Responsibilities
The Global Payment team of ByteDance provides payment solutions - including payment acquisitions, disbursements, transaction monitoring, payment method management, foreign exchange conversion, accounting, reconciliations, and so on to ensure that our users have a smooth and secure payment experience on ByteDance platforms including TikTok. - Risk Framework Development & RCSA: Lead and spearhead the establishment and maintenance of the risk and control self-assessment (RCSA) framework and processes for Global Payment operations across various regions and entities. This includes defining risk taxonomies and rating methodologies. Proactively facilitate and guide business teams in identifying inherent risks, assessing residual risks, and evaluating the design and effectiveness of controls. Build and maintain an auditable group-wide Risk Register. - Key Risk Indicator (KRI) Monitoring: Define and monitor Key Risk Indicators (KRIs) across business lines. Assist business units in identifying key risk exposures and interdependencies. Leverage risk committee and management meeting mechanisms to design effective control measures and ensure their implementation. - Issue Management & Remediation: Establish and operate a robust issue management and remediation mechanism. This includes triaging findings from internal/external audits, regulatory inspections, and self-identified issues tracking remediation progress and performing closure validation. Drive resource allocation based on risk prioritization. - New Product/Market/Significant Change Risk Assessment: Deeply engage in the planning and launch processes for new products, new market entries, or other significant business changes. Conduct risk assessments with early-stage involvement to ensure Risk by Design. Establish and maintain necessary risk assessment and approval workflows (New Product Approval / Change Governance) covering critical links such as acquiring, payment processing, wallet fund flows, and Credit/BNPL underwriting & post-lending. - Risk Governance & Reporting: Manage the collection, classification, post-mortem analysis, and root cause analysis (RCA) of operational risk incidents related to channels, funds, and entity operations. Document lessons learned. Prepare and submit reports on major incidents to regulators and senior management as required. Regularly report risk status to the Global Payment Risk Committee. - Operational Resilience & Business Continuity: Drive the enhancement of operational resilience and business continuity planning (BCP/DR) capabilities. Focus on critical business services (e.g., acquiring, payout, lending, settlement, customer service & dispute resolution) and their dependent systems/third parties. Define clear targets for incident response and operational resilience. - Multi-jurisdictional Regulatory Liaison & Compliance: Support the implementation of regulatory requirements and examination preparedness across multiple jurisdictions. Translate regulatory mandates into actionable processes and controls.
Qualifications
Minimum Qualifications: - Experience: Minimum 5 years of professional experience in Enterprise Risk Management (ERM), operational risk, internal control, or risk consulting within the Fintech, payment institution, or banking sector. - Expertise: In-depth understanding of the Three Lines of Defence model. Solid hands-on experience with core risk management practices including RCSA, KRI design, issue management, and operational resilience. Strong project and change management capabilities, with experience leading complex, cross-functional projects or programs. Proficiency in agile and internet product development project management methodologies, with the ability to develop clear project plans, manage stakeholders, drive decisions, and deliver measurable outcomes. - Communication: Proficiency in English and Chinese (Mandarin) is required to collaborate with global partners and key stakeholders based in Mandarin-speaking markets where Mandarin is a primary working language. Full professional proficiency in English, capable of drafting professional reports and conducting discussions as a working language. Exceptional cross-functional communication and influencing skills. Possesses the willingness and ability to provide effective, constructive challenge to business team, fostering collaborative risk management. Preferred Qualifications: - Prior experience in a cross-border payment or internet finance company operating in multiple countries/regions. Familiarity with key regulatory frameworks (e.g., payment services, AML/CFT, data privacy) in major international markets such as Southeast Asia, Europe, the Americas, etc. - Familiarity with mainstream GRC platforms (e.g., AuditBoard, Archer, MetricStream). Professional certifications such as FRM or CIA are preferred. - Hands-on experience in building a risk framework from scratch in a startup or fast-growing environment. - Project management professional certifications (e.g., PMP, PRINCE2, Agile-related certifications). - Proven track record in comprehensive risk management, risk governance, or internal control/compliance, specifically within payment processing, acquiring, digital wallets, or consumer finance is highly preferred. - Data Acumen: Strong data analysis skills. Proficiency in using tools like SQL, Python, or BI platforms (e.g., Tableau, Power BI) for risk data analysis is a significant advantage.
