Information Security Senior Analyst

Company Overview:
If you see technology as there to smooth your path in life, our team does too: Your Path, Our Journey.

We believe in people who transform their paths through technology. Technology that connects people who are good at what they do and which practices diversity to create and share those paths that we (as yet) do not even know about. Our journey is in the smile of every talented person who brings revolution to the world from Brazil - whether with in-app transportation (99) or digital payments (99Pay).

To make life easier for millions of people every day, we are in the driving seat as part of DiDi Chuxing, the world's largest transport, and convenient platform. And so, we can say, with great pride, that we are pioneers in creating solutions, starting in Brazil, that grow in scale and have positive impacts in a range of other countries.

Whether creating projects from scratch or continually improving our solutions, we like challenges that give us butterflies, and that's why we work with intensity, at a fast pace, with respect, collaboration, and partnership. On this journey, we also create learning and strengthen ourselves in diversity as a fundamental aspect that makes us stand out for our growth day after day.

Team Overview:
The Information Security Senior Analyst will be responsible for monitoring activities related to vulnerability management and ensuring compliance with privacy regulations on a daily basis.

Role Responsibilities:

- Monitor activities for vulnerability management and ensure compliance with relevant privacy regulations.
- Monitor audits, create and monitor corrective action plans to address compliance and privacy gaps.
- Follow security incidents until closure, adhering to the incident management process.
- Advise and report on industry best practices for compliance and privacy.
- Stay up-to-date on security trends, especially those related to compliance and privacy, and report as necessary.
- Lead investigations into cyber security breaches and intrusions with a focus on compliance and privacy.
- Provide a coordinated response to complex cyber attacks, ensuring compliance with privacy regulations.
- Create reports, procedures, and playbooks for incident response activities with a strong emphasis on compliance and privacy.

Role Qualifications:

- Demonstrated experience in cloud security and Security Operations (SecOps) with a focus on compliance and privacy.
- Solid understanding of security concepts, particularly in relation to compliance and privacy requirements.
- 3+ years of combined experience in related information security fields, with specific experience in critical analysis to identify and address information security issues with compliance and privacy considerations.
- Advanced proficiency in spoken and written English, as all reports must be written in this language.
- Experience in CSIRT/DIRT practices (Computer Security Incident Response Team/ Digital Incident Response Team).
- Certifications: Security+ or/and any additional certifications related to compliance and privacy would be beneficial.
- Previous experience working in a Security Operations Center (SOC),
- Managed Security Services (MSS), or incident handling role.
- Broad knowledge of security practices and standards prevalent in the industry, with a strong emphasis on compliance and privacy.
- Ability to plan, organize, and meet deadlines while considering compliance and privacy requirements.

EEO Statement:
**You'll love working at DiDi because**
- We create customer value - We strive to always create valuable experiences for our users in everything we do. Our focus is to always innovate new experiences that are safe, pleasant, and efficient.
- We are data-driven - We are strong believers in making informed decisions, that’s why we are data-driven. We can better navigate the business landscape strategically by analyzing valuable metrics.
- We believe in Win-win Collaboration - Success is a team sport. When we work to help our partners and colleagues win, we win, too. While keeping everyone's best interest at heart, we communicate with candor and execute with excellence in all we do.
- We believe in integrity - Integrity is at the very core of our business. We are people who always want to do the right thing. Our intentions are sincere, we speak our minds and listen to each other.
- We always strive to do better. That means venturing beyond our comfort zones, learning from our mistakes, and helping each other grow.
- We believe in Diversity and Inclusion - Diversity is one of our biggest strengths. Our differences are what makes us distinct. We respect each other and believe in equal opportunities for all.

**Diversity & Inclusion**

Diversity is not a vision of the future or something we wish to have one day, it is a non-negotiable value of who we are.

We practice inclusion, plurality, and respect. And we count on the governance of the Diversity Committee, which works together with HR, lea