Enterprise Security Risk Manager

1 Month ago • 5-8 Years • Cyber Security • $147,200 PA - $374,400 PA

Job Summary

Job Description

The Enterprise Security Risk Manager at ByteDance will develop, implement, and maintain a comprehensive cybersecurity risk management framework for IT. Responsibilities include managing the security risk lifecycle, creating and maintaining a Risk Register, collaborating with risk owners, overseeing vulnerability remediation, ensuring compliance, and presenting executive reports. The ideal candidate will have at least 5 years of GRC experience in cybersecurity, proven experience collaborating with security teams, and exceptional communication skills. The role requires on-site work in San Jose with potential international travel.
Must have:
  • 5+ years GRC experience in cybersecurity
  • Develop cybersecurity risk management frameworks
  • Collaborate with security & IT teams
  • Manage security risk lifecycle
  • Exceptional communication skills
  • Compliance and executive reporting
Good to have:
  • GRC technologies
  • Implementing technical security controls
  • CISM, CISA, CISSP, or other relevant certifications
Perks:
  • Medical, dental, and vision insurance
  • 401(k) savings plan with company match
  • Paid parental leave
  • Paid holidays, sick days, and personal time

Job Details

Responsibilities
Team Introduction: The IT Security team plays a pivotal role in safeguarding ByteDance's global office network and IT infrastructure. We work closely with cross-functional partners to manage security risks and ensure compliance with industry cybersecurity standards and government regulations. Our responsibilities include managing security risks, developing governing policies, implementing security control frameworks, and driving remediation efforts within the IT scope. Responsibilities: - Developing, implementing and maintaining a comprehensive Cybersecurity Risk Management framework for IT, based on industry best practices (including ISO 31000, ISO 27005, and NIST 800-39). - Establishing scalable processes and procedures for managing the security risk lifecycle, including risk identification, assessments, remediation, and continuous monitoring. - Creating and maintaining a Risk Register based on business requirements, consistently tracking, re-assessing and updating risks while providing leadership with data-driven insights on security trends. - Managing exception and acceptance processes to evaluate residual risks, balancing security gaps, compensating controls, and business risk tolerance. - Collaborating with risk owners to ensure that risk mitigation plans are developed, tracked, and completed on time, while regularly reporting on remediation progress. - Work closely with security engineers, IT teams and XFN stakeholders to implement technical security controls, enhance security configurations, and remediate high-risk vulnerabilities. - Oversee vulnerability identification, assessment, and remediation efforts, ensuring that security patches and updates are applied effectively to minimize risk exposure. - Ensure adherence to compliance standards by facilitating audits, developing governance policies, implementing security control frameworks, and conducting risk assessments. - Preparing and presenting regular executive reports on security risks and compliance status, and remediation progress to leadership, providing strategic insights into the current landscape.
Qualifications
Minimum Qualifications: - At least 5 years of experience in Governance, Risk, and Compliance (GRC) within the cybersecurity industry. - A minimum of 3 years of experience in cybersecurity risk management, including developing cybersecurity risk management frameworks, processes for security risk lifecycle management and Risk Register. - Proven experience collaborating with security teams (incident response, red teams, architects, engineers) to incorporate cybersecurity controls and risk management into day-to-day operations. - A team player and motivated self-starter, resourceful with the ability to collaborate effectively with multiple stakeholders across XFN teams, business lines, and regions. Comfortable engaging in cross-regional meetings. - Exceptional verbal and written communication skills, with the ability to translate complex technical concepts into business language. - Strong project management skills with the ability to lead and execute security risk remediation and compliance projects and initiatives on time with multiple stakeholders - Ability to work on-site at ByteDance offices 5 days a week and willingness to travel to international locations as needed to support business needs. Preferred Qualifications - Minimum of 5 years experience related to working on projects and teams related to security risk management, audit, compliance, information security, or other related fields - Familiarity with Governance, Risk, and Compliance (GRC) technologies - Experienced in implementing technical security controls with XFN teams - CISM, CISA, CISSP, CCSP, CASP, ISO27001 Lead Implementer/Audit, Security+, CRISC, CGEIT, GSEC, or other relevant certifications
Job Information
【For Pay Transparency】Compensation Description (Annually)

The base salary range for this position in the selected city is $147200 - $374400 annually.

Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience, and location. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and restricted stock units.

Benefits may vary depending on the nature of employment and the country work location. Employees have day one access to medical, dental, and vision insurance, a 401(k) savings plan with company match, paid parental leave, short-term and long-term disability coverage, life insurance, wellbeing benefits, among others. Employees also receive 10 paid holidays per year, 10 paid sick days per year and 17 days of Paid Personal Time (prorated upon hire with increasing accruals by tenure).

The Company reserves the right to modify or change these benefits programs at any time, with or without notice.

For Los Angeles County (unincorporated) Candidates:

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Our company believes that criminal history may have a direct, adverse and negative relationship on the following job duties, potentially resulting in the withdrawal of the conditional offer of employment:

1. Interacting and occasionally having unsupervised contact with internal/external clients and/or colleagues;

2. Appropriately handling and managing confidential information including proprietary and trade secret information and access to information technology systems; and

3. Exercising sound judgment.

About Us

Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Lemon8, CapCut and Pico as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.

Why Join ByteDance

Inspiring creativity is at the core of ByteDance's mission. Our innovative products are built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and enrich life - a mission we work towards every day.

As ByteDancers, we strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our Company, and our users. When we create and grow together, the possibilities are limitless. Join us.

Diversity & Inclusion

ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.

Reasonable Accommodation

ByteDance is committed to providing reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs or other reasons protected by applicable laws. If you need assistance or a reasonable accommodation, please reach out to us at

Similar Jobs

Thales - NOC Engineer

Thales

Rehovot, Center District, Israel (Hybrid)
3 Weeks ago
nextgen-clearing - DevOps Engineer

nextgen-clearing

Mumbai, Maharashtra, India (On-Site)
3 Months ago
bytedance - Software Engineer Intern (Network Engineering) - 2025 Summer (PhD)

bytedance

San Jose, California, United States (On-Site)
7 Months ago
Anavation LLC - Security Engineer

Anavation LLC

Washington, District Of Columbia, United States (On-Site)
2 Weeks ago
limit break - Senior Site Reliability Engineer

limit break

Tokyo, Japan (On-Site)
9 Months ago
PwC - ETIC, Cybersecurity Graduate Program (German Speaker)

PwC

Cairo, Cairo Governorate, Egypt (On-Site)
7 Months ago
OpenText - Software Security Research

OpenText

Bengaluru, Karnataka, India (On-Site)
8 Months ago
PwC - Associate_Advisory_IA_GRC_Risk Consulting_Mumbai

PwC

Mumbai, Maharashtra, India (On-Site)
8 Months ago
Ion - Intermediate IT Auditor, Italy

Ion

Collecchio, Emilia-Romagna, Italy (On-Site)
7 Months ago
bytedance - Software Engineer, Data Security

bytedance

San Jose, California, United States (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Daxko - Senior Application Security Engineer

Daxko

Birmingham, Alabama, United States (Remote)
3 Months ago
Sony Pictures Entertainment - Sr. Engineer, Information Security

Sony Pictures Entertainment

Culver City, California, United States (On-Site)
3 Days ago
warner bros games - Senior Software Engineer

warner bros games

Hyderabad, Telangana, India (Hybrid)
3 Months ago
ManyChat - Lead Cyber Operations Engineer

ManyChat

Barcelona, Catalonia, Spain (Hybrid)
3 Days ago
Barracuda Networks Inc - Cybersecurity Engineer

Barracuda Networks Inc

Chelmsford, Massachusetts, United States (Hybrid)
2 Months ago
Egnyte - Senior Cloud Security Engineer

