About the Company
Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Helo, and Resso, as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.
Why Join Us
Creation is the core of ByteDance's purpose. Our products are built to help imaginations thrive. This is doubly true of the teams that make our innovations possible.
Together, we inspire creativity and enrich life - a mission we aim towards achieving every day.
To us, every challenge, no matter how ambiguous, is an opportunity; to learn, to innovate, and to grow as one team. Status quo Never. Courage Always.
At ByteDance, we create together and grow together. That's how we drive impact - for ourselves, our company, and the users we serve.
Join us.
About the Team
The Internal Security Risk Management & Governance team is responsible for managing and mitigating information security risks posed within the organisation. To ensure that the company's risk management and governance strategies are up to date and aligned across the organisation, this team is responsible for regular industry benchmarking and working with stakeholders from cross-functional teams to perform regular risk assessments and align risk mitigation strategies. This team is also responsible for managing the optimization, operation, training, and data analysis of the internal threat platform and UEBA (User and Entity Behavior Analytics) platform within the company.
Responsibilities
The Internal Security Risk Management & Governance Analyst will research industry best practices and technologies, then work with stakeholders from various cross-functional teams to develop strategies to mitigate the potential impact of risk materialisation. Based on formulated strategies, assist in the development and implementation of policies, procedures, and controls to prevent, detect, and respond to various risks that could impact the confidentiality, integrity, and availability of the organization's systems, data, and other critical assets.
- Perform Internal Security risk assessment; Identify and assess potential information security risks posed within the organization and the existing policies/procedures/controls mitigating such risks.
- Assess and develop overall mitigation strategies across the company to minimize the impact of relevant incidents.
- Research industry best practices and technologies, perform industry benchmarking and gap analyses.
- Develop and implement internal security risk management programs (e.g. comprehensive audit loggings, insider threat detections, privileged access management & governance), procedures, and controls to prevent, detect, and respond to relevant incidents.
- Operate insider threat detection programs and manage business stakeholders to design programs based on business understanding and risk scenarios.
- Work with stakeholders from engineering, SecOps, IT, legal, HR, Ethics to ensure that all aspects of internal information security risk are addressed.
Minimum Qualifications
- Bachelor's degree in a relevant field, such as information security, risk management, or business administration.
- At least 2 years of experience in a similar role, with a proven track record of managing internal security risk and consultancy experience.
UEBA and DLP system implementation and operation experience
- Solid problem solving skills, a strong inclination towards independent learning, and a team-oriented mindset.
- Strong written/verbal communication and excellent teamwork skills with the ability to interact effectively with stakeholders at all levels of the organization; strong analytical and problem-solving skills.
- Self-driven and results-oriented, enjoys challenging tasks, demonstrates enthusiasm for work, and can handle job pressures.
Preferred Qualifications
- Experience with using big data to generate insights
- Experience with building strong data infrastructure to support future deep data analytics
- Applied behavioral science in support of building insider threat use cases
- Experience developing and implementing internal security risk management policies, procedures, and controls. Knowledge of risk assessment methodologies and tools.
ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
