Senior Analyst, Technology Governance & Risk

The Trade Desk is changing the way global brands and their agencies advertise to audiences around the world. How? With a media buying platform that helps brands deliver a more insightful and relevant ad experience for consumers –– and sets a new standard for global reach, accuracy, and transparency. We are proud of the culture we have built. We value the unique experiences and perspectives that each person brings to The Trade Desk, and we are committed to fostering inclusive spaces where everyone can bring their authentic selves to work every day.

So, if you are talented, driven, creative, and eager to join a dynamic, globally-connected team, then we want to talk!

WHO WE ARE LOOKING FOR:

We are looking for a Technology Governance & Risk Senior Analyst, based in Shanghai, to lead and execute our governance and risk management initiatives, with a critical focus on mainland China.

This role is central to our Technology Governance, Risk, and Compliance program, encompassing global frameworks which include Sarbanes-Oxley (SOX), Service Organization Controls (SOC) and essential regional regulations such as China's Personal Information Protection Law (PIPL) and Multi-Level Protection Scheme (MLPS) for cybersecurity.

The Senior Analyst will assist with the development, improvement and maintenance of technology governance and risk processes, ensuring alignment with dynamic regulatory requirements with a critical focus in China. This involves technology controls design and implementation, drafting company-wide governance policies, managing risk assessment projects, audit management, and collaborating closely with stakeholders across Engineering, Finance, Legal, and Cybersecurity to advance regional governance initiatives.

 

WHAT YOU WILL BE DOING:

• Drive the execution and maintenance of the APAC governance and risk program to ensure technology and business processes comply with global and regional requirements, including PIPL, MLPS, SOX, SOC 1 and 2.
• Execute the full GRC process, including leading risk assessments, issues analysis, controls monitoring, control design, control implementation, policy administration, and implementing corrective actions, with emphasis on China's PIPL and MLPS frameworks.
• Partner with Legal to continuously track relevant APAC laws, regulations and industry trends (e.g., PIPL or MLPS amendments) and ensure compliance.
• Communicate complex governance and risk issues and prepare reporting to stakeholders.
• Conduct periodic internal reviews to ensure that GRC procedures are followed and discuss emerging security and privacy compliance issues with the stakeholders.
• Perform control testing and document test procedures, results, and remediation steps for identified issues.
• Collaborate with engineering, legal and business teams to address control gaps and ensure timely remediation.
• Facilitate external audits and ensure timely completion, supporting walkthroughs and evidence collection for China-based regulatory audits.

 

WHAT YOU BRING TO THE TABLE:

• BS or BA in a relevant field (Computer Science, Information Systems, Finance, Accounting).
• 4+ years of experience in governance, risk, and compliance, including public accounting (Big 4 preferred) and industry roles.
• Industry experience in high-technology companies with complex technology environments.
• Hands-on experience with China's Personal Information Protection Law (PIPL) and Multi-Level Protection Scheme (MLPS) compliance and assessment.
• Experience with SOX, SOC, and ISO frameworks.
• Proven ability to design and implement ITGCs and automated controls.
• Familiarity with privacy regulations (e.g., GDPR, CCPA).
• Strong organizational skills and ability to work independently, make effective judgments, and summarize complex information.
• Outstanding communication, analytical, and problem-solving abilities; proven cross-functional collaboration.
• Bilingual proficiency in English and Mandarin required for effective China-based interactions.
• Preferred: Certifications such as CISSP, CISM, CISA, CIA, or CRISC.
• Preferred: Background in AdTech compliance or similar tech sectors.
• Preferred: Experience with GRC platforms (e.g., AuditBoard) or leveraging AI tools for GRC.
• Preferred: Light coding skills (e.g., Python, SQL, or APIs) to support automation.

 

The Trade Desk does not accept unsolicited resumes from search firm recruiters. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired; such resumes will be deemed the sole property of The Trade Desk. The Trade Desk is an equal opportunity employer. All aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.