Technical Program Manager, IT Risk & Compliance 3rd Party & Commercial Integrity

Responsibilities

TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices including Los Angeles, New York, London, Paris, Berlin, Dubai, Singapore, Jakarta, Seoul and Tokyo.

Why Join Us
Creation is the core of TikTok’s purpose. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible.
Together, we inspire creativity and bring joy – a mission we all believe in and aim towards achieving every day.
To us, every challenge, no matter how difficult, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always.
At TikTok, we create together and grow together. That’s how we drive impact – for ourselves, our company, and the communities we serve.
Join us.

The infrastructure team supports the company’s fast growth by building and operating hyper-scale datacenters, managing the life cycle of server fleet, providing cloud solutions, and developing various infrastructure services and making sure they are scalable and are reliable.

Description
Are you a seasoned Risk Management professional? Have you successfully worked with organizations to ensure compliance with international laws, regulations, and standards for third parties and our commercial arrangements with them? If yes, then you may be a great fit in a new and challenging environment where you will be involved in every aspect of Data Center vendor and commercial risk management, Globally!

Position Summary
As a Risk & Compliance professional, you are responsible for ensuring Data-System-Infrastructure Engineering procedures and processes comply with regulatory, security and privacy standards (such as ISO 27001, PCI-DSS and GDPR) as they apply to our third party vendors and partners. This role determines whether processes, supplier management and commercial SLAs sufficiently safeguard information, maintain data integrity, and allow organizational goals to be achieved effectively.
Since TikTok provides services on a global scale, this role requires a global view and approach in its day to day operations.

– Adherence to compliance requirements of ISO27001, PCI-DSS, GDPR and other applicable Federal, State, and international regulations.
– Work with the Infrastructure Engineering team to define and refine a third party risk management framework
– Conduct third party risk assessment for new vendors and existing vendors and provide support at the contractual stage
– Performing internal risk assessments and audits to verify effectiveness of contractual controls and SLAs
– Interacting with external auditors on matters related to audits of the organization’s internal controls.
– Translating non-compliant findings and control requirements into easy-to-understand and actionable items for business and process owners.
– Collaborating with cross-functional teams to facilitate remediation of control gaps.
– Serving as a point-of-contact for violations or non-conformance to regulations, policy, and procedures.
– Developing and maintaining governance, risk, and compliance documentation.
– Leading commercial efforts where prospects request preliminary audits and or assessments as part of an RFP/RFQ process.
– Translating the complexities of language used in contract law into performative checks.
– Leading Data-System-Infrastructure Engineering Informational/training sessions on topics related to compliance and best practice vendor/supplier management
– Effectively presenting information, ideas, and perspective to team members and managers while clearly responding to any questions.
– Efficiently and accurately establish metrics and deliver against them in a robust validated, consistent and repeatable process
– Develop and manage a third party risk management monitoring and reporting process that tracks third party and commercial risks
– Deliver reporting for all four disciplines of the role: VRM, CRM, Contract Management (CM) and Vendor Management (VM)

Qualifications

Minimum Requirements
– Bachelor’s degree in Business, Risk Management, Supply Chain or relevant field
– A minimum of 5-7 years’ experience in supplier management, as a compliance officer, third party/commerical Risk Manager, or similar position.
– Holds a CRISC qualification
– Outstanding communication and interpersonal abilities
– Strong managerial, planning and communication skills
– A strong delivery and project management background
– Comfortable with understanding legal contractual language
– An excellent understanding of financial, reputational, compliance and operational risk as they pertain to third party vendors and suppliers
– Extensive knowledge of GDPR and PCI-DSS
– Extensive knowledge of ISO 27001 and 31000 standards and their application

Preferred Qualifications
– 10+ years technology, Information Security experience, Information risk management, consulting, or related experience.
– CISSP, CCSP, CISA / CISM qualification a plus
– Knowledge in the following areas: Data Centers and their operations, Business Impact Analysis (BIA), Risk Assessment (RA), Asset Management, Incident Response (IR), Business Process Improvement/Reengineering (BPI/BPR)
– Excellent verbal and written communication skills; especially centered around translation of business requirements to technical requirements
– Independently manage multiple priorities and complex program components
– Ensure strong oversight of all third party risks and provide Business Partners visibility of existing and emerging risks
– Build and maintain strong influencing relationships with Business Partners and SMEs such as Commercial teams, Supply and Logistic Management, Legal, Compliance, BCP, Audit and BRCM to improve their understanding of TPRM, and ensure consideration of third party and commercial risk within their own domain frameworks
– Lead / Support other risk function initiatives as the subject matter expert for TPRM
– Ensure Third Party Risk Management activities conform to Regulatory, Group Policy and Local Procedures
– Proactively work with cross functional teams and business partners to identify areas of risk and reduce, mitigate or eliminate third party risk across data sys
– Collaborating on risk management efforts between various risk functions within the Infrastructure Engineering team
– Takes a proactive, self-starter approach, can communicate at all levels, and negotiate with diplomacy

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at dataecommerce.accommodation@tiktok.com

Job Category
Project Management
Job Type
unspecified
Salary
USD 150,000.00 - 238,000.00 per year
Country
United States
City
San Jose
Career Level
unspecified
Company
TikTok
JOB SOURCE
https://careers.tiktok.com/position/detail/7290662238079371575