Insider Risk Specialist, Security Governance and Compliance

Location:

Singapore

Team:

Security

Employment Type:

Regular

Job Code:

A81144

Responsibilities

About the Team

The team is responsible for managing and mitigating information security risks posed within the organisation. To ensure that the company's risk management and governance strategies are up to date and aligned across the organisation, this team is responsible for working with stakeholders from cross-functional teams to perform regular risk assessments, designing and implementing risk mitigation controls. This team is also responsible for managing the optimization, operation, training, and data analysis of the internal threat platform and UEBA (User and Entity Behavior Analytics) and DLP (Data Loss Prevention) platforms within the company.

Responsibilities

• Develop and maintain the organization's insider risk security governance framework, including risk scenario mapping to controls, policies, procedures, and standards that align with industry best practices and regulatory requirements. Such framework must be sufficiently detailed to allow ease of execution with clarity in roles and responsibility amongst stakeholders.
• Communicate the insider threat governance framework to key stakeholders and build effective collaboration models with stakeholders with clear roles and responsibilities, transparent tracking of metrics and seamless management reporting.
• Conduct regular security risk assessments to identify risk trends, vulnerabilities and alert patterns, and work with relevant departments to develop mitigation and remediation strategies.
• Monitor and report on the effectiveness of security controls and the status of security risks to senior management. Communicate risk assessment and trend analysis findings, risks and gaps to both technical and non-technical program stakeholders.
• Coordinate with IT and business units to ensure insider threat security measures are integrated into technology projects and business processes.
• Identify and garner the support of internal and external stakeholders to collaborate on driving change, including risk remediation and leading parties involved to meet risk remediation objectives.
• Translate business and technology requirements into relevant insider threat rules for operational teams to implement
• Stay abreast of the latest security trends, threats, and technologies to continuously improve the organization's insider threat security posture.
• Conduct analysis of large complex datasets involving insider risks, track metrics and identify gaps and vulnerabilities
• Understanding emerging insider risks to build and improve proactive threat detection.

Qualifications

Minimum Qualifications

• Bachelor's degree or above, with a preference for majors in Information Security, Computer Science, Information Technology, privacy, risk or a related field. Professional certifications such as CISSP, CISM, CRISC, or CGEIT are highly desirable.
• Minimum of 5 years of work experience, with a preference for experience in DLP (Data Loss Prevention), UEBA (User and Entity Behavior Analytics), or security platforms-related work.
• Experience with security risk assessment methodologies and tools.
• Skilled in creating and maintaining risk registers, developing risk treatment plans, and effectively communicating risk posture to stakeholders at all levels of the organization.
• Self-driven and results-oriented, enjoys challenging tasks, demonstrates enthusiasm for work, and can handle job pressures.
• Excellent communication and interpersonal skills, with the ability to engage and influence stakeholders at all levels.
• Proven ability to manage and prioritize multiple projects and tasks.

Preferred Qualifications

• Hands on in-house experience with designing, implementation and operation of commercial or in-house UBA/UEBA solutions (e.g., Splunk, Exabeam) are highly desirable
• Experience with threat modeling methodologies (e.g., STRIDE, PASTA) to analyze and assess security threats within software applications, systems, and networks.

Job Information

About Us

Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Lemon8, CapCut and Pico as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.

Why Join ByteDance

Inspiring creativity is at the core of ByteDance's mission. Our innovative products are built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and enrich life - a mission we work towards every day.

As ByteDancers, we strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our Company, and our users. When we create and grow together, the possibilities are limitless. Join us.

Diversity & Inclusion

ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.