Privacy Engineering Lead - USDS

About TikTok U.S.Data Security
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. U.S. Data Security (“USDS”) is a subsidiary of TikTok in the U.S. This new, security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe. Our focus is on providing oversight and protection of the TikTok platform and U.S. user data, so millions of Americans can continue turning to TikTok to learn something new, earn a living, express themselves creatively, or be entertained. The teams within USDS that deliver on this commitment daily span across Trust & Safety, Security & Privacy, Engineering, User & Product Ops, Corporate Functions and more.

Why Join Us
Creation is the core of TikTok's purpose. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible.
Together, we inspire creativity and bring joy - a mission we all believe in and aim towards achieving every day.
To us, every challenge, no matter how difficult, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always.
At TikTok, we create together and grow together. That's how we drive impact - for ourselves, our company, and the communities we serve.
Join us.

The security team is missioned to run and operate security infrastructures, platforms and technologies, as well as to support cross-functional teams to protect our users, products and infrastructures. In this team you'll have a unique opportunity to have first-hand exposure to the strategy of the company in key security initiatives, especially in deploying and maintaining scalable and secure-by-design systems and solutions. Our challenges are not your regular day-to-day technical problems; you'll be part of a team that's developing new solutions to new challenges of a kind not previously addressed by big tech. It's working fast, at scale, and we're making a difference.

In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.

Responsibilities:
- Initial triage and fact identification: for every incident initial triage occurs to understand what has happened in order to assess the scope of impact. As part of triage, facts/evidence about the incident are uncovered.
- Review/understand what happened: all incidents will be reviewed to understand what happened and ensure that the root cause and contributing factors are identified and documented.
- Identify incident trends and common root causes to ensure that frameworks and processes are put in place to eliminate entire classes of incidents.
- Design and implement cross-organizational processes to triage, remediate, and postmortem internal and external privacy incidents across TikTok.
- Improve the efficacy and transparency of the Privacy Incident Response Program and create strong and scalable processes.
- Routinely publish reports and presentations to leadership.
- Identify patterns, propose solutions, and drive implementations to prevent issues from recurring.
- Build relationships and trust with influencers and drive programs with compassion and integrity.
- Explore new and enhance existing cross-functional collaboration.Qualifications:
- Bachelor’s degree in Computer Science, Mathematics, technical field, or equivalent practical experience.
- 5 years of experience working within the privacy incident response or similar teams, experience managing privacy or security incidents.
- 5 years of experience managing direct reports.
- Excellent in identifying process gaps, measuring progress, and balancing engineering and product efficiency with process overhead.
- Strategic problem solver with excellent legal and business judgment including demonstrated experience assessing information for risk mitigation opportunities.
- Excellent communication skills, with the ability to represent and advocate for complex business or technical concepts with senior leadership.
- Ability to communicate effectively with all levels of the organization.
- Ability to operate in ambiguous situations while bringing clarity.
- Strong team leadership and management skill, experience managing small to medium sized teams, demonstrated experience managing both over and under performing team members.
- Information Security, technology or engineering Bachelor’s degree preferred. Juris Doctorate is a bonus
- Oversee comprehensive USDS privacy compliance and privacy program governance (e.g., define operating model, capabilities, reporting, and metrics, etc.) in alignment with enterprise policies and standards

Preferred Qualifications:
- CIPP/EU/M, CIPT, CIPM, or equivalent certification preferred.
- Juris Doctorate, or Information Security, technology or engineering Bachelor’s degree preferred.

TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At TikTok, our mission is to inspire creativity and bring joy. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

TikTok is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at usds.accommodations@tiktokusds.com

This role requires the ability to work with and support systems designed to protect sensitive data and information. As such, this role will be subject to strict national security-related screening.