The Trade Desk is changing the way global brands and their agencies advertise to audiences around the world. How? With a media buying platform that helps brands deliver a more insightful and relevant ad experience for consumers –– and sets a new standard for global reach, accuracy, and transparency. We are proud of the culture we have built. We value the unique experiences and perspectives that each person brings to The Trade Desk, and we are committed to fostering inclusive spaces where everyone can bring their authentic selves to work every day.

So, if you are talented, driven, creative, and eager to join a dynamic, globally connected team, then we want to talk!

What we do:

This position reports to Senior Manager, Enterprise Risk Management (“ERM”) and has an opportunity to work with cross-functional leadership at The Trade Desk. ERM Manager will play an instrumental role in maturing the company’s ERM program.

ERM Manager will assist with executing the company’s risk management program performing a range of activities such as conducting risk assessments, validating processes and controls, quantifying risk exposure, developing risk mitigation plans, and reporting on key risk metrics and mitigation status. ERM Manager will also help with maintaining the ERM framework including risk taxonomy, risk assessment criteria, risk repository, ERM policy and procedures, as well as the GRC platform. ERM Manager is also expected to work on special risk management projects, based on leadership asks and emerging risks. As the ERM function is in the growth stage, this role is expected to drive multiple risk projects while also contributing to maturing the program and driving cross-functional collaboration.

The ideal candidate will have in-depth knowledge and experience in the areas of risk management with proven success stories in a highly complex technology environment. We are looking for someone who is result-oriented and has a broader set of risk management skills and experiences such as risk assessments, risk mitigation & monitoring, process improvements and risk assurance while operating successfully in a multi-disciplinary and multi-stakeholder environment. Other success factors for this role include amazing project management and negotiation skills, humility and empathy, willingness to learn the company’s business and risk posture, being comfortable with change, and cross-functional collaboration and relationship building. ERM Manager is an individual contributor role that collaborates with other stakeholders across the company and consistently drives risk mitigation projects forward. There may be opportunities to oversee a team of risk analysts in the future as the team grows.

What you’ll do:

Risk Management:

• Identify risks across the company’s operations covering various types of risks, including developing a risk library through interviews, and surveys of key stakeholders complemented by research of industry trends, emerging risks, and regulatory and industry-level developments.
• Assess those risks and classify them by risk priority using the company’s risk assessment criteria and other considerations.
• Assist with developing risk mitigation plans for prioritized risks and collaborate with stakeholders to validate and implement those, as well as maintain and enhance the plans over time. Perform periodic reassessments and validation of risk mitigation to determine whether the plans are operating as designed.
• Develop innovative approaches to guide resource allocation and quantification of risks, including the impact of a risk on the business, what it takes to mitigate it, and the resultant reduction in risk exposure.
• Perform bespoke risk assessments of various new and emerging risk areas for the organization, including asks from the leadership (special projects).
• Perform data analytics to deliver risk insights using transactional data such as past and current incident management cases.
• Perform risk assurance procedures that validate mitigation activities and progress.

Risk Framework:

• Assist with enhancing and maturing the company’s risk management program, including risk management policies, procedures, and methodologies.
• Collaborate across cybersecurity, compliance, privacy, trust & safety, legal, global security & resilience, and other functions to present a consolidated and coordinated picture on major risks and themes to senior leaders.
• Apply risk management principles and lessons to assist the company in developing risk management capability in areas such as Information Security, Third-Party Risk Management, Crisis & Incident Management, and current and emerging regulatory requirements.
• Assist with knowledge sharing across the company to establish and mature risk management practices and awareness.

Risk Reporting & Communication:

• Draft reports based on results of risk assessments tailored to the relevant audience.
• Assist with building accountability and awareness for risk mitigation among risk owners and other stakeholders through a common understanding of risks, their impact on various departments and the company’s business, and alignment of risk mitigation to business objectives.
• Own risk reporting and documentation processes within the Risk Management module of the company’s GRC platform. Maintain the features and enhance reporting processes using resources from the software provider and industry best practices in program management.

Who you are: 

• BS or BA in relevant fields (Audit, Risk, Compliance, Computer Science, Information Systems, Finance, Economics, Accounting, Engineering). Certifications such as CPA, CISSP, CISM, CISA, or CIA, are preferred.
• 5+ years of experience including both public accounting or consulting and industry experience. Industry experience with high technology companies – specifically a company that has a complex, custom IT infrastructure is highly preferred. Internal Audit or risk assurance experience is a plus.
• Deep technical skills and operational capabilities, including an understanding of leading risk frameworks and leading practices such as COSO ERM, ISO 31000, NIST CISF, etc.
• Strong project management skills, self-starter with the ability to work independently and see tasks/projects through to completion, to meet deadlines, and to escalate issues, if needed. Ability to juggle multiple high priorities in a fast-paced environment and have a willingness to learn.
• Outstanding communication skills, including written and verbal communication, interpersonal, analytical, negotiation, and problem-solving skills. Ability to make effective and independent judgments, including the ability to develop creative solutions to difficult problems.
• Ability to summarize complex and/or technical information into easy-to-understand takeaways (distinguishing outcomes from process and analysis) and proven results in data analytics, process improvement and change management.
• The ideal candidate will be a confident and effective communicator who has experience interacting with stakeholders and executive leadership. Stylistically, the candidate must be high-energy, curious, humble, and willing to “roll up their sleeves”.
• Willing to travel periodically to TTD headquarters and other offices, for the team and company events.
• Ready to uphold the highest levels of integrity as a baseline. You should have the willingness and ability to lead in a hyper-growth environment, with all the complexity that the environment brings. 

The Trade Desk does not accept unsolicited resumes from search firm recruiters. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired; such resumes will be deemed the sole property of The Trade Desk. The Trade Desk is an equal opportunity employer. All aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.