Information Security

Company Overview: DiDi Global Inc. is the world’s leading mobility technology platform. It offers a wide range of app-based services across markets including Asia-Pacific, Latin America and Africa, including ride hailing, taxi hailing, chauffeur, hitch and other forms of shared mobility as well as auto solutions, food delivery, intra-city freight, and financial services. DiDi provides car owners, drivers, and delivery partners with flexible work and income opportunities. It is committed to collaborating with policymakers, the taxi industry, the automobile industry and the communities to solve the world’s transportation, environmental and employment challenges through the use of AI technology and localized smart transportation innovations. DiDi strives to create better life experiences and greater social value, by building a safe, inclusive and sustainable transportation and local services ecosystem for cities of the future. Team Overview: As **Information Security & Privacy Compliance Officer (Fintech)** in our fast-paced Fintech environment, you will play a crucial role in ensuring that our company adheres to necessary information security and privacy laws and standards. Your expertise will be vital in navigating the complex landscape of financial technology, data protection, and regulatory compliance. Role Responsibilities: **Develop and Implement Security Policies**: Create, update, and maintain information security and privacy policies in line with regulations such as GDPR, CCPA, SOX, CNBV and PCI-DSS.**Risk Assessment and Management**: Conduct thorough security risk assessments and audits, identifying vulnerabilities and developing risk mitigation strategies.**Compliance Monitoring and Reporting**: Monitor compliance with security policies and legal requirements, and report findings to senior management and regulatory bodies.**Incident Response and Management**: Lead information security incident responses, ensuring efficient mitigation and compliance with legal notification requirements.**Training and Awareness Programs**: Develop and conduct training programs to educate employees about information security, data protection laws, and best practices.**Vendor and Third-Party Risk Management**: Assess and manage information security risks from vendors and third-party service providers.**Regulatory Liaison**: Serve as the primary contact for regulatory bodies, stay updated on new regulations, and ensure the company's compliance strategies remain current.**Data Privacy Protection**: Implement strong privacy controls to safeguard customer and company data.**Technology Compliance Review**: Collaborate with IT to review new technologies and systems for compliance.**Stakeholder Collaboration**: Work with various departments to ensure cohesive information security and compliance strategies.**Daily Regulatory Policy Tracking and Interpretation**: Track and interpret relevant regulatory policies and environmental changes daily. Identify potential information security and privacy compliance risks in business processes and activities, and propose solutions for implementation.**Security Compliance Management System Construction**: Promote the building, operation, and improvement of the security compliance management system. Oversee risk identification, assessment, governance, and improvement, including product compliance, authority management, data security life cycle, third-party management, and auditing.**Industry and Research Team Collaboration**: Maintain communication and collaboration with industry and research teams and business units. Coordinate resources and capabilities to continuously ensure and improve the information security and compliance level of the company's financial business in Mexico.**Lead Internal Compliance Initiatives**: Spearhead specific internal compliance initiatives to strengthen the organization's security and compliance capabilities, including regulatory response, qualification certification, incident response, and other related tasks. - Proactive, curious and strong executive ability. Role Qualifications: - At least 3 years working experience in information security and personal data protection, especially in privacy technology compliance assessment, regulatory alignment, outsourcing and supplier risk management. - Deep understanding of Mexican fintech regulations and best practices related to data security and privacy protection in credit card, payment, loan and other fintech regulatory agencies. Regulatory industry background, Internet technology compliance, security consulting (" Big Four "consulting) experience is preferred. - Multi-lingual, multi-cultural communication and coordination skills, can use English, Spanish as the working communication language. - Familiar with ISO27001/27701, PCI-DSS, CNBV &. GDPR. - Proactive, curious and strong executive ability. EEO Statement: - We create customer value - We strive to always create valuable experiences for our users in