Responsibilities

Team Introduction: Internal Audit is a global function responsible for providing independent assurance and evaluating the company's risk management, governance and internal control processes to determine if they are designed and operating effectively. The Internal Audit team plans and executes audit projects according to our risk-based audit plan by evaluating financial, compliance, operational, and IT processes and controls. We work with business functions in addressing risks and improving the control environment through timely and comprehensive audit work and tracking of remediation actions until completion. Hybrid Work Model: We are back to the office with a hybrid work model, with employees working in the office three days per week. Position Summary: We are looking for an experienced technology audit lead that will contribute to the ongoing development of the Global Technology Audit function and to ByteDance's efforts to enhance its risk management capabilities in support of the company's business objectives. The individual will be part of the Global Technology Audit team and innovative assurance methods to impact and influence positive business outcomes across products such as TikTok and TikTok LIVE. Responsibilities: - Audit Delivery: Lead planning and execution of technology and integrated audits supporting our key businesses, such as trust and safety, AI powered content moderation, product security, and other emerging technologies. Evaluate application security, efficacy of machine learning models, and assess information security risk management in the company's internally built systems and models. - Advanced Data Analytics: Leverage data analytics to detect risk signals and unearth insights. Apply AI technologies/Machine Learning (ML) to develop innovative AI-based audit solutions and perform audit testing. Communicate issues and recommendations to senior management. Collaborate with risk owners to ensure risk mitigation plans are developed and completed, tracking and reporting on the progress of the remediation plans on a regular basis. - Technology Risk Assessment: Assist in analysis and identification of emerging technology risks for TikTok. Develop and maintain subject matter expertise in one or more technology domains. Ability to grasp complex, home grown technology stack, comfortable speaking with engineers and product teams. - Stakeholder Relationships: Develop and maintain collaborative working relationships with management, understand the business to provide value-added services, and establish credibility as a management consultant and internal controls resource. Partner with engineering and product teams to advise on design and implementation of technology solutions. - Professional Development: Continually expand knowledge of the audit profession, industry, and company products through self-study, research, and continuing education efforts. Develop innovative methodologies for auditing new technologies and services. - Quality Assurance: Ensure the overall quality and consistency of audit work, adhering to department and professional standards. Continuously seek opportunities for audit process improvement.

Qualifications

Minimum Qualifications: - Minimum 5 years of relevant experience in Technology Audit, Product Security, Security Engineering or Security Compliance preferably within the technology sector (Social Media, Content Management, FinTech etc.), and/or Big4 consulting. Proven ability to work in a fast-paced environment with a product centric culture. - Strong understanding of security fundamentals across various cyber domains: IAM, applied cryptography, key management systems, data security, application security, web security, security protocols, API Design, threat intelligence, network security, hardware security, vulnerability management, etc. - Background and experience in one or more software or data engineering domains: large scale distributed or parallel systems, microservice architecture, data pipeline, query engines and developing large software systems. - Expertise in implementing or assessing the SDLC process, technology, and automation in a DevOps environment. Familiarity logging technologies, system monitoring, and security event management. - Proven analytical ability to assess complex technology environments against risk assessment outcomes, industry best practices, internal standards and external regulatory requirements. - Excellent problem solving, critical thinking, collaboration and communication skills combined with the ability to provide a credible technical challenge to the business. Preferred Qualifications: - Solid background and experience working with one or more of the following areas: - Major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java), - Source code and DevOps management tools (e.g., Github, Bitbucket), - Common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25), - SaaS and IaaS cloud platforms (e.g., AWS, Google Cloud Platform), - Database technologies (e.g., SQL, Oracle, SQL Server, MongoDB, Couchbase, Elasticsearch), - Professional certifications such as CISSP, CISM, GIAC, CCNA, CISA, CRISC, or CIA. - Experience working in a global organization and managing projects across different time zones. - Be able to handle ambiguity and collaborate with a global team. - Passion for emerging technologies, products and standards.

Job Information