InfoSec & Incident Response Counsel - USDS
TikTok.com
Office
Los Angeles, California, United States
Full Time
Team Intro:
The TikTok USDS Legal & Compliance team oversees legal, regulatory, and data protection matters for TikTok’s U.S. Data Security operations. We work cross-functionally with technical and business stakeholders to tackle complex issues at the intersection of law, cybersecurity, and national security.
We are seeking a counsel to lead our legal response to information security incidents and support broader security compliance initiatives. This attorney will work closely with our Product, Privacy, Security, and Public Policy teams to strengthen incident response readiness, ensure regulatory compliance, and safeguard user trust.
In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.
Responsibilities:
- Serve as the lead attorney for information security incidents impacting USDS, coordinating legal response efforts across internal stakeholders and external partners.
- Counsel internal teams through the full incident lifecycle—detection, investigation, containment, remediation, and post-incident review—with a focus on legal risk mitigation and regulatory exposure.
- Oversee legal strategy for incident-related communications, including drafting and reviewing breach notifications to regulators and affected users.
- Develop and maintain USDS-specific incident response playbooks and escalation pathways in collaboration with Security, Risk, and Executive teams.
- Support and lead legal input for incident simulations, tabletop exercises, and after-action reviews.
- Advise on privilege considerations and lead efforts to preserve and document incident-related evidence.
- Monitor and interpret evolving U.S. and global cybersecurity regulations to inform compliance strategy and incident response protocols.
- Partner with Product Legal, Security, and Procurement to identify and mitigate security risks in contracts, vendor engagements, and product design.
- Deliver training to cross-functional teams on legal obligations and best practices related to incident response, regulatory reporting, and privilege.
- Support integration of incident data and trends into broader compliance and risk management processes, including third-party risk, audits, and internal controls.
The TikTok USDS Legal & Compliance team oversees legal, regulatory, and data protection matters for TikTok’s U.S. Data Security operations. We work cross-functionally with technical and business stakeholders to tackle complex issues at the intersection of law, cybersecurity, and national security.
We are seeking a counsel to lead our legal response to information security incidents and support broader security compliance initiatives. This attorney will work closely with our Product, Privacy, Security, and Public Policy teams to strengthen incident response readiness, ensure regulatory compliance, and safeguard user trust.
In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time.
Responsibilities:
- Serve as the lead attorney for information security incidents impacting USDS, coordinating legal response efforts across internal stakeholders and external partners.
- Counsel internal teams through the full incident lifecycle—detection, investigation, containment, remediation, and post-incident review—with a focus on legal risk mitigation and regulatory exposure.
- Oversee legal strategy for incident-related communications, including drafting and reviewing breach notifications to regulators and affected users.
- Develop and maintain USDS-specific incident response playbooks and escalation pathways in collaboration with Security, Risk, and Executive teams.
- Support and lead legal input for incident simulations, tabletop exercises, and after-action reviews.
- Advise on privilege considerations and lead efforts to preserve and document incident-related evidence.
- Monitor and interpret evolving U.S. and global cybersecurity regulations to inform compliance strategy and incident response protocols.
- Partner with Product Legal, Security, and Procurement to identify and mitigate security risks in contracts, vendor engagements, and product design.
- Deliver training to cross-functional teams on legal obligations and best practices related to incident response, regulatory reporting, and privilege.
- Support integration of incident data and trends into broader compliance and risk management processes, including third-party risk, audits, and internal controls.
InfoSec & Incident Response Counsel - USDS
Office
Los Angeles, California, United States
Full Time
September 27, 2025