Governance, Risk Compliance Services Manager - USDS

Position: Governance, Risk, & Compliance Services Manager - USDS
Tik Tok is seeking a Governance, Risk, & Compliance ("GRC") Services Lead to be part of the US Security & Privacy Risk and Compliance team. This role will have a significant impact on mitigating regulatory compliance risk, and maturing GRC operations. The primary focus of this role will be to strategically elevate three Risk & Compliance services:
1) Controls & Certifications
2) Policy Management
3) Third-Party Risk Management. The GRC Services Lead must have a "business first" mindset, working to achieve levels of maturity and efficiency, without sacrificing compliance.

Responsibilities include but are not limited to:

* Partner with Controls & Certifications, Policy Management, and Third-Party Risk Management ("TPRM") team leads to oversee day-to-day operations

* Quickly understand current ways of working to identify maturity and efficiency gaps for each service

* Develop strategic plans and underlying OKRs to achieve these initiatives

* Challenge status-quo of manual operations and work to implement technology driven solutions to achieve greater coverage (i.e., control testing) and lower manual efforts (i.e., policy development, TPRM assessments)

* Partner across the Security & Privacy organization and business teams to proactively align GRC operations to changing business priorities and objectives; work closely with business teams to develop ongoing compliance testing strategies

* Develop metrics and reporting to communicate business initiatives and risks to the broader security and compliance organization

* Collaborate with compliance assurance and compliance reporting functions to support regulatory reporting initiatives

Minimum Qualifications:

* Experience managing multiple teams and services, to align to consistent objectives, and ability to develop talent

* Experience performing internal/external control testing as security control assessor or supporting security compliance as internal compliance resources of physical and cloud infrastructure

* Experience in gathering technical control evidence from stakeholders, coordinating review, and analyzing artifacts received to ensure they meet the intent of the control requirements and demonstrate compliance

* Expert knowledge of IT and security control frameworks (e.g., NIST-CSF, NIST 800-53, PCI-DSS, CIS Security Controls, ISO 27001, ISO 27017, etc.)

* Excellent organizational direction, time management, problem-solving, prioritization, goal setting, leadership, motivation, negotiation, and interpersonal skills while proactively seeking input

* Ability to collaborate with operations and engineering teams, easily partner and forge relationships with cross-functional teams and stakeholders, communicate technical concepts to a broad range of technical and non-technical staff, provide compliant solutions, and communicate appropriately to a wide-range of audiences, with a collaborative mindset

* Familiar with the usage of modern GRC tooling (i.e., Archer, Service Now)

Preferred Qualifications:

* Start-up high-tech experience

* One of the following certifications, or equivalent certifications: CISA, CDPSE, CISSP, CISM, CRISC, etc.

* Experience with risk and controls frameworks including (ISO 27001, NIST CSF, NIST RMF, FAIR, COBIT, NIST RMF, ISO 31000 etc.)