST 800-39)

Programming skills to develop tools and automate processes for risk monitoring and analysis based on operational data and KRI/KPIs

Competent in the usage of modern GRC tooling (Archer, ServiceNow)

Start up experience

CISM, CISA, CISSP, CCSP, CASP, ISO27001 Lead Implementer/Audit, Security+, CRISC, CGEIT, GSEC, or other relevant certifications

Benefits

Employees have day one access to medical, dental, and vision insurance

A 401(k) savings plan with company match

Paid parental leave

Short-term and long-term disability coverage

Life insurance

Wellbeing benefits

10 paid holidays per year

10 paid sick days per year

17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure)

Company

TikTok

Glassdoor3.4

TikTok is a short-form video entertainment app and social network platform. It is a sub-organization of ByteDance.

Founded in 2003

Los Angeles, California, USA

10001+ employees

https://www.tiktok.com

H1B Sponsorship

TikTok has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (979)

2024 (601)

2023 (387)

2022 (322)

2021 (133)

2020 (72)