Egnyte

Poznań, Greater Poland Voivodeship, Poland (Remote)
3 Weeks ago
Roofstacks - Senior Platform Engineer

Roofstacks

Istanbul, İstanbul, Türkiye (On-Site)
3 Months ago
Vercel - Engineering Manager, Security Operations

Vercel

San Francisco, California, United States (Hybrid)
2 Weeks ago
Fortra - Technical Partner Alliance Manager

Fortra

United States (On-Site)
2 Weeks ago
Loft Orbital - Senior Security Engineer

Loft Orbital

France (Remote)
1 Week ago

Get notifed when new similar jobs are uploaded

Jobs in San Jose, California, United States

Biofire DX - Logistics Coordinator - Night Shift

Biofire DX

Durham, North Carolina, United States (On-Site)
3 Weeks ago
Crunchyroll - Principal Technical Program Manager

Crunchyroll

Dallas, Texas, United States (Hybrid)
3 Weeks ago
Epic Games - Senior Tools Programmer - Interoperability

Epic Games

Cary, North Carolina, United States (On-Site)
2 Months ago
Google - Senior Software Developer, Site Reliability Engineering, Google Cloud

Google

San Francisco, California, United States (On-Site)
5 Months ago
bytedance - Software Developer Graduate (Routing Verification & Emulation)

bytedance

San Jose, California, United States (On-Site)
2 Months ago
The Walt Disney Company - Senior Machine Learning Engineer - Ad Platforms

The Walt Disney Company

Santa Monica, California, United States (On-Site)
1 Month ago
Tencent - Senior Strategic Sales Executive

Tencent

California, United States (On-Site)
3 Months ago
Qualcomm - Physical Design Engineer

Qualcomm

San Diego, California, United States (On-Site)
1 Week ago
The E.W. Scripps Company - Account Executive, Political (Digital & OTT)

The E.W. Scripps Company

Washington, District Of Columbia, United States (Hybrid)
2 Weeks ago
Clear Watery Analytics - Subject Matter Expert - Professional Services

Clear Watery Analytics

Boise, Idaho, United States (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Ion - Senior Security Architect

Ion

London, England, United Kingdom (On-Site)
7 Months ago
PwC - IN-Senior Associate_SmartCitiesGIS _Cities_Advisory _Ahmedabad/Mumbai/Delhi

PwC

Ahmedabad, Gujarat, India (On-Site)
5 Months ago
Granicus - Senior Security Analyst

Granicus

Bengaluru, Karnataka, India (Hybrid)
7 Months ago
Netflix - Security Engineering, Security Incident Response

Netflix

Warsaw, Masovian Voivodeship, Poland (On-Site)
4 Months ago
PwC - Senior Consultant - RDC TC MSOFT

PwC

Kolkata, West Bengal, India (On-Site)
8 Months ago
PwC - Information Protection Consultant (Doorlopend)

PwC

Amsterdam, North Holland, Netherlands (On-Site)
4 Months ago
bytedance - Software Engineer, Security Operation Center

bytedance

San Jose, California, United States (On-Site)
1 Month ago
Ion - Markets Product Security Engineer - UK

Ion

London, England, United Kingdom (On-Site)
7 Months ago
PwC - Guidewire Developer

PwC

Johannesburg, Gauteng, South Africa (On-Site)
6 Months ago
FCM Travel - Team Lead, IS Security Lead- Asia

FCM Travel

Bengaluru, Karnataka, India (On-Site)
8 Months ago

Get notifed when new similar jobs are uploaded

About The Company

Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.

San Jose, California, United States (On-Site)

Tokyo, Japan (On-Site)

Taguig, Metro Manila, Philippines (On-Site)

San Jose, California, United States (On-Site)

Ho Chi Minh City, Vietnam (On-Site)

San Diego, California, United States (On-Site)

View All Jobs

Get notified when new jobs are added by bytedance

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug