V-CISO

V-CISO DiDi Global Inc. is the world’s leading mobility technology platform. It offers a wide range of app-based services across markets including Asia-Pacific, Latin America and Africa, including ride hailing, taxi hailing, chauffeur, hitch and other forms of shared mobility as well as auto solutions, food delivery, intra-city freight, and financial services. DiDi provides car owners, drivers, and delivery partners with flexible work and income opportunities. It is committed to collaborating with policymakers, the taxi industry, the automobile industry and the communities to solve the world’s transportation, environmental and employment challenges through the use of AI technology and localized smart transportation innovations. DiDi strives to create better life experiences and greater social value, by building a safe, inclusive and sustainable transportation and local services ecosystem for cities of the future. Team Overview As Vice Information Security & Privacy Compliance Officer (Fintech) in our fast-paced Fintech environment, you will play a crucial role in ensuring that our company adheres to necessary information security and privacy laws and standards. Your expertise will be vital in navigating the complex landscape of financial technology, data protection, and regulatory compliance. Role Responsibilities Developing and implementing security policies: Creating, updating, and maintaining information security and privacy policies in line with regulations such as GDPR, CCPA, SOX, CNBV, and PCI-DSS. Conducting thorough security risk assessments and audits: Identifying vulnerabilities and developing risk mitigation strategies. Monitoring and reporting compliance: Monitoring compliance with security policies and legal requirements, and reporting findings to senior management and regulatory bodies. Leading incident response and management: Ensuring efficient mitigation and compliance with legal notification requirements during information security incidents. Developing and conducting training programs: Educating employees about information security, data protection laws, and best practices. Assessing and managing vendor and third-party risk: Managing information security risks from vendors and third-party service providers. Serving as a regulatory liaison: Acting as the primary contact for regulatory bodies, staying updated on new regulations, and ensuring the company's compliance strategies remain current. Implementing data privacy protection measures: Safeguarding customer and company data through strong privacy controls. Collaborating on technology compliance reviews: Working with IT to review new technologies and systems for compliance. Collaborating with stakeholders: Ensuring cohesive information security and compliance strategies across various departments. Tracking and interpreting daily regulatory policy changes: Identifying potential information security and privacy compliance risks in business processes and activities, and proposing solutions for implementation. Promoting security compliance management system construction: Overseeing risk identification, assessment, governance, and improvement, including product compliance, authority management, data security life cycle, third-party management, and auditing. Maintaining industry and research team collaboration: Coordinating resources and capabilities to continuously ensure and improve the information security and compliance level of the company's financial business in Mexico. Leading internal compliance initiatives: Spearheading specific initiatives to strengthen the organization's security and compliance capabilities, including regulatory response, qualification certification, incident response, and other related tasks. Demonstrating proactive, curious, and strong executive ability. Role Qualifications 8+ years of professional experience in information security and personal data protection, with a strong focus on privacy technology compliance assessments, regulatory alignment, and expertise in areas such as CNBV requirements, direct SPEI participant operations, outsourcing oversight, and supplier risk management. Deep understanding of Mexican fintech regulations and best practices related to data security and privacy protection in credit card, payment, loan and other fintech regulatory agencies. Regulatory industry background, Internet technology compliance, security consulting (Big Four consulting) experience is preferred. Multi-lingual, multi-cultural communication and coordination skills, can use English, Spanish as the working communication language. Familiar with ISO27001/27701, PCI-DSS, CNBV & GDPR. Proactive, curious, ownership, result-driven and strong executive ability. EEO Statement We create customer value – We strive to always create valuable experiences for our users in everything we do. Our focus is to always innovate new experiences that are safe, pleasant, and efficient. We are data-driven – We are strong believers in making informed decisions, that’s why we are data-driven. We can better navigate the business landscape strategically by analyzing valuable metrics. We believe in Win-win Collaboration – Success is a team sport. When we work to help our partners and colleagues win, we win, too. While keeping everyone's best interest at heart, we communicate with candor and execute with excellence in all we do. We believe in integrity – Integrity is at the very core of our business. We are people who always want to do the right thing. Our intentions are sincere, we speak our minds and listen to each other. We always strive to do better. That means venturing beyond our comfort zones, learning from our mistakes, and helping each other grow. We believe in Diversity and Inclusion – Diversity is one of our biggest strengths. Our differences are what makes us distinct. We respect each other and believe in equal opportunities for all. We are committed to building inclusive and diverse teams. At DiDi, we believe that our differences are our biggest source of strength. That‘s why we are committed to promoting equal opportunities to all candidates and employees as an Equal Opportunity Employer. Employment and advancement decisions at DiDi are always made based on the needs of the position and the qualifications of the candidate. We do not discriminate against any employee or applicant based on their gender, age, sexual orientation, nationality, marital status, pregnancy/maternity, disability, race, religion and beliefs, or any other status protected by applicable laws wherever we operate. We are committed to building inclusive and diverse teams, and a workplace that is free from discrimination and harassment, because that’s how we create better products and services, make better decisions and better serve the communities we’re a part of. #J-18808-Ljbffr