top of page

Third Party Risk & Issues Analyst

Various (NY, Mountain View CA, etc.)

Job Type

Full Time



Application Deadline

September 23, 2023

About the Role

TikTok is seeking a Third Party Risk and Issues Analyst to be part of the USDS Security Risk and Compliance team. The USDS Third Party Risk Management (TPRM) mission is to identify and evaluate the risks associated with new and existing Third Party relationships, contracting, solution(s), projects and/or engagements for TikTok United States Data Security (USDS) in order to better enable the lines of business to make well informed and risk based decisions to enable business objectives and maintain leading security practices.
You will contribute and directly play a vital role in day-to-day Vendor Program Operations, Risk and Compliance assessments, resolution & issues management, monitoring & re-assessment and Third Party Metrics & Inventory. Responsibilities include but are not limited to:
- Coordination between TPRM, Procurement, and Legal operations pertaining to vendor lifecycle management, contract clauses verification and compliance assessment procedures
- Technical writing and communication between cross-functional teams and Non-USDS lines of business
- Vendor compliance screening assessments validation
- Vendor security risk assessment reporting for authorized and rejected vendors
- Unresolved findings and vulnerability management coordination between applicable internal teams
- USDS TPRM standard operating procedure enhancements pertains to emerging threats and USDS Vendor Program policy requirements
- Security standard control validations and audit validations pertaining to overall USDS TPRM program and process
- Assessment lifecycle management and dashboarding reporting
- Vendor lifecycle (onboarding, ongoing and offboarding) management coordination between Procurement, Business Units (BUs) and Legal teams
- Site visit assessment coordination, assessment (physical and remote) and reporting


- Bachelor’s degree in risk or equivalent privacy, security, compliance, project management, or like discipline from an accredited college or university or measurable knowledge/experience from proven industry, military, defense, or government operations.
- 5+ years of third party risk management or related security experience
- Fundamental understanding and direct experience partnering with Procurement and Legal functions
- Technical writing and verbal communication skills that enable executive reporting
- Supply Chain Risk management experience related to software and hardware solutions/tooling
- Findings and vulnerability management experience related to the resolution and/or remediation of web vulnerabilities, bugs and cybersecurity vulnerabilities
- Critical thinking and analytical decision making to forecast issues, events and/or risks pertaining to TPRM
- Contract clause verification pertaining to security, privacy and business resilience controls
- Vendor Screening and due diligence validation
- TPRM policy development, enhancement and awareness

About the Company

TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices including Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul and Tokyo.

bottom of page