Risk Detection & Strategy Lead, Insider Threat

About the Company Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content. Why Join Us Creation is the core of ByteDance's purpose. Our products are built to help imaginations thrive. This is doubly true of the teams that make our innovations possible. Together, we inspire creativity and enrich life - a mission we aim towards achieving every day. To us, every challenge, no matter how ambiguous, is an opportunity; to learn, to innovate, and to grow as one team. Status quo? Never. Courage? Always. At ByteDance, we create together and grow together. That's how we drive impact - for ourselves, our company, and the users we serve. Join us. About the Team The Internal Threat Management team is responsible for managing and mitigating information security risks posed within the organisation. To ensure that the company's risk management and governance strategies are up to date and aligned across the organisation, this team is responsible for regular industry benchmarking and working with stakeholders from cross-functional teams to perform regular risk assessments and align risk mitigation strategies. This team is also responsible for managing the optimization, operation, training, and data analysis of the internal threat platform and UEBA (User and Entity Behavior Analytics) and DLP (Data Loss Prevention) platforms within the company. Responsibilities 1. Internal Threat Risk Detection & DLP Rule Development: - Collaborate with cross-functional teams, including security operations, IT, HR, legal, and business units, to gather requirements for detecting and mitigating internal threats. - Develop, implement, and fine-tune DLP rules and policies, aligned with risk appetite, regulatory compliance requirements and industry best practices, focused on preventing insider threats, including data exfiltration, unauthorized access, and policy violations. - Work with business teams to identify critical assets, sensitive data, and potential risk areas in workflows, systems, and applications. 2. Monitoring & Identifying Internal Threats: - Use security monitoring tools (e.g., SIEM, UEBA, EDR) to detect suspicious activity and potential insider threats such as unauthorized access, privilege abuse, data leakage, and policy violations. - Analyze user behavior patterns and identify anomalous activities that may indicate insider threats, including both malicious and negligent behaviors. 3. Risk Assessment & Prioritization: - Assess the identified risks from internal threat detection tools and prioritize them based on business impact, severity, and organizational risk appetite. - Perform regular risk assessments to ensure DLP rules and internal monitoring mechanisms remain aligned with evolving organizational risks, security posture, and compliance requirements. 4. DLP Rule Maintenance, Tuning, and Enhancement: - Continuously monitor and evaluate the effectiveness of existing DLP policies and rules to minimize false positives and enhance detection accuracy. - Adjust DLP policies and monitoring rules based on new threat intelligence, evolving internal threat tactics, and changes in business requirements. - Stay updated with the latest trends in insider threats, industry best practices, and regulatory changes to ensure that DLP rules and internal monitoring strategies evolve accordingly. 5. Collaboration & Stakeholder Communication: - Work closely with internal teams (e.g., HR, Security) to ensure that insider threat detection efforts are aligned with organizational policies, employee rights, and legal requirements. - Engage with business stakeholders to understand their concerns, gather insights, and provide risk-related recommendations regarding insider threats. 6. Reporting, Documentation & Continuous Improvement: - Document internal threat detection methodologies, DLP policies, and investigation findings to maintain a clear record of risk management activities and responses. - Provide regular reports on DLP rule performance, internal threat trends, and the effectiveness of risk mitigation strategies to senior management and key stakeholders. - Contribute to the creation and improvement of internal threat management playbooks, response plans, and risk mitigation strategies to ensure organizational resilience.

Minimum Qualifications - Bachelor's degree or above, with a preference for majors in Information Security, Computer Science, Information Technology, privacy, risk or a related field. Professional certifications such as CISSP, CISM, CRISC, or CGEIT are highly desirable. - Minimum of 5 years of work experience, with at least 3 years of team management experience and a preference for experience in risk management and insider threat program - Strong experience in data analysis and the ability to extract insights from complex risk data to identify patterns and trends within large datasets, designing hypothetical threat scenarios and testing them against observable data trends. - Solid understanding of insider threat risks, including data exfiltration, privilege abuse, policy violations, and insider fraud. - Proficiency in incident response processes and working knowledge of security operations procedures. - Excellent communication skills, with the ability to articulate technical concepts to both technical and non-technical stakeholders. - Proven ability to manage and prioritize multiple projects and tasks. Preferred Qualifications - Familiarity with regulatory requirements related to data protection and internal threat management (e.g., GDPR, CCPA, HIPAA). - Experience with designing, implementation and operation of commercial or in-house UBA/UEBA solutions (e.g., Splunk, Exabeam) are highly desirable - Experience with threat modeling methodologies (e.g., STRIDE, PASTA) to analyze and assess security threats within software applications, systems, and networks. ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.