Job Description

Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Helo, and Resso, as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content. The infrastructure team supports the company's fast growth by building and operating hyperscale datacenters and a vastly distributed global EDGE network. To support fast growth and manage the massive content on the platform, ByteDance's infrastructure team is building hyper-scale datacenters and a widely distributed Global EDGE and Content Distribution Networks (CDNs). The team also manages the life cycle of server fleet, resource allocation, creates various integrated cloud-based solutions, and provides infrastructure services.The Regional IT Risk & Compliance Manager, APAC, Middle-East and Africa will work across teams at ByteDance to continue building an IT regulatory compliance program, focusing on emerging requirements in Privacy, Data protection, SOC2, ISO 27001, and regional telecom regulatory frameworks. The individual in the role will manage continuous improvement efforts and remediation plans to improve efficiency and effectiveness of IT, regulatory, data, security, and privacy controls in the EDGE / CDN Infrastructure space.Responsibilities- Provide governance and oversight of IT security compliance for ByteDance EDGE Infrastructure.- Conduct audits to identify compliance risks and develop remediation plans.- Work in legal, GR, PR and other cross-functional teams to help in conduct risk assessments for expansion of EDGE / CDN infrastructure into new geographies. - Develop policy, procedure, and process to ensure that IT controls are compliant with regulations and ByteDance policies.- Act independently to ensure that compliance issues within the organization are being resolved.- Develop and conduct audits of IT practices to identify policy violations.- Collaborate with cross-functional teams to facilitate remediation of compliance gaps.- Serve as a point-of-contact for violations of regulations, policy, and procedures.- Develop and maintain governance, risk, and compliance documentation.- Serve as a SME on privacy, Data protection regulations and advise employees and management on privacy laws and specifications (e.g., GDPR, CCPA).- Develop and oversee user security awareness and compliance training programs. - Work with Engineering and other Cross-functional teams in creating / maintaining the Standard Operating procedures (SOPs) for compliance requirements. Qualifications- BA/BS degree, preferably in Risk Management, Business, Finance, or other quantitative field.- 8+ years of corporate risk management, consulting, or related experience- Hands on experience in privacy and data protection laws and regulations (GDPR, PCI-DSS, HIPAA).- Hands on experience in IT controls frameworks (NIST, ISO 270xx, SOC2, CIS).- General knowledge of IT systems (applications, operating systems, databases, infrastructure).- Experience working in AWS, Azure, Oracle, or GCP Cloud environments.
Not Specified