Job Description

WHO WE ARE LOOKING FOR:  We are looking for a Technology Governance & Risk Senior Analyst, based in Shanghai, to lead and execute our governance and risk management initiatives, with a critical focus on mainland China.    This role is central to our Technology Governance, Risk, and Compliance program, encompassing global frameworks which include Sarbanes-Oxley (SOX), Service Organization Controls (SOC) and essential regional regulations such as China's Personal Information Protection Law (PIPL) and Multi-Level Protection Scheme (MLPS) for cybersecurity.    The Senior Analyst will assist with the development, improvement and maintenance of technology governance and risk processes, ensuring alignment with dynamic regulatory requirements with a critical focus in China. This involves technology controls design and implementation, drafting company-wide governance policies, managing risk assessment projects, audit management, and collaborating closely with stakeholders across Engineering, Finance, Legal, and Cybersecurity to advance regional governance initiatives.    WHAT YOU WILL BE DOING:  <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Drive the execution and maintenance of the APAC governance and risk program to ensure technology and business processes comply with global and regional requirements, including PIPL, MLPS, SOX, SOC 1 and 2. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Execute the full GRC process, including leading risk assessments, issues analysis, controls monitoring, control design, control implementation, policy administration, and implementing corrective actions, with emphasis on China's PIPL and MLPS frameworks. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Partner with Legal to continuously track relevant APAC laws, regulations and industry trends (e.g., PIPL or MLPS amendments) and ensure compliance.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="1">Communicate complex governance and risk issues and prepare reporting to stakeholders. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="5" data-aria-level="1">Conduct periodic internal reviews to ensure that GRC procedures are followed and discuss emerging security and privacy compliance issues with the stakeholders. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="6" data-aria-level="1">Perform control testing and document test procedures, results, and remediation steps for identified issues. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="7" data-aria-level="1">Collaborate with engineering, legal and business teams to address control gaps and ensure timely remediation. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="8" data-aria-level="1">Facilitate external audits and ensure timely completion, supporting walkthroughs and evidence collection for China-based regulatory audits. </li> </ul>   WHAT YOU BRING TO THE TABLE:  <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">BS or BA in a relevant field (Computer Science, Information Systems, Finance, Accounting). </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">4+ years of experience in governance, risk, and compliance, including public accounting (Big 4 preferred) and industry roles. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Industry experience in high-technology companies with complex technology environments.  </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="1">Hands-on experience with China's Personal Information Protection Law (PIPL) and Multi-Level Protection Scheme (MLPS) compliance and assessment. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="5" data-aria-level="1">Experience with SOX, SOC, and ISO frameworks. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="6" data-aria-level="1">Proven ability to design and implement ITGCs and automated controls. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="7" data-aria-level="1">Familiarity with privacy regulations (e.g., GDPR, CCPA). </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="8" data-aria-level="1">Strong organizational skills and ability to work independently, make effective judgments, and summarize complex information. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="9" data-aria-level="1">Outstanding communication, analytical, and problem-solving abilities; proven cross-functional collaboration. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="10" data-aria-level="1">Bilingual proficiency in English and Mandarin required for effective China-based interactions. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="11" data-aria-level="1">Preferred: Certifications such as CISSP, CISM, CISA, CIPP, CIA, or CRISC. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="12" data-aria-level="1">Preferred: Background in AdTech compliance or similar tech sectors. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="13" data-aria-level="1">Preferred: Experience with GRC platforms (e.g., AuditBoard) or leveraging AI tools for GRC. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="14" data-aria-level="1">Preferred: Light coding skills (e.g., Python, SQL, or APIs) to support automation. </li> </ul>  <div class="content-conclusion"> As an Equal Opportunity Employer, The Trade Desk is committed to creating an inclusive hiring experience where everyone has the opportunity to thrive. Please reach out to us at <a href="mailto:accommodations@thetradedesk.com" target="_blank">accommodations@thetradedesk.com</a> to request an accommodation or discuss any accessibility needs you may require to access our Company Website or navigate any part of the hiring process.  When you contact us, please include your preferred contact details and specify the nature of your accommodation request or questions. Any information you share will be handled confidentially and will not impact our hiring decisions. </div>