Third Party Risk Management Analyst

The Trade Desk is changing the way global brands and their agencies advertise to audiences around the world. How? With a media buying platform that helps brands deliver a more insightful and relevant ad experience for consumers –– and sets a new standard for global reach, accuracy, and transparency. We are proud of the culture we have built. We value the unique experiences and perspectives that each person brings to The Trade Desk, and we are committed to fostering inclusive spaces where everyone can bring their authentic selves to work every day.

So, if you are talented, driven, creative, and eager to join a dynamic, globally-connected team, then we want to talk!

Who we are:

The Cybersecurity team at The Trade Desk strives to protect the people, process, and technology used to further our goals for the open internet. We are looking for a Third-Party Risk Management Specialist who is early in their career and can leverage interpersonal and communication skills in concert with deep security and technology expertise to enable business opportunity through efficient and accurate reporting of the state of Security and Privacy in the organization.

What you will do at The Trade Desk:

• You will be an active participant in the development, implementation, and execution of The Trade Desk's Third-Party Risk Management Program.
• Collaborate with internal teams to respond to security questionnaires and provide accurate, timely responses to customer inquiries.
• Contribute to and maintain accurate inventory of information relating to the Information Security programs.
• Execute, monitor, and refine multiple processes from new customer engagements to application review and interpreting new legislation as it relates to company exposure.
• Work cross functionally, touching parts of business teams, legal, privacy, engineering, and many more.
• Assist implementation of a structured and standardized approach to evaluate potential vendors and service providers.
• Coordinate the collection of necessary documentation, such as security certifications, audit reports, and compliance evidence.
• Analyze the collected information to assess the overall risk profile of third parties.
• Evaluate the security posture and GRC practices of third-party vendors and service providers.
• Assist in negotiating contracts with third parties to incorporate appropriate security clauses and requirements.
• Maintain up-to-date records of all third-party risk assessments and compliance status.
• Support incident response efforts related to third-party incidents, breaches, or security events.
• Contribute to the rollout and implementation of the new TPRM system and process automation.

Who you are:

• 1-2+ years of experience in Third Party Risk Management, Vendor Management, or experience in Governance, Risk Management and Compliance (GRC)
• 1-2+ years of experience in Information Security/Cybersecurity, or Network/System Administration.
• A track record in third-party risk management and vendor assessment processes.
• Familiarity of industry regulations and standards (e.g., GDPR, ISO 27001, NIST, SOC1/2 etc.).
• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication and interpersonal skills to collaborate effectively with various stakeholders.
• Certifications such as CISSP, CISA, CISM, or CRISC.

We do not expect all applicants will have skills that match a job description exactly. We strongly encourage applicants with alternative experiences to also apply

#LI-TP1

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

The Trade Desk does not accept unsolicited resumes from search firm recruiters. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired; such resumes will be deemed the sole property of The Trade Desk. The Trade Desk is an equal opportunity employer. All aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.