Third Party Risk Management Analyst

About the position

The Trade Desk is changing the way global brands and their agencies advertise to audiences around the world. How? With a media buying platform that helps brands deliver a more insightful and relevant ad experience for consumers -- and sets a new standard for global reach, accuracy, and transparency. We are proud of the culture we have built. We value the unique experiences and perspectives that each person brings to The Trade Desk, and we are committed to fostering inclusive spaces where everyone can bring their authentic selves to work every day. The Cybersecurity team at The Trade Desk strives to protect the people, process, and technology used to further our goals for the open internet. We are looking for a Third-Party Risk Management Specialist who is early in their career and maintains great interpersonal and communication skills coupled with deep security and technology expertise. Leveraging those skills, this specialist will both enable business opportunity through efficient and accurate reporting of the state of Security and Privacy in the organization and protect the organization by analyzing evidence provided by third parties to conduct thorough risk assessments.

Responsibilities

• Participate in the development, implementation, and execution of The Trade Desk's Third-Party Risk Management Program.
• Assist in the implementation of a structured and standardized approach to evaluate potential vendors and service providers.
• Coordinate the collection of necessary documentation, such as security certifications, audit reports, and compliance evidence.
• Analyze the collected information to assess the overall risk profile of third parties.
• Evaluate the security posture and GRC practices of third-party vendors and service providers.
• Collaborate with internal teams to respond to security questionnaires and provide accurate, timely responses to customer inquiries.
• Contribute to and maintain accurate inventory of information relating to the Information Security programs.
• Execute, monitor, and refine multiple processes from new customer engagements to application review and interpreting new legislation as it relates to company exposure.
• Work cross functionally, touching parts of business teams, legal, privacy, engineering, and many more.
• Assist in negotiating contracts with third parties to incorporate appropriate security clauses and requirements.
• Maintain up-to-date records of all third-party risk assessments and compliance status.
• Support incident response efforts related to third-party incidents, breaches, or security events.
• Contribute to the implementation of the new TPRM system and process automation.

Requirements

• BS degree in related field like Cybersecurity, Information Security, etc. or equivalent years of experience required.
• 2+ years of experience in Third Party Risk Management, Vendor Management, Security Audit or experience in Governance, Risk Management and Compliance (GRC).
• 2+ years of experience in Information Security/Cybersecurity.
• Certifications such as CISSP, CISA, CISM, or CRISC highly desired.
• Experience with a cybersecurity platform such as UpGuard, OneTrust, Whistic, etc.
• A track record and understanding in third-party risk management and vendor assessment processes.
• Familiarity of industry regulations and standards (e.g., GDPR, ISO 27001, NIST, SOC1/2 etc.).
• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication and interpersonal skills to collaborate effectively with various stakeholders.

Benefits

• Comprehensive healthcare (medical, dental, and vision) with premiums paid in full for employees and dependents.
• Retirement benefits such as a 401k plan and company match.
• Short and long-term disability coverage.
• Basic life insurance.
• Well-being benefits.
• Reimbursement for certain tuition expenses.
• Parental leave.
• Sick time of 1 hour per 30 hours worked.
• Vacation time for full-time employees up to 120 hours thru the first year and 160 hours thereafter.
• Around 13 paid holidays per year.
• Employees can purchase The Trade Desk stock at a discount through The Trade Desk's Employee Stock Purchase Plan.