The Trade Desk

Senior Analyst, Cybersecurity Compliance

Posted 25 August 2023
Job type Permanent

Company's Benefits

  • Flexible Working Arrangements

    Flexible Working Arrangements

  • Mentorship Program

    Mentorship Program

  • Leadership Development Program

    Leadership Development Program

  • Paid Parental Leave

    Paid Parental Leave

  • Return to Work Policy

    Return to Work Policy

  • Breastfeeding Rooms

    Breastfeeding Rooms

  • Sponsorship Program

    Sponsorship Program

  • Coaching Program

    Coaching Program

  • Raise Numbers Of Women In Leadership

    Raise Numbers Of Women In Leadership

Job Description

​The Trade Desk is a global technology company with a mission to create a better, more open internet for everyone through principled, intelligent advertising. Handling over 1 trillion queries per day, our platform operates at an unprecedented scale. We have also built something even stronger and more valuable: an award-winning culture based on trust, ownership, empathy, and collaboration. We value the unique experiences and perspectives that each person brings to The Trade Desk, and we are committed to fostering inclusive spaces where everyone can bring their authentic selves to work every day.

Do you have a passion for solving hard problems at scale? Are you eager to join a dynamic, globally-connected team where your contributions will make a meaningful difference in building a better media ecosystem? Come and see why Fortune magazine consistently ranks The Trade Desk among the best small-medium-sized workplaces globally.


We are seeking a highly skilled and knowledgeable Privacy, Security, and Compliance Senior Analyst who will be responsible for coordinating the design and implementation of the security & privacy controls required to meet TTD’s compliance obligations and implement security best-practices within the TTD China Production Environment. They will work closely with China-based Engineering staff to interpret, implement, enforce, and monitor the security & privacy controls necessary to meet and exceed the expectations of the Cybersecurity Law of the People's Republic of China (‘CSL’) through the China Multi-Level Protection Scheme 2.0 (MLPS), the Data Security Law of the People's Republic of China (‘DSL’), and the Personal Information Protection Law of the People's Republic of China (‘PIPL’). This individual will also assist with the Compliance program, which includes Sarbanes-Oxley (SOX), Service Organization Controls (SOC), and other compliance initiatives.


· MLPS Compliance: Lead the development, implementation, and maintenance of MLPS compliance programs in alignment with China's cybersecurity regulations and guidelines.

· PIPL Compliance: Stay updated with the latest developments and requirements of the PIPL and provide guidance to the organization on aligning privacy and security practices with this new legislation.

· Privacy and Security Policy Development: Collaborate with cross-functional teams to develop and update privacy, security, and compliance policies, procedures, and guidelines in accordance with MLPS and PIPL.

· Privacy Impact Assessments: Conduct privacy impact assessments (PIAs) and security assessments for new initiatives, systems, or processes to identify potential risks under MLPS and PIPL, and recommend appropriate mitigation strategies.

· Data Protection and Security: Establish and enforce data protection and security measures to ensure the secure handling, storage, and transfer of personal information in compliance with MLPS and PIPL requirements.

· Compliance Monitoring and Reporting: Develop monitoring mechanisms to assess MLPS and PIPL compliance, conduct periodic audits, and prepare reports for relevant stakeholders. Implement corrective actions as necessary.

· Employee Training and Awareness: Conduct training programs to educate employees on privacy, security, and compliance best practices, MLPS, and PIPL requirements, and organizational policies.

· Privacy and Security by Design: Collaborate with product and engineering teams to embed privacy and security principles into the design and development of products and services, considering MLPS and PIPL requirements.

· Cross-functional Collaboration: Work closely with legal, IT, security, and other teams to ensure privacy, security, and compliance considerations are integrated into business processes, technologies, and compliance frameworks specific to MLPS and PIPL.


· Bachelor's degree in information systems, computer science, or a related field. Advanced degree preferred.

· Extensive experience (5+ years) in privacy, security, and compliance roles, with a specific focus on MLPS and PIPL, preferably within multinational organizations operating in China.

· In-depth knowledge of the Multi-Level Protection Scheme (MLPS) requirements, China's cybersecurity regulations, and guidelines.

· Strong understanding of the newly enacted Personal Information Protection Law (PIPL) and its implications for privacy, security, and compliance practices.

· Proven experience in developing and implementing comprehensive privacy, security, and compliance programs, including privacy impact assessments, security assessments, and incident response plans.

· Familiarity with information security and data protection technologies, frameworks, and best practices.

· Excellent communication and interpersonal skills, with the ability to effectively collaborate with diverse stakeholders and teams.

· Strong analytical and problem-solving skills, with attention to detail and accuracy.

· Ability to work independently, manage multiple projects, and prioritize tasks

· Professional certifications in privacy and data protection (e.g., CIPP, CIPM, CIPT) are highly desirable.

· Fluency in English and Mandarin Chinese is required.