Senior Data Security Compliance Specialist, Information Security

Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Lemon8, CapCut and Pico as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.

Inspiring creativity is at the core of ByteDance's mission. Our innovative products are built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and enrich life - a mission we work towards every day.

ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

The team is responsible for managing and mitigating information security risks posed within the organisation. To ensure that the company's risk management and governance strategies are up to date and aligned across the organisation, this team is responsible for working with stakeholders from cross-functional teams to perform regular risk assessments, designing and implementing risk mitigation controls. This team is also responsible for managing the optimization, operation, training, and data analysis of the internal threat platform and UEBA (User and Entity Behavior Analytics) and DLP (Data Loss Prevention) platforms within the company.

• Conduct periodic data security assessments to evaluate the efficacy of existing protective measures and identify areas for enhancement. Perform comprehensive reviews of all data processing activities (e.g., data collection, storage, transmission) to identify potential security vulnerabilities and formulate risk mitigation strategies.
• Design, implement, and maintain robust data security solutions, including sensitive data classification frameworks, data loss prevention (DLP) systems, and access control mechanisms. Utilize Security information and event management (SIEM) tools to monitor for real-time security threats and anomalies, ensuring prompt identification of potential risks.
• Conduct thorough root-cause analyses of security incidents, maintain detailed documentation of investigation processes, and develop actionable recommendations to prevent recurrence.
• Establish key performance indicators (KPIs) to monitor and ensure adherence to established security policies and industry standards. Develop pragmatic solutions to address identified security risks and fulfill compliance requirements.
• Research emerging data security technologies and industry trends (e.g., AI-driven threat detection) to recommend innovative protective solutions that enhance organizational security posture.

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• Minimum of 5 years of hands-on experience in data security, with a demonstrated focus on implementing and managing data protection solutions.
• Proficiency in programming languages (Python, SQL) and scripting tools for security automation and data analysis. Strong analytical capabilities to interpret security logs and identify latent threats.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively across cross-functional teams and deliver clear, concise training materials.

• Proven experience in deploying and administering DLP tools and encryption technologies, with a comprehensive understanding of their operational implementation.
• Professional certifications such as CISSP, CISA, or CRISC are highly desirable.