Senior Analyst, Technology Governance & Risk

The Trade Desk is changing the way global brands and their agencies advertise to audiences around the world. How? With a media buying platform that helps brands deliver a more insightful and relevant ad experience for consumers -- and sets a new standard for global reach, accuracy, and transparency. We are proud of the culture we have built. We value the unique experiences and perspectives that each person brings to The Trade Desk, and we are committed to fostering inclusive spaces where everyone can bring their authentic selves to work every day.

So, if you are talented, driven, creative, and eager to join a dynamic, globally-connected team, then we want to talk!

WHO WE ARE LOOKING FOR:

We are looking for a Technology Governance & Risk Senior Analyst to lead and executive our governance and risk management initiatives, with a focus on privacy risk. This role is central to our broader Technology Governance, Risk and Compliance program, encompassing global frameworks which include Sarbanes-Oxley (SOX), Service Organization Controls (SOC) and essential regional regulations such as California Consumer Privacy Act (CCPA) and Protecting Americans' Data from Foreign Adversaries Act (PADFA) for cybersecurity.

The Senior Analyst will assist with the development, improvement and maintenance of technology governance and risk processes, ensuring alignment with dynamic regulatory requirements. This involves technology controls design and implementation, drafting company-wide governance policies, managing risk assessment projects, audit management, and collaborating closely with stakeholders across Engineering, Finance, Legal, and Cybersecurity to advance regional governance initiatives.

WHAT YOU WILL BE DOING:

* Drive the execution and maintenance of the governance and risk program to ensure technology and business processes comply with global and regional cybersecurity requirements, including CCPA, PADFA, SOX, and SOC 1 and SOC 2.

* Execute the full GRC process, including leading risk assessments, issues analysis, controls monitoring, control design, control implementation, policy administration, and implementing corrective actions, with emphasis on CCPA and PADFA frameworks.

* Partner with Legal to continuously track relevant laws, regulations and industry trends (e.g., CCPA and PADFA amendments) and ensure compliance.

* Communicate complex governance and risk issues and prepare reporting to stakeholders.

* Conduct periodic internal reviews to ensure that GRC procedures are followed and discuss emerging security and privacy compliance issues with the stakeholders.

* Perform risk and scoping assessments on design specs and monitor technology areas to ensure compliance.

* Perform control testing and document test procedures, results, and remediation steps for identified issues as it relates to privacy regulatory efforts.

* Collaborate with engineering, legal and business teams to address control gaps and ensure timely remediation.

* Collaborate with teams within cybersecurity to ensure compliance with changes to the control environment and regulatory environment.

WHAT YOU BRING TO THE TABLE:

* BS or BA in relevant field (Computer Science, Information Systems, Finance, Economics, Accounting)

* Certifications such as CISSP, CISM, CISA, CIA and/or CIPP preferred

* 4+ years of experience including both public accounting and industry experience. Big 4 preferred.

* Industry experience in high-technology companies with complex technology environments.

* Hands-on experience with privacy regulation and audits.

* Experience with SOX, SOC, and ISO frameworks implementation.

* Proven ability to design and implement ITGCs and automated controls.

* Strong organizational skills and ability to work independently, make effective judgments, and summarize complex information.

* Outstanding communication, analytical, and problem-solving abilities; proven cross-functional collaboration.

* Experience with GRC platforms (e.g., Audit Board) or leveraging AI tools for GRC preferred.

* Light coding skills (e.g., Python, SQL, or APIs) to support automation preferred.

The Trade Desk does not accept unsolicited resumes from search firm recruiters. Fees…