Compliance Analyst - USDS

TikTok is seeking a Compliance Analyst to be part of the USDS Security Risk and Compliance team. The role will have a significant impact on mitigating security and compliance risk, and maturing USDS operations to meet its compliance objectives.

1. Compliance: Understand USDS compliance requirements including data security, data governance and be able to answer business driven oncall inquiries and deliver feedback to enable compliance operations.
2. Drive compliance assessments and identify compliance risks and mitigations for new product and feature launches.
3. Act as a compliance advisor and partner to enable business operations and Security and Privacy groups by assisting them in the implementation of data security, compliance requirements, and information security technologies.
4. Identify security and compliance risks to the business units and ensure appropriate data security procedures are implemented in projects and technology.

1. Deliver strong customer service to your global business stakeholders including responsiveness, follow through and clear communication.
2. Develop and measure KPIs derived from business driven oncalls to help manage team performance and key compliance risks that can impact organizational compliance and regulatory requirements.
3. Use technology to develop automated mechanisms for responding to business inquiries more efficiently.
4. Utilize case management systems to track business inquiries and compliance assessments.

1. Experience with regulatory compliance requirements and implementing data security and governance programs.
2. Experience identifying compliance or privacy risks for new product/feature launches.
3. Ability to collaborate with global engineers and product managers on product/feature launches.
4. Experience with case management tools or oncall management and ability to respond to compliance or security driven inquiries.
5. Experience conducting data driven compliance assessments including analyzing data fields and complex data flows.
6. Ability to collaborate with operations teams, communicate technical concepts to a broad range of technical and non-technical staff, and provide compliant solutions.
7. Demonstrates excellent organizational direction, time management, problem-solving, prioritization, goal setting, leadership, motivation, negotiation, and interpersonal relations; 3-5+ years applicable experience.

1. Start-up experience.
2. Experience with GDPR reporting, privacy reporting, or regulatory compliance reporting.
3. CISSP / CISA / CISM.
4. Experience with case management tools or GRC platforms (JIRA, Archer).
5. Experience with risk and controls frameworks including ISO 27001, NIST CSF, NIST RMF, FAIR, COBIT, NIST RMF, ISO 31000.