Job Summary
Trip.com Group, a leading global travel service provider, is looking for an experienced Senior Security Engineer specializing in privacy and data protection compliance to strengthen our international operations. This role will play a key part in advancing our global data protection program, ensuring robust compliance with regulations across regions such as the EU, Southeast Asia, and Korea, while supporting scalable solutions for a dynamic online travel industry.
Key Responsibilities
- Develop and enhance global data protection governance frameworks, including policy development, regulatory interpretation, risk assessments, internal audits and cross-functional collaboration to support international business expansion.
- Design and implement technical and operational controls for privacy compliance, covering areas such as cross-border data transfers, cookie management, marketing practices, incident response, and data subject rights handling, etc.
- Lead compliance certification initiatives and audits for standards including ISO 27001, ISO 27701, SOC 2 Type II, and regional trustmarks (e.g., Singapore DPTM), involving gap analysis, control implementation, and ongoing monitoring.
- Conduct privacy impact assessments, internal audits, and evaluations to identify risks and drive remediation across security, confidentiality, availability, and privacy domains.
- Partner with diverse teams including product, engineering, operations, marketing, legal, and business units to integrate privacy-by-design principles and translate regulatory requirements into practical solutions.
- Monitor regulatory developments, provide advisory support on compliance matters, and contribute to reporting and documentation for cross-border data governance.
- Create and deliver engaging training programs and awareness initiatives to build a strong privacy culture across global and distributed teams.
Qualifications and Requirements
- Bachelor's degree in Information Security, Information Systems Management, Management, or a related field from a recognized university.
- At least 5 years of experience in privacy, data protection, or information security compliance roles within international internet or technology companies, preferably with OTA industry exposure.
- Proven expertise in global privacy regulations (e.g., GDPR, PDPA) and standards, with hands-on experience building compliance programs, and achieving certifications such as ISO 27001/27701, SOC 2, and regional trustmarks.
- Demonstrated experience in international expansion compliance for globally operating internet companies, including building data cross-border compliance systems, practical application of Singapore's Personal Data Protection Act (PDPA), GDPR implementation and deployment, engagement with Korea's Personal Information Protection Commission (PIPC) and Korea Internet & Security Agency (KISA) requirements.
- Professional certifications including CISA, CISSP, and CIPP/E (or equivalents).
- Demonstrated experience in IT auditing, control evaluations (e.g., based on Trust Services Criteria), and providing compliance advisory or remediation in multinational environments.
- English proficiency is required for strong communication demand for cross-regional collaboration, and Mandarin proficiency is required due to frequent business communication with stakeholders in China.
- Excellent stakeholder management and collaboration abilities in fast-paced, multicultural settings.
