Technology Internal Audit Lead

Team Introduction:

Internal Audit is a global function responsible for providing independent assurance and evaluating the companys risk management, governance and internal control processes to determine if they are designed and operating effectively. The Internal Audit team plans and executes audit projects according to our risk-based audit plan by evaluating financial, compliance, operational, and IT processes and controls. We work with business functions in addressing risks and improving the control environment through timely and comprehensive audit work and tracking of remediation actions until completion.

In-Office Work Model:

We are back to the office full-time.

Position Summary:

We are looking for an experienced technology audit lead that will contribute to the ongoing development of the Global Technology Audit function and to ByteDances efforts to enhance its risk management capabilities in support of the companys business objectives. The individual will be part of the Global Technology Audit team and utilize innovative assurance methods to impact and influence positive business outcomes across products and processes, such as Ads Monetization, TikTok, and TikTok Shop.

Responsibilities:

• Audit Delivery: Lead planning and execution of technology and integrated audits supporting our key businesses, such as Ads Monetization and TikTok Shop, AI powered content moderation, product security, and other emerging technologies. Evaluate application security, efficacy of machine learning models, and assess information security risk management in the companys internally built systems and models.

• Advanced Data Analytics: Leverage data analytics to detect risk signals and unearth insights. Apply AI technologies/Machine Learning (ML) to develop innovative AI-based audit solutions and perform audit testing. Communicate issues and recommendations to senior management. Collaborate with risk owners to ensure risk mitigation plans are developed and completed, tracking and reporting on the progress of the remediation plans on a regular basis.

• Technology Risk Assessment: Assist in analysis and identification of emerging technology risks for TikTok. Develop and maintain subject matter expertise in one or more technology domains. Ability to grasp complex, home grown technology stack, comfortable speaking with engineers and product teams.

• Stakeholder Relationships: Develop and maintain collaborative working relationships with management, understand the business to provide value-added services, and establish credibility as a management consultant and internal controls resource. Partner with engineering and product teams to advise on design and implementation of technology solutions.

• Professional Development: Continually expand knowledge of the audit profession, industry, and company products through self-study, research, and continuing education efforts. Develop innovative methodologies for auditing new technologies and services.

• Quality Assurance: Ensure the overall quality and consistency of audit work, adhering to department and professional standards. Continuously seek opportunities for audit process improvement.

Minimum Qualifications:

• 5+ years of relevant experience in Technology Audit, Product Security, Security Engineering or Security Compliance within the technology sector (Social Media, Content Management, FinTech etc.), and/or consulting.
• Proven ability to work in a fast-paced environment with a product centric culture.
• Strong understanding of security fundamentals across various cyber domains: IAM, applied cryptography, key management systems, data security, application security, web security, security protocols, API Design, threat intelligence, network security, hardware security, vulnerability management, etc.
• Background and experience in one or more software or data engineering domains: large scale distributed or parallel systems, microservice architecture, data pipeline, query engines and developing large software systems.
• Experience in implementing or evaluating technology and automation in a DevOps environment.
• Knowledge of logging technologies, system monitoring, and security event management.
• Proven analytical ability to assess complex technology environments against risk assessment outcomes, industry best practices, internal standards and external regulatory requirements.
• Excellent problem solving, critical thinking, collaboration and communication skills combined with the ability to provide a credible technical challenge to the business.
• Language Skills: Conversational Mandarin is required for this role. This is essential due to collaborating with global partners, including teams based in Mandarin-speaking countries. These interactions include participating in meetings/corresponding in chats that are conducted in Chinese, as well as reviewing systems and documents that are written in Chinese.

Preferred Qualifications:

• Solid background and experience working with one or more of the following areas:
• Major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java)
• Source code and DevOps management tools (e.g., Github, Bitbucket)
• Common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25)
• SaaS and IaaS cloud platforms (e.g., AWS, Google Cloud Platform)
• Database technologies (e.g., SQL, Oracle, SQL Server, MongoDB, Couchbase, Elasticsearch)
• Professional certifications such as CISSP, CISM, GIAC, CCNA, CISA, CRISC, or CIA
• Experience in the digital advertising and/or E‑commerce domain
• Experience working in a global organization and managing projects across different time zones
• Passion for emerging technologies, products and standards