Security Engineer

About the Company DiDi Global Inc. is the world’s leading mobility technology platform. It offers a wide range of app-based services across markets including Asia-Pacific, Latin America and Africa, including ride hailing, taxi hailing, chauffeur, hitch and other forms of shared mobility as well as auto solutions, food delivery, intra-city freight, and financial services. DiDi provides car owners, drivers, and delivery partners with flexible work and income opportunities. It is committed to collaborating with policymakers, the taxi industry, the automobile industry and the communities to solve transportation, environmental and employment challenges through AI technology and localized smart transportation innovations. DiDi strives to create better life experiences and greater social value, by building a safe, inclusive and sustainable transportation and local services ecosystem for cities of the future. For more information, please visit: Team / Role We are seeking a skilled and motivated Security Engineer to join our team. The ideal candidate will be responsible for ensuring infosec and privacy compliance in financial business, the security and integrity of our Infosec related systems, managing security issues, and implementing controls. The role involves working closely with various departments to enhance security protocols and ensure compliance with industry standards and regulations. In this role, you\'ll be Support CISO and relevant business leaders of the company to meet the information security and compliance requirements and ultimately ensure the achievement of business goals. Developing and implementing security policies: Creating, updating, and maintaining information security and privacy policies in line with regulations such as GDPR, CCPA, SOX, CNBV, and PCI-DSS. Conducting thorough security risk assessments and audits: Identifying vulnerabilities and developing risk mitigation strategies. Monitoring and reporting compliance: Monitoring compliance with security policies and legal requirements, and reporting findings to senior management and regulatory bodies. Executing incident response and management: Ensuring efficient mitigation and compliance with legal notification requirements during information security incidents. Developing and conducting training programs: Educating employees about information security, data protection laws, and best practices. Assessing and managing vendor and third-party risk: Managing information security risks from vendors and third-party service providers. Implementing data privacy protection measures: Safeguarding customer and company data through strong privacy controls. Collaborating on technology compliance reviews: Working with IT to review new technologies and systems for compliance. Collaborating with stakeholders: Ensuring cohesive information security and compliance strategies across various departments. Tracking and interpreting daily regulatory policy changes: Identifying potential information security and privacy compliance risks in business processes and activities, and proposing solutions for implementation. Promoting security compliance management system construction: Overseeing risk identification, assessment, governance, and improvement, including product compliance, authority management, data security life cycle, third-party management, and auditing. Maintaining industry and research team collaboration: Coordinating resources and capabilities to continuously ensure and improve the information security and compliance level of the company\'s financial business in Mexico. Executing internal compliance initiatives: Spearheading specific initiatives to strengthen the organization\'s security and compliance capabilities, including regulatory response, qualification certification, incident response, and other related tasks. Demonstrating proactive, curious, and strong executive ability. Qualifications / What we’re looking for 2+ years of professional experience in information security and personal data protection, with a strong focus on privacy technology compliance assessments, regulatory alignment, and expertise in areas such as CNBV requirements, direct SPEI participant operations, outsourcing oversight, and supplier risk management. Understanding of Mexican fintech regulations and best practices related to data security and privacy protection in credit card, payment, loan and other fintech regulatory agencies. Internet technology compliance, security consulting (Big Four consulting) experience is preferred. Multi-lingual, multi-cultural communication and coordination skills, can use English, Spanish as the working communication language. Familiar with ISO27001/27701, PCI-DSS, CNBV & GDPR. Proactive, curious, ownership, result-driven. Why you\'ll love working at DiDi We create user value: We focus on delivering valuable experiences that are safe, pleasant and efficient. We are data-driven: We make informed decisions by analyzing valuable metrics. Win-win Collaboration: We work to help partners and colleagues succeed while acting with candor and excellence. We believe in integrity: We strive to do the right thing and speak our minds respectfully. Growth: We continuously improve and help each other grow. Diversity and Inclusion: We value differences and provide equal opportunities for all. We are committed to building inclusive and diverse teams: Equal Opportunity Employer. Seniority level: Entry level Employment type: Full-time Job function: Information Technology Industries: Software Development Note: This description reflects the role and responsibilities as described in the original posting and is intended for formatting improvements. It does not introduce new facts or alter the job scope. #J-18808-Ljbffr