Director, Information Security


Reporting to the VP, Global Operations, the Director, Information Security is responsible for establishing and maintaining the enterprise-wide, security management program with the purpose of protecting company and client information and technical assets. This position is responsible for identifying, evaluating and reporting on security risks, aligning security posture of the organization in a manner that supports effective protection of information assets, and managing and executing security controls in support of company compliance and regulatory requirements.  The Director, Information Security will proactively work cross-functionally to implement practices that meet defined policies and standards for information security.
The ideal candidate for this role will be a consensus builder and an integrator of people, processes, and technology in a fast-moving, growth environment. While the Director, Information Security is the leader of the security program, he or she must also be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding that security is just one of the business's activities.

ESSENTIAL DUTIES AND RESPONSIBILITIES, other duties may be assigned: 

  • Develop, implement and monitor a global strategic, comprehensive enterprise information security and risk management program to ensure that the integrity, confidentiality and availability of information that is owned, controlled or processed by the organization
  • Develop and manage third parties as needed to ensure the required capabilities are available either internally or externally
  • Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices
  • Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users
  • Work directly with the business units to facilitate security risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk
  • Provide regular reporting on the current status of the security program to management
  • Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection
  • Develop and implement an information security management framework that aligns with our business model, our risk profile, and our existing compliance initiatives and efforts
  • Provide strategic risk guidance for IT projects including the evaluation and recommendation of technical controls
  • Liaise with the SOX, Product, Development and DevOps teams to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures
  • Coordinate information security and risk management projects with team managers from across the business unit teams and IT organization
  • Work with our compliance team to ensure that security and privacy programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings
  • Define and facilitate the global information security risk assessment process including the reporting and oversight of treatment efforts to address negative findings
  • Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action
  • Coordinate the use of external resources involved in the information security program including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources
  • Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals
  • Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas
  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security


  • Bachelor’s degree in business, computer science, information technology or equivalent professional experience
  • Five or more years of combined experience in information security and risk management
  • Experience in driving change in security functions within multiple organizations
  • Five or more years of experience working with IT security guidelines and requirements outlined or as driven by SOX, ITIL, PCI-DSS, COBIT, SSAE16, etc.
  • Experience with contract and vendor negotiations
  • Experienced of ISO 27000 implementations
  • Holds at least one of the following certifications, CISA, CISM, CRISC, CGEIT, CISSP, ISO 27000 Lead Implementer/Auditor
  • Demonstrate ability to succeed within fast-paced, high-growth environments
  • Executive-level written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations
  • Must be a critical thinker with strong problem-solving skills
  • Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
  • High level of personal integrity as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity

The Trade Desk does not accept unsolicited resumes from search firm recruiters. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired; such resumes will be deemed the sole property of The Trade Desk. The Trade Desk is an equal opportunity employer. All aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.

Help build the future of digital advertising.

View Opportunities View our awards.